Competitive Analysis August 2001 WatchGuard SOHO - Product Overview WatchGuard Technologies extended its product offerings to the fast-growing broadband market through the acquisition of BeadleNet, LLC, in 1999. WatchGuard introduced its SOHO product line 3 months after the completion of the acquisition, based on the hardware architecture and feature set of the BeadleNet SOHO appliance. The WatchGuard SOHO provides stateful packet inspection firewalling, Network Address Translation, and WatchGuard s LiveSecurity subscription of security alerts and software updates. The $449 WatchGuard SOHO protects 10 network users, but scales to support 25 or 50 users through the purchase of additional license upgrades. The $599 WatchGuard SOHO tc protects 10 network users, but also bundles IPSec VPN encryption software. The WatchGuard SOHO is an affordable network appliance that performs basic firewalling and IP address sharing functions, but it does not offer the range of enterprise features or reporting and monitoring tools included in the more expensive WatchGuard Firebox series. SonicWALL Advantages Over WatchGuard Performance - The SonicWALL SOHO2 provides superior performance, delivering up to 75Mbps firewall, 5Mbps DES, and 2Mbps 3DES encryption throughput. 1 The WatchGuard SOHO only supports 5Mbps firewall, 2Mbps DES, and 1.3Mbps 3DES encryption speed. ICSA Certified Firewall The SonicWALL SOHO2 is certified by ICSA laboratories, the world-wide authority on Internet security. The SonicWALL SOHO2 prevents Denial of Service attacks and generates alerts when attacks occur. In addition, the SOHO2 provides application-level filtering to optionally block ActiveX, java, cookies, VBS scripts, and fraudulent certificates. The WatchGuard SOHO is not ICSA certified. Free Upgrades and Support SonicWALL guarantees free firmware upgrades for the life of their products, free standard technical support, and affordable premium support programs. WatchGuard distributes updates though the LiveSecurity System, which costs $95 per year after the first year. Complete Range of Integrated Security Services The SonicWALL SOHO2 supports a complete suite of security upgrades and services that integrates seamlessly with its standard firewalling and VPN functions. The SOHO2 offers Web content filtering, anti-virus protection, digital certificatebased authentication, and vulnerability assessment. Network-enforced anti-virus, digital certificate/pki, and security scanning are not available with the WatchGuard SOHO. Superior VPN Capabilities The SonicWALL SOHO2 supports up to 10 concurrent VPN tunnels through an optional VPN upgrade. The SonicWALL TELE2 includes VPN encryption standard and supports up to 5 VPN tunnels. Both the SonicWALL SOHO2 and TELE2 offer advanced VPN features such as a GroupVPN tunnel for simple VPN Client deployment, NetBIOS broadcast pass through, VPN-NAT, VPN Rules, and a Hub-and-Spoke VPN architecture. In contrast, the WatchGuard SOHO only supports a single VPN tunnel and does not offer advanced VPN features. VPN Client Support For secure remote management and remote access, SonicWALL offers affordable and easy-to-deploy VPN Client software. SonicWALL s VPN Client software allows business travelers and mobile users to access remote network resources from any location. The WatchGuard SOHO does not support VPN client connections. 1 The SonicWALL TELE2 is identical to the SOHO2 in terms of features, security, and performance, but the TELE2 includes VPN encryption and supports 5 network users.
WatchGuard SOHO WatchGuard Technologies SOHO product line, consisting of the WatchGuard SOHO and the WatchGuard SOHO tc, extends WatchGuard s footprint to the small office/home office market. The WatchGuard SOHO uses an embedded, real-time OS and incorporates a feature set and architecture inherited through the purchase of BeadleNet, LLC, in 1999. Firewall Security The WatchGuard SOHO provides Network Address Translation, IP address management through a built-in DHCP server, and port redirection for public servers. However, the WatchGuard SOHO is not an ICSA-certified firewall and it does not recognize common DoS attacks. Syslog messages generated by the WatchGuard SOHO are not written in the standard, industry-accepted syslog format, so the WatchGuard SOHO logging functionality is not compatible with most commercial reporting products. Management and Support The WatchGuard SOHO is configured through a simple Web user interface. Management may be performed from the local network or remotely, from the Internet, via clear-text communications to the Web user interface. Encrypted remote management is available through the $995 WatchGuard VPN Manager. WatchGuard Technologies also offers centralized management and monitoring of WatchGuard appliances through the $83,000 WatchGuard for MSS suite. For technical support and software updates, the WatchGuard SOHO includes