WatchGuard has traditionally focused on the firewall, UTM and SSL-VPN markets but its latest XCS (extensible content security) appliances signal a move into web and email content security territory. This comes about as a direct result of its acquisition of Borderware Technologies last year and the end result is a family of six new appliances.

The XCS-770 on review targets mid-sized business and this 1U low-profile rack server has enough grunt to handle up to 4,000 users. It offers three Gigabit interfaces and can be deployed behind an existing firewall, in parallel with it or in a DMZ.

The appliance also supports a transparent mode but we found this is largely redundant. Choosing this mode requires two of the ports to be designated as inbound and outbound but in this mode it can’t filter email traffic making it rather pointless.

We opted to deploy the XCS-770 behind the lab’s firewall and configured our test clients to use it as their proxy. On first contact with its web interface you run a quick start wizard which asks how aggressive you want the Intercept scanning services to be. Intercept gathers all the anti-spam technologies under one roof and offers three settings of aggressive, standard and lenient.

For anti-spam you have a range of features including spam word dictionaries, DNS RBLs, message content analysis, block lists and WatchGuard’s ReputationAuthority component. The latter uses behavioural analysis to determine whether inbound web and mail traffic can be trusted. It checks on the reliability of mail senders and uses information from WatchGuard’s installed base of XCS appliances to check their reputation.

WatchGuard’s policies allow strict security measures to be applied as along with global settings and the default policy, you can apply custom policies to domains, groups and users. These are applied in strict order of priority so a user policy would take precedence over a domain policy.

If you had anti-virus scanning enabled for the domain but disabled for a user then the latter would override the domain policy. However, if scanning was undefined in the user policy then the one above would determine its settings.

The policy creation page presents four main headings for anti-spam and anti-virus, content control, email and web traffic. URL filtering comes under the HTTP heading and offers 54 categories to block, allow or leave undefined.

Anti-virus and anti-spyware measures are handled efficiently by Kaspersky which allows you log, reject or quarantine suspect email or web downloads and send notifications to administrators and users. A valuable feature is HTTPS scanning is included as standard and you can allow or deny this traffic at any policy level.

For the best anti-spam performance, the appliance likes to learn about what is acceptable. We used the quickest method by importing a live Outlook inbox from the web interface.

Author: Dave Mitchell

Read more from IT PRO: WatchGuard XCS-770 review