Call a Specialist Today! 020 3958 0663
Free Shipping! Free Shipping!

WatchGuard XTM 2520 Series Next-Generation Firewall
Fully Extensible, Enterprise-Class Protection & Productivity Safeguards

WatchGuard XTM 2520 Series Next-Generation Firewall

Sorry, this unit has been discontinued and is no longer available for purchase, replace by Firebox M5600. If you currently own this Model, please click here to participate in the WatchGuard Trade-Up Program! You can also purchase available renewals below. End of Sale (EOS): 31 Dec 2018. End of Life (EOL) for the XTM 2520 is 31 Dec 2023 - you will not be able receive support after this date even with a 1 Year contract.

Live Demo Box, Click here!

WatchGuard XTM 2520 Series Overview:

The XTM 2520 is a powerhouse. High-performance 35 Gbps firewall throughput combines with strong protection, flexible management, and a multitude of connectivity options to deliver the ultimate enterprise-grade network security solution. The 2520 delivers unparalleled visibility into real-time and historical user, network, and security activities. This allows businesses to easily define, enforce, and audit strong security and acceptable use policies, resulting in increased employee productivity and less risk to critical intellectual property and customer data. VPN failover, WAN failover, and High Availability features ensure that mission-critical data keeps flowing. Real-time monitoring and rich reporting are included at no additional cost.

Outstanding performanceScreaming-fast throughput
Up to 35 Gbps firewall throughput, 10 Gbps VPN throughput, and a jaw-dropping 15 Gbps throughput with full IPS and antivirus threat protection enabled. No one in the network security industry can top that number!
Unified security in a BYOD environmentUnified security in a BYOD environment
Open the door to limitless productivity with tools to connect your people securely, even when they use personal devices like iPads and Androids. Anywhere, anytime secure access is today's greatest competitive edge.
Always know what's happening on your networkAlways know what's happening on your network
Pinpoint significant network activities to take immediate corrective or diagnostic actions directly from the interactive, real-time monitoring. All logging and reporting functions also included with purchase.
Easily manage many appliancesEasily manage many appliances
Distributed organizations and MSSPs will especially appreciate the intuitive tools that support policy creation, management, and enforcement across multiple locations.
Comprehensive protectionComprehensive protection
Best-in-class security services boost protection in critical attack areas, including gateway AV, URL and web content filtering, intrusion prevention, app control, spam blocking.
High port densityHigh port density
Twelve 1-Gigabit Ethernet ports and four 10G SFP+ support high-speed LAN backbone infrastructures, as well as gigabit WAN connections.
Quick and secure setupQuick and secure setup
Take advantage of innovative features like drag-and-drop VPN creation and RapidDeploy technology to make fast work of extending your network.
Advanced NetworkingAdvanced networking
WatchGuard's advanced OS provides active/active high availability with load balancing, dynamic routing, VLAN support, and multi-WAN failover to ensure reliability.
Application ControlApplication Control
Control the use of Web 2.0 and other applications on your network for tighter security, better use of bandwidth, and greater productivity.
3 ways to manage your appliance3 ways to manage your appliance
Choose how you manage your WatchGuard appliance, using WatchGuard System Manager, the command line interface, and a web UI for access from anywhere.


Best-of-Breed Security

  • Application-layer content inspection recognizes and blocks threats that stateful packet firewalls cannot detect.
  • Powerful subscription-based security services boost protection in critical attack areas for multiple layers of defense. By partnering with leading technology providers, WatchGuard is able to integrate best-of-breed security components into one UTM platform for stronger security at big cost savings.
  • Application Control keeps unproductive, inappropriate, and dangerous applications off limits.
  • Intrusion Prevention Service delivers in-line protection from malicious exploits, including buffer overflows, SQL injections, and cross-site scripting attacks.
  • WebBlocker controls access to sites that host objectionable material or pose security risk.
  • Gateway AntiVirus (GAV) scans traffic on all major protocols to stop threats.
  • spamBlocker delivers continuous protection from unwanted and dangerous email.
  • Reputation Enabled Defense ensures faster, safer web surfing with cloud-based reputation
  • Data Loss Prevention (DLP) automatically inspects data in motion for corporate policy violations.
  • Advanced networking features, such as dynamic routing and link aggregation, allow you to add security without needing to change existing network infrastructure.
  • Multiple VPN choices (IPSec, SSL, L2TP) for secure remote access include support for Windows, Mac, Android and Apple iOS devices.
  • Easy to Manage

    • WatchGuard Dimension™ is a public and private cloud-ready security visibility solution that instantly turns raw data into security intelligence.
    • Interactive, real-time monitoring and reporting - at no additional charge - give an unprecedented view into network security activity so you can take immediate preventive or corrective actions.
    • Intuitive management console centrally manages all security functions.
    • Fast, secure remote configuration and rapid deployment tools make it easy for large distributed enterprises and managed service providers to grow their businesses.
    • Extend best-in-class UTM security to the WLAN by adding WatchGuard’s Wireless Access Points.
    • Drag-and-drop Branch Office VPN setup - three clicks and your remote office is connected.

