United States
 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 Network Security Education Center 
|
Frequently Asked Questions
|
| X5000 | X5500e | X6000 | X6500e | X8000 | X8500e | X8500e-F | |
|---|---|---|---|---|---|---|---|
| FW Performance (Mbps) | 400 | 2000 | 700 | 2000 | 1000 | 2000 | 2000 |
| VPN Performance (Mbps) | 200 | 400 | 300 | 600 | 400 | 600 | 600 |
| Ports
10/100 |
10 0 |
0 8 |
9 1 |
0 8 |
7 3 |
0 8 |
0 8 |
Appliance Software
Q: What appliance software is shipped on each Firebox X Peak model?
A: All Firebox X Peak models ship with Fireware Pro advanced appliance software.
Q: Are there any fees for the Fireware Pro advanced security and networking features?
A: No. All Fireware Pro advanced networking features such as dynamic routing, high availability, server load balancing, and QoS are included in the base purchase of Firebox X Peak appliances. There are additional subscription-based security service subscriptions that can be purchased, including Gateway AntiVirus/Intrusion Prevention Service with anti-spyware, spamBlocker with quarantine, and WebBlocker.
Q: What software is used to manage a Firebox X Peak appliance?
A: Firebox X Peak appliances are managed by WatchGuard System Manager (WSM).
Q: What's new in Fireware 10?
A: Fireware Pro 10 brings an all-new quarantine capability for spamBlocker, major anti-virus enhancements, and best-ever usability! With 10, a Firebox X Peak offers functionality usually found only in dedicated, best-of-breed solutions. Specific new and enhanced features include:
Single Sign-on – Single sign-on allows users transparent Firebox authentication upon Active-Directory login. This saves time and training of end-users by streamlining Firebox authentication, providing strong security and a seamless web surfing experience when used with Webblocker.
VOIP and Video Conferencing Support –Fireware 10 introduces a new SIP and H.323 application support, allowing VOIP and videoconferencing solutions to work seamlessly with the Firebox Peak.
Expanded Webblocker Categories – Webblocker categories have been expanded to 54, for more granular control of web surfing.
Webblocker for HTTPS – HTTPS is now no longer a way for end-users to bypass Webblocker for counterproductive surfing! Webblocker will now apply its surfing rules to HTTPS sites.
Integrated SSL VPN – SSL VPN’s provide ease-of-use, security and universal access. FireWare 10 intruces SSL VPN as an additional method of securing remote connections for mobile users.
Virus OutBreak Detection - For SpamBlocker users, Virus Outbreak Detection has been added to block potentially malicious attachments in real-time, preventing costly outages and eliminating the need for intensive malware clean-up. Not only does SpamBlocker keep spam out, it keeps email born malicious attachements out as well, for more complete email security and uptime.
Appliance Hardware
Q: What are the hardware differences between the older Firebox X5000, X6000, X8000 and the newer Firebox X5500e, X6500e, X8500e, and X8550e-F models?
A: The newer Firebox X Peak models use a faster processor and have four times the L2 cache and twice the DRAM of the older X Peak models.
Additionally, the newer Firebox X Peak models are compliant with new environmental regulations in EU countries that specify a reduction of hazardous substances (RoHS regulations) used in manufacturing, and new EU regulations that specify manufacturing designs which promote ease of recycling (WEEE regulations).
Q: Are the Firebox X Peak e-Series models (X5500e, X6500e, X8500e, X8500e-F) compliant with RoHS and WEEE regulations?
A: Yes, these models are fully compliant with EU RoHS and WEEE regulations. Older Firebox X Peak models (X5000, X6000, and X8000) are not compliant with these EU regulations.
Q: What are the processor and memory configurations of the Firebox X Peak models?
A: The table below shows the processor and memory configurations of the Firebox X Peak models:
| X5000, X6000, X8000 | X5500e, X6500e, X8500e, X8500e-F | |
|---|---|---|
| Processor | 2.8 GHZ Pentium | 2.0 GHz Pentium M |
| L2 Cache | 512 Kb | 2 Mb |
| DRAM | 512 Kb | 1 Gb |
| Flash | 128 Mb | 128 Mb |
Q: What are the physical hardware interface configurations on the Firebox X Peak models?
A: The interface configurations for the Firebox X Peak models are shown in the following table:
| X5000 | X6000 | X8000 | X5500e, X6500e, X8500e | X8500e-F | |
|---|---|---|---|---|---|
| 10/100 | 10 | 9 | 7 | 0 | 0 |
| 10/100/1000 | 0 | 1 | 3 | 8 | 4 |
| 10/100/1000 SFP GBIC fiber | 0 | 0 | 0 | 0 | 4 |
All interfaces are enabled. No port upgrade is ever needed.
Q: How many Trusted, External, and Optional ports are supported on each Firebox X Peak model?