a 1-Year LiveSecurity System subscription that provides emailed security alerts with notifications of new software availability. Additional LiveSecurity System subscriptions may be purchased for $95 per year. IPSec VPN VPN encryption is offered as an optional $449 upgrade for the WatchGuard SOHO and included standard with the WatchGuard SOHO tc. With the VPN upgrade, the WatchGuard SOHO and SOHO tc support a single VPN tunnel to a central site and cannot interoperate with the WatchGuard VPN client. The WatchGuard SOHO also does not include advanced VPN features, like VPN-NAT, VPN Rules, or a VPN Hub and Spoke architecture. Key Features: Affordable Price Ease of Use Optional VPN Optional Web Blocking Emailed Alerts and Updates Limitations: Slow Performance No ICSA Certification No Application-Level Filtering No Transparent/Standard Mode Limited Configuration Options Non-Customizable Web Blocking Maximum of One VPN Tunnel VPN Client Software Not Available No Logging of DoS Attacks Technical Specifications for the WatchGuard SOHO Series VX Works operating system on a specialized hardware platform (4) 10 Mbps LAN Ethernet interfaces and (1) 10 Mbps WAN interface 66 MHz Toshiba TMRP3907 Processor 4MB SDRAM, 1MB Flash memory 6.5" x 1.0" x 6.1" Plastic Enclosure The WatchGuard SOHO prices and upgrades are displayed in the following table. WatchGuard SOHO Series US List Price WatchGuard SOHO $449 WatchGuard SOHO tc $599 VPN Option for the WatchGuard SOHO $449 SOHO/SOHO tc 1-Year LiveSecurity Subscription Renewal $95
SonicWALL Advantages Over WatchGuard SonicWALL SOHO WatchGuard SOHO Performance The SonicWALL SOHO2 provides superior firewall and VPN performance, supporting 75Mbps firewall and 5Mbps DES VPN throughput. The WatchGuard SOHO includes 10Mbps Ethernet interfaces and support 5Mbps firewall and 2Mbps DES throughput. Firmware Updates SonicWALL provides free firmware updates for the lifetime of their products. Updates include new features and defenses against the latest attacks. The WatchGuard SOHO includes a 1-Year subscription of software updates. After the first year, additional LiveSecurity subscriptions may be purchased for $95 per year. ICSA Firewall Certification All SonicWALL Internet security appliances are certified by ICSA laboratories, a world-wide authority on Internet security. The SonicWALL SOHO2 provides applicationlevel filtering and prevents Denial of Service Attacks. The WatchGuard SOHO is not ICSA certified and it does not provide application-level filtering nor generate alerts when attacks occur. Common User Interface and Feature Set All SonicWALL Internet Security Appliances share a common architecture and user interface. The common user interface shared by the entire product family simplifies deployment of large numbers of SonicWALLs in large, distributed enterprises. The WatchGuard Firebox series are Linux-based, while the SOHO products use a completely different, proprietary architecture. Because of the disparate feature sets, WatchGuard administrators must understand and configure separate policies for the Firebox and the SOHO. Superior VPN Capabilities The SonicWALL SOHO2 offers simple, scalable VPN deployment. SonicWALL s unique GroupVPN tunnel aids VPN client deployment. The SOHO2 also offers advanced VPN features such as VPN-NAT, VPN Rules, and support for a Hub-and-Spoke architecture. The WatchGuard SOHO only supports a single VPN tunnel to a central site and cannot interoperate with WatchGuard s VPN client software. The WatchGuard SOHO also does not include advanced VPN features. Web Content Filtering SonicWALL offers an annual Content Filter List subscription to block objectionable Web content. With the Content Filter List subscription, SonicWALL administrators may override SonicWALL s content filter list to block or allow specific Web sites, as necessary. Anti-Virus Protection SonicWALL offers policy-enforced protection against viruses through the optional Network Anti-Virus service. Network Anti-Virus provides immediate-response updates and comprehensive reports of virus activity. WatchGuard also offers a content filtering option. However, WatchGuard s Web Blocker does not offer customization of the content filter list. And enabling Web blocking will introduce latency, since all URL requests must be forwarded to WatchGuard s proxying server on the Internet. WatchGuard does not offer an integrated anti-virus solution. Global Management SonicWALL s Global Management System simplifies configuration and management of SonicWALL Internet security appliances. SonicWALL Global Management System starts at $995 and scales to centrally manage and monitor thousands of SonicWALLs. While WatchGuard offers a sophisticated WatchGuard for MSS suite for centralized configuration of WatchGuard appliances, the WatchGuard for MSS suite starts at $83,000, not including the cost of the WebTrends historical reporting module.
WatchGuard Claims and SonicWALL Counters WatchGuard Claims SonicWALL Counters WatchGuard LiveSecurity WatchGuard s LiveSecurity System subscription provides a unique value added service to WatchGuard products. LiveSecurity for WatchGuard SOHO products consists of a limited e-mail update service from WatchGuard. One element of this service, notification of new firmware updates, is matched by SonicWALL s AutoUpdate feature. SonicWALL AutoUpdate is free for the life of the product while WatchGuard charges $95 per year for the LiveSecurity service. Another element of the LiveSecurity service is Virus Alerts, but the WatchGuard SOHO provides no anti virus capabilities. SonicWALL offers its unique Network Anti-Virus upgrade which includes virus alerts as part of the service. Technical Support The WatchGuard SOHO includes a 1-Year support subscription though the LiveSecurity service; LiveSecurity includes telephone support plus other offerings. SonicWALL, Inc. offers generous standard support and a range of premium support packages through its fully developed Network Operations Center. With standard technical support, SonicWALL customers may submit support requests through SonicWALL s online Technical Support Center. With premium support programs, SonicWALL customers receive immediate technical support via phone or email. Low Price The $449 WatchGuard SOHO is less expensive than the $495 SonicWALL SOHO. While the WatchGuard SOHO is marginally lower in price than the SonicWALL SOHO2, the WatchGuard SOHO requires the purchase of $95 annual LiveSecurity subscriptions for software upgrades. Since the SonicWALL SOHO2 offers greater throughput speeds, scalability, certified-security, and enterprise firewall features, the SonicWALL SOHO2 provides far better price/performance. Integrated Hub The WatchGuard SOHO includes an integrated 4-port hub to accommodate small networks. Because the WatchGuard SOHO only includes 10Mbps Ethernet ports, only small, home offices with 10Mbps network speeds would benefit from the WatchGuard SOHO s integrated hub. The SonicWALL SOHO2 is positioned primarily for business offices and branch offices that will most likely already use a Fast Ethernet hub or switch.
GENERAL SonicWALL SOHO2/10 SonicWALL TELE2 WatchGuard SOHO WatchGuard SOHO tc U.S. List Price 1 $495 $595 $449 $599 IPSec VPN Optional Included Optional Included Number of Users 10 5 10 10 FIREWALL Firewall Certification ICSA Certified ICSA Certified No No Stateful Packet Inspection Yes Yes Yes Yes Firewall Throughput 2 75Mbps 75Mbps 5Mbps 5Mbps Network Address Translation Yes Yes Yes Yes Transparent/Standard Mode Yes Yes No No One-to-One NAT Yes Yes No No DoS, DDoS Protection Yes Yes No No Network Access Rules Yes Yes Yes Yes CONTENT FILTERING Web Filter List Blocking CyberPatrol CyberPatrol CyberPatrol CyberPatrol Customizable Filtering Yes Yes No No Antivirus Filtering Integrated solution Integrated solution No No Malicious Code Filtering NETWORKING SUPPORT Java, ActiveX, Proxy, Cookies, Digital Certs Java, ActiveX, Proxy, Cookies, Digital Certs VPN Client pass through Yes Yes Yes Yes PPPoE/DHCP Client Support Yes Yes Yes Yes DHCP Server Support Yes Yes Yes Yes Static Routing Yes Yes No No MANAGEMENT Management Method Web Browser Web Browser Web Browser Web Browser Remote Management Encrypted Encrypted Clear Text-Not Encrypted Clear Text-Not Encrypted Global Management SonicWALL GMS SonicWALL GMS WatchGuard MSS WatchGuard MSS LOGGING / REPORTING Logging Syslog Syslog Syslog Syslog Reporting 3 rd Party/WebTrends 3 rd Party/WebTrends Firebox Only Firebox Only Alerting Email & Pager Support Email & Pager Support Not Available Not Available SUPPORT VPN Firmware Updates Free for life of product Free for life of product LiveSecurity $95/Year LiveSecurity $95/Year Encryption Methods 3DES, DES, ARCfour 3DES, DES, ARCfour 3DES, DES 3DES, DES Authentication MD5, SHA-1 MD5, SHA-1 MD5, SHA-1 MD5, SHA-1 Key Management IKE, Manual IKE, Manual IKE, Manual IKE, Manual VPN Interoperability Check Point, Raptor, Contivity, PIX Check Point, Raptor, Contivity, PIX No Check Point, Contivity, PIX No Check Point, Contivity, PIX Number of VPN Tunnels 10 5 1 1 VPN Client Support Yes Yes No No ARCfour VPN Throughput 15Mbps 15Mbps Not Available Not Available DES VPN Throughput 5Mbps 5Mbps 2Mbps 2Mbps 3DES VPN Throughput 2Mbps 2Mbps 1.3Mbps 1.3Mbps Group VPN Tunnel Yes Yes No No Digital Certificate support Integrated Solution Integrated Solution Not Available Not Available Enterprise VPN Features VPN NAT Yes Yes No No VPN Rules Yes Yes No No Perfect Forward Secrecy Yes Yes No No Fragmented Packets Yes Yes No No HARDWARE SPECIFICATIONS Operating System Embedded RTOS Embedded RTOS Embedded RTOS Embedded RTOS Processor 133MHz Toshiba 133MHz Toshiba 66 MHz Toshiba 66 MHz Toshiba Ethernet Interfaces 10/100Mbps 10/100Mbps 10Mbps 10Mbps Dimensions 8.25 x 6.5 x 2 8.25 x 6.5 x 2 6.5" x 1.0" x 6.1" 6.5" x 1.0" x 6.1" 2 Unidirectional Firewall throughput at 1024-bit packet size.