    Highest UTM Performance in the Industry

    • Firewall throughput of up to 35 Gbps to keep traffic moving.
    • Best UTM throughput in its class - up to 10 Gbps - even with strong security enabled.
    • No need to compromise protection for fast performance or vice versa. Multi-layered, interlocking security protects the network while throughput remains high.
    • WAN and VPN failover provide redundancy for increased reliability.
    • XTM 1525-RP and XTM 2520 models include four 10 Gb fiber ports, with 850 nm multimode SFP+ transceiver modules included for each interface.

    Detailed Specifications:

    XTM 2520 Next-Generation Firewall Detailed Specs
    Firewall Stateful Packet Inspection, Deep Application Inspection, Proxy Firewall
    Application Proxies HTTP, HTTPS, SMTP, FTP, DNS, TCP, POP3, SIP, H.323
    Threat Protection Blocks spyware, DoS attacks, fragmented & malformed packets, blended threats & more
    VoIP H.323. SIP, Call Setup and Session Security
    Application Control Available with Security Bundle
    Intrusion Prevention Service Available with Security Bundle
    Gateway AntiVirus Available with Security Bundle
    Reputation Enabled Defense Available with Security Bundle
    spamBlocker Available with Security Bundle
    WebBlocker Available with Security Bundle
    VPN & Authentication
    Encryption DES, 3DES, AES 128-, 192-, 256-bit
    IPSec SHA-1, MD5, IKE pre-shared key, 3rd party cert
    SSL Thin client
    L2TP Works with native OS clients
    PPTP Server & Passthrough
    VPN Failover Yes
    Single Sign-On Transparent Active Directory Auth.
    XAUTH Radius, LDAP, Secure LDAP, Windows Active Directory
    Other User Authentication VASCO, RSA SecurID, Web-based, Local, Microsoft Terminal Services and Citrix
    Firewall Throughput* 35 Gbps
    VPN Throughput* 10 Gbps
    AV Throughput* 9.7 Gbps
    IPS Throughput* 15 Gbps
    UTM Throughput* Up to 10 Gbps
    Concurrent Sessions (bi-directional) 3,500,000
    New Connections per Second 135,000
    Nodes Supported (LAN IPs)


    BOVPN Tunnels Unrestricted
    MUVPN Tunnels (IPSec/SSL/L2TP) Unrestricted
    Operating System Fireware® XTM Pro
    IP Address Assignment Static, DynDNS, PPPoE, DHCP (Server, Client, Relay)
    Routing Static, dynamic (BGP4, OSPF, RIP v1/v2), Policy-based
    Link Aggregation 802.3ad dynamic, static, active/backup
    QoS 8 priority queues, diff serv, modified strict queuing
    VLAN Support 4,000 VLANs: bridging, tagging, routed mode
    High Availability Active/Passive, Active/Active with load balancing
    NAT Static, dynamic, 1:1, IPSec NAT traversal, Policy-based NAT, Virtual IP
    Other Networking Port independence, WAN failover, load balancing, transparent/drop-in mode
    Management Platform

    WatchGuard System Manager v11.7 or higher

    4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation.

    Alarms and Notifications SNMP v2/v3, Email, Mgmt. System Alert
    Server Support Logging, Reporting, Quarantine, WebBlocker, Management
    Web UI Supports Windows, Mac, Linux, and Solaris OS with most common browsers
    CLI Includes direct connect and scripting
    Interfaces 12: 10/100/1000
    4: 10G SFP+ Fiber
    Other Ports 1 Serial, 2 USB
    Product Dimensions 22" x 17" x 1.75" (56 x 43 x 4.4 cm)
    Shipping Dimensions 28.5" x 21" x 5" (72 x 53 x 13 cm)
    Weight 36 lbs. (16 kg)
    AC Power 100-250 VAC Autosensing
    Hot-Swap Power Supplies 2 redundant field-replaceable power supplies with integrated fan
    Power Consumption U.S. 130 Watts (max), 444 BTU/hr (max)
    Rack Mountable 1U rack mount kit with slide rack rail
    WEEE/RoHS Compliant Yes
    Security Certifications Pending: ICSA Firewall, ICSA VPN, CC EAL4+
    Review Pending: FIPS 140-2
    Network Certifications IPv6 Ready Gold (routing)
    Safety Certifications NRTL/C, CB

    *Throughput rates are determined using multiple flows through multiple ports and will vary depending on environment and configuration.

