Watchguard X550e

Philio26 used Ask the Experts™
I am looking at buying a Watchguard X550e firewall in the next few days as it seams like the best value 1U firewall available.

I have a question which I am hoping someone can answer for me:

Will the basic model (part number WG50550) be all I require?
Do I need any additional licenses, for firewall software, management software, do I need LiveSecurity etc?

I want to make a 1 off purchase and not have to worry about any furture changes.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
That model number will give you these features:

Firewall Throughput  300+ Mbps
VPN Throughput  35 Mbps
AV Throughput  50 Mbps
Interfaces 10/100 4
Serial Port 1
Security Zones (incl.) 4
Concurrent Sessions 25,000
Nodes Supported (LAN IPs) Unlimited
Branch Office VPN Tunnels (incl./max.) 35/45
Mobile VPN Tunnels - IPSec (incl./max.) 25/75
Mobile VPN Tunnels - SSL (incl./max.) 1/75
Local User Authentication DB Limit 250

LiveSecurity is for maintenance and support. Without it you won't be able to download firmware upgrades or receive support from WatchGuard. I would recommend purchasing that and renewing it annually.

Firebox X 550e comes with a single-node WSM license. To create drag-and-drop tunnels or to centrally manage multiple Firebox X Edge appliances from an X550e, optional WSM upgrade licenses are required.

Attached is a PDF showing the different features and capabilities.


Thanks for your reply, I guess it is fairly essential to have the LiveSecurity then and also looks like it's probably best value to buy the device with 1 year included and renew as needed.

I will accept your answer as solution, just have 1 quick question that perhaps you may know the answer - information I have read suggests firewall can only be managed from trusted interfaces, is it possible to configure to manage from public/untrusted interface via specific static IPs only and/or VPN as well?
You can manage it from trusted/optional by default. If you connect via VPN, you're internal to the network and will be able to manage it. You can modify the WG-Firebox-Mgmt policy to allow WSM connections on the external interface, but it's typically discouraged. If you intend on allowing VPN connections, that's going to be the safest way to manage it short of being on the LAN.
The UTM bundle is also a good value if you want to employ gateway anti-virus, intrusion prevention and spamblocker at the firewall level instead of relying on servers behind the firewall to do that function.


Thanks very much, been very helpful indeed, I am sure this firewall will do the job we need it for, much better value for money than the alternatives too.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial