WatchGuard Security Appliance Keeps Close Watch on Network Activity

WatchGuard Security Appliance Keeps Close Watch on Network Activity
M500 Dashboard Lets IT Staff Keep an Eye on Network Activity
M500 Supports Centralized Management of Large Networks
The Appliance Provides Protection Against Port Probes, ICMP Attacks
FireWatch Displays Graphical View of Network Activity
FireWatch Drills Down Into Traffic Details
Network Interfaces Dialog Simplifies Device Setup
Defining Policies for How the Network Handles Applications
An Intuitive Interface Enables Policy Definition
M500 Can Detect Threats Hidden in Encrypted HTTPS Traffic
Polices Are Compiled Into a List for Easy Management
M500 Also Enforces Content Filtering
M500 Employs Subscription Model to Implement Security Features
The Appliance Provides an Overview of System Activity
1 of 14

WatchGuard Security Appliance Keeps Close Watch on Network Activity

By Frank Ohlhorst

2 of 14

M500 Dashboard Lets IT Staff Keep an Eye on Network Activity

The M500 offers an intuitive browser-based dashboard that makes it easy to ascertain what is occurring throughout the network. A quick glance demonstrates top application activity, top destinations, top client activity and policies being executed. What's more, administrators can quickly drill down into other informative areas to troubleshoot traffic or better understand traffic patterns.

3 of 14

M500 Supports Centralized Management of Large Networks

The M500 is a member of the WatchGuard family of products that are managed via a centralized system. Each M500 has integrated controls that allow it to become part of a larger, centralized management structure, offering support for administrators looking to unify the control of several devices at various locations, such as branch offices and remote sites.

4 of 14

The Appliance Provides Protection Against Port Probes, ICMP Attacks

Out of the box, the M500 offers the ability to quickly take on some security roles. The device provides the capability to define or modify default packet handling rules, so that once deployed it can immediately offer protection against the most common forms of attack, such as port probes, ICMP attacks and so forth.

5 of 14

FireWatch Displays Graphical View of Network Activity

The M500's OS offers some very powerful observational capabilities. For example, the FireWatch Application view screen gives a graphical representation of what is occurring on the network and uses sized boxes to illustrate activity.

6 of 14

FireWatch Drills Down Into Traffic Details

The observational prowess of the M500 is further evidenced by the device's ability to drill down into traffic details from the FireWatch Destination tab, which shows what sites are being visited and by whom.

7 of 14

Network Interfaces Dialog Simplifies Device Setup

The Network Interfaces dialog makes it simple to set up what mode the device should operate in and how each of the ports on the device is defined. This allows the unit to be deployed on one of several modes, making it easy to implement in a number of network infrastructures.

8 of 14

Defining Policies for How the Network Handles Applications

One of the most powerful aspects of the M500 is the ability to define detailed policies for how applications are dealt with. The device comes with thousands of predefined applications and allows administrators to add more. Administrators can then define policies for how a user can interact with a particular application, helping to secure the traffic around that application and to block unauthorized applications with ease.

9 of 14

An Intuitive Interface Enables Policy Definition

Policy definition proved quite straightforward by using an intuitive interface that separates policy elements via tabs. From one screen, administrators can drill down into policy-based controls for applications, traffic, proxies and even scheduling when a policy is active. Other critical elements, such as intrusion prevention and logging, can be enabled with just a simple click.

10 of 14

M500 Can Detect Threats Hidden in Encrypted HTTPS Traffic

One of the M500's key features is the ability to deal with SSL traffic from HTTPS-based connections. The device can decode encrypted HTTPS traffic and detect any threats hidden within. An HTTPS-proxy defined policy makes that possible and offers varying levels of scanning, as well as certificate verification. Administrators can easily define what actions should be taken with encrypted traffic to fine-tune both performance and throughput based upon need.

11 of 14

Polices Are Compiled Into a List for Easy Management

All defined policies are gathered into a list, making it simple to enable, disable, modify or even clone policies. The list supports drill-down, preventing the need to open any other management sessions to delve deeper into individual policy controls.

12 of 14

M500 Also Enforces Content Filtering

The content filtering system employed by the M500 uses common definitions to ease policy definition. Administrators have the power to pick and choose content categories as well as define what happens when a particular category is accessed.

13 of 14

M500 Employs Subscription Model to Implement Security Features

The M500 uses a subscription model to enable security features. The subscription services screen offers quick insight on what services are enabled and the usage of each subscription, making it a little easier to demonstrate the value offered by the services provided by the device.

14 of 14

The Appliance Provides an Overview of System Activity

The M500 includes real-time capabilities that offer an interactive view of what is occurring on the device. The traffic management screen shows active traffic, loads and connections (source and destination). Administrators can drill down, filter or sort traffic reporting via a variety of methods, making forensics chores a little easier to deal with.

Top White Papers and Webcasts