    Product Comparison:

    WatchGuard® Model XTM 1520-RP XTM 1525-RP XTM 2520
    Ideal For Main offices/headquarters that need strong security and a solution that offers room for growth. Main offices/headquarters looking for fast throughput and strong security that grows with changing needs. Main offices/headquarters that need enterprise-grade performance & security
    Model Upgradeable N/A N/A N/A
    Interfaces 14: 10/100/1000 6: 10/100/1000
    4: 10G SFP+
    12: 10/100/1000
    4: 10G SFP+
    Intrusion Prevention (DOS, DDOS, PAD, port scanning, spoofing attacks, address space probes, and more)
    Wireless Models Only N/A N/A N/A
    User Authentication with transparent Windows authentication
    Firewall Throughput 14 Gbps 25 Gbps 35 Gbps
    VPN Throughput 10 Gbps 10 Gbps 10 Gbps
    AV Throughput 8 Gbps 9 Gbps 9.7 Gbps
    IPS Throughput 11 Gbps 13 Gbps 15 Gbps
    UTM Throughput 6.7 Gbps 6.7 Gbps Up to 10 Gbps
    Concurrent Sessions*
    2,000,000 2,600,000 3,500,000
    VPN Tunnels
    Branch Office VPN Tunnels (Max.) 10,000 10,000 Unrestricted
    Mobile VPN with SSL/L2TP (Incl/Max) 15,000 20,000 Unrestricted
    Mobile VPN with IPSec Client Licenses (Bundled) 15,000 20,000 Unrestricted
    Mobile VPN with IPSec Tunnels (Max.) 15,000 20,000 Unrestricted
    VPN Authentication
    Optional Centralized (Multibox) Management. Optional licenses enable Drag and Drop VPN and one-touch appliance updates. 4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation. 4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation. 4-device WatchGuard System Manager license included with purchase. 5-device bonus pack comes with activation.
    Networking Features
    Dynamic NAT
    Static NAT
    One to One NAT
    VLAN 2,000 3,000 4,000
    Policy-Based Routing
    WAN Failover
    Multi-WAN Load Balancing
    Server Load Balancing
    Traffic Management/QoS
    High Availability Active/Active or Active/Passive
    Dynamic Routing
    VoIP (SIP and H.323) Support
    Additional Security Subscriptions
    Application Control Optional Optional Optional
    Data Loss Prevention Optional Optional Optional
    Reputation Enabled Defense Optional Optional Optional
    spamBlocker with Virus Outbreak Detection Optional Optional Optional
    Gateway AntiVirus/
    Intrusion Prevention Service (IPS)
    Optional Optional Optional
    WebBlocker with HTTPS URL filtering Optional Optional Optional
    LiveSecurity® Service LiveSecurity Plus with 24/7 support included with Security Bundle LiveSecurity Plus with 24/7 support included with Security Bundle LiveSecurity Plus with 24/7 support included with Security Bundle

    *Concurrent sessions here represent the number of bi-directional connections.

    Throughput rates are determined using multiple flows through multiple ports and will vary depending on environment and configuration.

    Options & Upgrades:

    Security Subscriptions

    Data Loss Prevention (DLP)Data Loss Prevention (DLP)
    XTM DLP prevents data breaches by scanning text and common file types to detect sensitive information. A predefined library of over 200 rules for 18 countries makes creating and updating corporate data policies as easy as point and click.

    Application ControlApplication Control
    Application Control enables IT administrators to monitor and control access to web and business applications to enforce policy, and protect productivity and network bandwidth.

    Reputation Enabled DefenseReputation Enabled Defense
    Reputation Enabled Defense delivers a powerful, cloud-based URL reputation service that protects web users from malicious web pages, while dramatically improving web processing overhead.
    WebBlocker content and URL filtering subscription helps eliminate legal liabilities resulting from inappropriate web surfing, while increasing employee productivity and protection from web-based attacks.
    spamBlocker is the best in the industry at distinguishing legitimate communication from spam outbreaks in real time, blocking nearly 100% of unwanted emails and the viral payloads they carry.
    Gateway AntiVirusGateway AntiVirus
    Gateway AntiVirusis a fully integrated, signature-based security subscription that identifies and blocks known spyware, viruses, trojans, and blended threats in real time.

