Next-Generation Firewall

Next-Generation Firewall



You need to keep your enterprise secure, but you want to do it on your terms. We get that. You’re in control. But control shouldn’t mean limitations. You can put WatchGuard’s powerful Next-Generation Firewall at the edge of your network and grow over time by adding exactly the security functions you need, when you need them. And however you choose to deploy, you get true line-speed security inspection on all traffic and multi-gigabit packet filtering throughput, for serious security that doesn’t slow you down.

No matter how you architect your NGFW system, we let you visualize and isolate any threat, anywhere, from one intuitive console. WatchGuard's award-winning Dimension visibility tool is standard on every WatchGuard NGFW appliance.

WatchGuard’s powerful Fireware® operating system is the fastest, most reliable, most agile platform in the industry. It’s designed to run full versions of the leading security engines in every category, so we make sure you’re always at the top of the food chain. And with built-in headroom, you can scale up whenever you need to. You get all the performance, all the protection – all on your terms.

Welcome to the top of the network security food chain.

  • The best secure throughput in its class
  • The best real-time visibility tools
  • Broader application control than any other next-gen firewall (over 1,800 applications

    Security Modules

    Packet Filtering

    WatchGuard gives you everything you expect from a firewall, and more. Multi-gigabit packet filtering and transparent proxies mean true, line-speed security inspection on all traffic. You also get Virtual Private Networking (VPN) with the strongest encryption to secure connections from†branch offices and mobile users.

    We always sweat the small stuff.
    • Tie security policies to specific users and groups with directory integration
    • Stop traffic from dangerous sources with cloud-based reputation services
    • Get real-time and historical visibility into what’s happening in your network at every level
    • Unique drag-and-drop virtual private networking (VPN)


    Intrusion Prevention Service (IPS)

    Don’t let malicious activity run amok in your network. WatchGuard’s Intrusion Prevention Service (IPS) lets you Shut. Intrusions. Down.

    Never leave your network exposed.
    • IPS works hand-in-hand with application-layer content inspection to monitor network traffic and system activities
    • Continually updated signatures give you real-time protection from spyware, SQL injections, cross-site scripting, and buffer overflows
    • You get full granular control to block network, application, and protocol-based attacks

    Application Control

    There’s control – and then there’s strangle-hold. You can’t afford to let malicious or inappropriate applications through your defenses, but you don’t want to ding productivity with app controls that are too strict or wide-ranging. WatchGuard gives you highly granular control by category, application, or application sub-function to keep your network flowing and your environment safe.

    It’s okay. Let all that power go to your head.
    • Control over 1,800 web and business applications by category, application, or application sub-function
    • Granular control over important social networking and instant messaging applications and their functions
    • Ability to select, manage, and report on application usage by user, group, and time of day





    Step Up Your Game: Additional UTM Protection is Worth Every Penny


    Data Loss Prevention (DLP)

    Sure, mistakes happen, but that doesn’t mean you should leave your company’s crown jewels at risk. WatchGuard’s optional DLP service prevents accidental or malicious data breaches by scanning text and common file types to detect sensitive information. Even if all else fails, you can still prevent data exfiltration.

    We’ve got your back, no matter what.
    • Easily create and update corporate data policies with a predefined library of over 200 rules for 18 countries
    • Establish rules for personally identifiable information, financial and healthcare data, and more
    • Parse data from more than 30 file types including Excel, Word, Visio, PowerPoint, and PDFs


    APT Blocker

    Advanced. Persistent. Threats. Even the name is scary. But stopping them doesn’t have to be. We make it easy to take down the meanest malware and the sneakiest zero-day threats. Our APT Blocker gives you all the power, without the fear of complex implementation rules – and it’s all at a fraction of the price you’d expect.

    All the power. No fear.
    • Optional service works in conjunction with our signature-based antivirus to detect and block advanced malware and zero-day attacks
    • Easy point-and-click configuration even against sophisticated polymorphic threats
    • Instant, single-pane-of-glass visibility into real-time attacks

    LiveSecurity® Service

    Hackers never sleep. Neither does our support team. Your WatchGuard appliance includes a 90-day subscription to our ground-breaking LiveSecurity Service, and you can choose the ongoing service program that meets your needs.

    It’s like having your very own ninja warrior on call.
    • Choose one of four customizable LiveSecurity programs to best fit your needs, budget, and renewal schedule
    • Full access to hardware replacement, software updates, security alerts, and a slew of technical resources and tools
    • Remote installation services available (purchased separately)



    Security Appliances


    WatchGuard XTM 5 Series

    For midsize businesses


    WatchGuard XTM 8 Series

    For midsize to large businesses




    WatchGuard Firebox M200 & M300

    Small to midsize businesses


    WatchGuard Firebox M400 & M500

    For Mid-size business and distributed enterprise

    WatchGuard Firebox M440

    For midsize businesses

    WatchGuard XTM 800 Series

    For midsize to large businesses





    WatchGuard XTM 1500 Series

    For enterprise headquarters and datacenters



    WatchGuard XTM 2520

    For enterprise headquarters and datacenters