A: The port independence feature of the Fireware Pro appliance software means that ports are not fixed as a particular type of interface. Any port can be used as External, Optional, or Trusted, and users can configure the ports in any combination of External, Optional, and Trusted. Up to four ports may be configured as External.
Q: Is it possible to upgrade X5000, X6000, or X8000 hardware to the new X5500e, X6500e, or X8500e hardware?
A: No. The hardware platforms are different. It is not possible to upgrade hardware to the newer X5500e, X6500e, or X8500e hardware. If you want to upgrade to the new hardware platform you'll need to take advantage of the WatchGuard trade-in program.
Q: Which Firebox X Peak models support built-in fiber optic interfaces?
A: Only the Firebox X8500e-F model directly supports fiber optic interfaces. Other models can support fiber optic connections through the use of an external, fiber-to-copper media converter. Three media converters have been tested and qualified as compatible with the Firebox X Peak:
- Allied Telesyn AT-MC 1004
- Transition Networks SGETF1013-105
- D-Link DMC 700SC
The fiber-to-copper media converters are available off-the-shelf through other suppliers. WatchGuard does not offer these media converters directly.
Firebox X8500e-F
Q: What fiber optic interfaces are supported on the Firebox X8500e-F model?
A: The Firebox X8500e-F model has four interface slots that support standard Small Form Factor Pluggable (SFP) GBIC interface modules, using 1000base-SX transceivers.
Q: What SFP GBIC modules are included with the Firebox X8500e-F model?
A: The Firebox X8550e-F includes four SPF GBIC interface ports, and comes equipped with four 1000base-SX 850nm SFP GBIC modules with LC-duplex connectors supporting MMF fiber. The supplied SFP GBIC module is Agilent HFBR-5710L/LP Small Form Factor Pluggable Optical Transceiver for Gigabit Ethernet (1.25 GBd).
Q: What distances are supported by the Agilent HFBR-5710L/LP SFP GBIC?
A: Depending on the fiber cable type used, the supported distance is 275 - 550 meters. Fiber compatibility is as follows:
- 2 to 550 meters with 50/125 nm fiber
- 2 to 275 meters with 62.5/125 nm fiber
Q: Are 1000base-LX (long range) GBIC modules supported?
A: No. Only 1000base-SX modules are supported by the Firebox X8500-F. 1000Base-LX uses long wavelength laser over multimode and single-mode fiber, as opposed to 1000Base-SX, which uses short wavelength laser over multimode fiber.
Q: Are the GBIC modules hot-pluggable?
A: Yes.
Q: What are the hardware differences between the Firebox X8500e-F model and the Firebox X8500e model?
A: The only hardware difference is that X8500e-F model has 4 fiber optic physical interfaces and 4 RJ-45 10/100/1000 ports. The X8500e model has 8 RJ45 10/100/1000 physical interfaces.
Q: Is it possible to upgrade X5500e, X6500e, or X8500e hardware to the X8500e-F model which has fiber optic interfaces?
A: No. Because of the physical hardware differences it is not possible to model upgrade to the X8500e-F model.
Management Software: WatchGuard® System Manager
Q: What is WatchGuard System Manager?
A: WatchGuard System Manager (WSM) is the software used to manage one or more Firebox appliances. It is available to all Firebox X Peak and Core™ customers for download on the WatchGuard web site. WSM provides a unified management experience that simplifies network administration for the IT expert, while providing indispensable ease of use for novice network administrators, with a variety of features that common web-based interfaces cannot match! WSM includes:
- Simple Setup and Configuration
Smart, out-of-the-box defaults make installation easy. Peak e-Series appliances ship with browser-based Quick Setup Wizard to further streamline the initial installation experience - Interactive Real-Time Monitoring
WSM provides instant visibility into current network, security, and user events, and interactive components allow the user to take direct diagnostic or preventive action on a running Firebox - Policy Manager
Easily configure and manage policies with a powerful, icon-based interface. Offline configuration gives maximum flexibility to save changes instantly, or you can take time to craft the configuration over multiple work sessions without disrupting Firebox activity - Drag-and-drop VPN Tunnel Creation
Fast, easy, and virtually foolproof, our drag-and-drop VPN creation in WSM 9.0 is more powerful than ever before. Build highly secure Branch Office VPN tunnels among Firebox appliances with a simple drag-and-drop action - Log Viewer
View color-coded Firebox log entries that are easy to read and understand - HostWatch™
Provides a live, graphical display of real-time connections to and through the Firebox, with interactive components to allow instant diagnostic or preventive actions - Historical Reports
Offers rich reporting with graphical presentation of security, network, and user activity data
Q: Which versions of WSM can be used to manage a Firebox X Peak e-Series or previously released Peak appliance?
A: In order to manage a Firebox X Peak e-Series or legacy Peak appliances, use WSM 8.3 or higher. (10 recommended) In addition to managing Firebox X Peak appliances, WSM 10 can manage previous Firebox X Core appliances, and centrally update appliance software and configurations for Firebox X Edge appliances, as well.