    Intrusion Prevention ServiceIntrusion Prevention Service
    Intrusion Prevention Serviceworks hand-in-hand with your WatchGuard firewall's application layer content inspection to provide real-time protection from threats, including SQL injections, cross-site scripting, and buffer overflows.

    LiveSecurity ServiceLiveSecurity Service
    LiveSecurity Service, a high-value support and maintenance program that you activate online when you register your product. LiveSecurity delivers technical support, hardware warranty with advance hardware replacement, the latest software updates, and threat alerts.


    Download the XTM 1520, 1525, and 2520 Series Datasheet (PDF).

    It appears you don't have a PDF plugin for this browser. No biggie... you can click here to download the PDF file.

    Pricing Notes:

    WatchGuard Products
    XTM 2520 Security Suite Renewal/Upgrade
    WatchGuard XTM 2520 Security Suite Renewal/Upgrade - 1 Year
    Our Price: £29,473.74
    Inc. VAT: £35,368.49
    XTM 2520 NGFW Suite Renewal/Upgrade
    WatchGuard XTM 2520 NGFW Suite Renewal/Upgrade - 1 Year
    Our Price: £20,325.59
    Inc. VAT: £24,390.71
    LiveSecurity Support
    LiveSecurity Renewal for XTM 2520 Series, 1-Year
    Our Price: £9,657.53
    Inc. VAT: £11,589.04
    WatchGuard Remote Installation Service
    Our Price: £537.72
    Inc. VAT: £645.26
    XTM 2500 Series Premium 4 Hour Replacement, 1 Year
    Our Price: £3,976.39
    Inc. VAT: £4,771.67
    LiveSecurity Gold Support
    WatchGuard XTM 2520 1 Year LiveSecurity Gold Renewal/Upgrade
    Our Price: £12,952.02
    Inc. VAT: £15,542.42
    Data Loss Prevention (DLP)
    WatchGuard XTM 2520 1-Year Data Loss Prevention
    Our Price: £5,824.92
    Inc. VAT: £6,989.90
    XTM 2520 1 Year WebBlocker Subscription
    Our Price: £12,052.40
    Inc. VAT: £14,462.88
    Gateway Anti-Virus
    WatchGuard XTM 2520 1-Year Gateway AntiVirus
    Our Price: £12,052.40
    Inc. VAT: £14,462.88
    SpamBlocker Subscription For XTM 2520
    Our Price: £13,256.00
    Inc. VAT: £15,907.20
    Intrusion Prevention Service
    WatchGuard XTM 2520 1-Year Intrusion Prevention Service
    Our Price: £12,052.40
    Inc. VAT: £14,462.88
    Reputation Enabled Defense
    WatchGuard XTM 2520 1-Year Reputation Enabled Defense
    Our Price: £12,052.40
    Inc. VAT: £14,462.88
    Application Control
    WatchGuard XTM 2520 1-Year Application Control
    Our Price: £12,052.40
    Inc. VAT: £14,462.88
    APT Blocker
    WatchGuard APT Blocker for XTM 2520, 1-Year
    Our Price: £13,859.85
    Inc. VAT: £16,631.82
    IPSec Mobile VPN Premium client powered by NCP Technology
    Includes support for two-factor authentication, pre-login to Windows domains, FIPS 140-2 conformant IPsec algorithms, and a secure personal firewall
    XTM IPSec Mobile VPN Client for Windows
    Our Price: £78.05
    Inc. VAT: £93.66
    IPSec Mobile VPN Client for Mac
    Our Price: £78.05
    Inc. VAT: £93.66
    Mobile VPN (IPSec) License Pack for XTM Series
    Upgrades from the default number of mobile VPN users on XTM 2, 5, and 8 Series (IPSec not SSL)
    Mobile VPN (IPSec) License Pack for XTM Series - 5 Users
    Our Price: £222.93
    Inc. VAT: £267.52
    Mobile VPN (IPSec) License Pack for XTM Series - 10 Users
    Our Price: £423.94
    Inc. VAT: £508.73
    Mobile VPN (IPSec) License Pack for XTM Series - 20 Users
    Our Price: £639.57
    Inc. VAT: £767.48
    Mobile VPN (IPSec) License Pack for XTM Series - 50 Users
    Our Price: £800.37
    Inc. VAT: £960.44
    Mobile VPN (IPSec) License Pack for XTM Series - 250 Users
    Our Price: £4,016.47
    Inc. VAT: £4,819.76
    Mobile VPN (IPSec) License Pack for XTM Series - 500 Users
    Our Price: £8,036.60
    Inc. VAT: £9,643.92