Q: Which version of WSM ships with the new Firebox X Peak e-Series models?
A: The Firebox X Peak e-Series (X5500e, X6500e, and X8500e) ships without a software CD. To manage a Peak e-Series, it is necessary to download WSM 10. For instructions, see the Firebox X Peak e-Series Quick Start Guide that comes with your purchase.
Q: What's new in WatchGuard System Manager 10?
A: WSM 10 includes a number of enhancements over previous WSM versions:
Improved Reporting – Fireware 10 includes new SQL-based reports with improved performance and scalability.
Realtime Bandwidth Monitoring by Service – With Firebox System Manager, you can now get realtime bandwidth data by service. Giving a clearer picture of what appliations are consuming valuable network bandwidth.
Expanded Quarantine Support – With Fireware 10 and GAV/IPS. email identified as potentially infected can be quarantined for later administrator review. Email users won’t lose mission critical attachments that may be infected. This new quarantine allows safe cleaning of potentially infected files.
As always, WSM provides unparalleled ease of use with features such as interactive real-time monitoring; secure, flexible logging and reporting; drag-and-drop Branch Office VPN tunnel creation; and smart, out of the box defaults.
Q: Where can I get more information on WatchGuard System Manager?
A: Where can I get more information on WatchGuard System Manager? For more information on WSM, visit the WatchGuard Web site at www.watchguard.com/products/wsm.asp.
Security Service Subscriptions
Q: What security service subscriptions are available for the Firebox X Peak?
A: The following security service subscriptions are available for all Firebox X Peak models.
- Gateway AntiVirus/Intrusion Prevention Service (Gateway AV/IPS)
- spamBlocker with virus outbreak detection
- WebBlocker
Q: Are WatchGuard security service subscriptions purchased separately from the appliance?
A: Yes. Firebox X Peak security service subscriptions are purchased separately. For cost savings, WatchGuard offers "bundles" that include all of the available security service subscriptions – with or without the appliance.
Q: If I own a Firebox X Peak appliance, can I get a free trial of these security service subscriptions?
A: Yes, users can initiate trials of these subscription services on a new or existing Firebox X Peak
When activating a new Firebox X Peak, users will be guided through the free trial activation process. Users with a Peak appliance already activated can go into "Product Details" in the Managed Products section of the LiveSecurity Service site.
A 90-day initial subscription to LiveSecurity Service also comes with every Firebox X Peak purchase.
Q: How do I purchase security service subscriptions?
A: All security services are fully integrated with the intelligent layered security architecture of the Firebox X Peak. You simply purchase a subscription to a service from your reseller, and then use a downloadable license key to turn on the service on your Firebox.
Q: Where do I find out more about security service subscriptions for the Firebox X Peak?
A: FAQs and product overviews are available on the WatchGuard Web site at www.watchguard.com/products/security_services.asp.
Upgrades
Q: What is the upgrade path for the Firebox X Peak line?
A: Most Firebox X Peak appliances can be easily upgraded to a higher model in the line with the purchase of a downloadable license key. The following table outlines the options.
| Model | License Key Upgradeable to |
|---|---|
| X5000 | X6000, X8000 |
| X6000 | X8000 |
| X8000 | N/A |
| X5500e (e-Series) | X6500e, X8500e (e-Series) |
| X6500e (e-Series) | X8500e (e-Series) |
| X8500e (e-Series) | N/A |
| X8500e-F (e-Series) | N/A |
Q: Is it possible to upgrade from a previously released Firebox X Peak model to a new Peak e-Series model using a license key?
A: No. Previously released Firebox X Peak and Peak e-Series appliances are two different machines. WatchGuard has a Trade-Up program for Firebox X Peak customers who wish to move up to the performance and capacity of the Firebox X Peak e-Series. Details are available at www.watchguard.com/products/trade.asp.
Q: Is it possible to use a license key to upgrade from Firebox X Core to Firebox X Peak?
A: No. Firebox X Core and Peak appliances are two different machines. WatchGuard has a Trade-Up program for Firebox X Core customers who wish to move up to the performance and capacity of the Firebox X Peak. Details are available at www.watchguard.com/products/trade.asp.
Q: Can the processor or memory on the device be upgraded?
A: Yes, the processor and memory are upgradeable. However, WatchGuard does not recommend users upgrade hardware. Opening the case of a Firebox X Peak will void the hardware warranty of the appliance.
Physical Environment
Q: Is the Firebox X Peak rack-mountable?
A: Yes. The Firebox X Peak appliance comes with a 19" rack mount kit.
Q: Does the power supply support 110/220 volts?
A: Yes. Firebox X Peak contains an auto-sensing power supply that will run on either 100 or 240 volts.
Q: What is the power consumption on a Firebox X Peak?
A: United States: 80 Watts; Rest of World: 1146 Cal/min, 273 BTU/hr.
