WatchGuard Firebox T30 review

Delivers a wealth of enterprise-class security features at an affordable cost for small businesses

IT Pro Verdict

Despite its dainty proportions, the Firebox T30 delivers a remarkable range of features. Add in its powerful performance and sensible price, and you have a highly recommended security solution for growing small and medium-sized businesses.

Pros

  • +

    Versatile permissions rules; Easy setup;

Cons

    WatchGuard's Firebox T30 should appeal to budget-conscious SMBs because it offers tough security measures at a very reasonable price. It's also aimed squarely at remote offices lacking on-site IT expertise, as WatchGuard's innovative RapidDeploy delivers fast plug-and-play installation services.

    This fiery red desktop box isn't lacking in the hardware department either. It sports five Gigabit ports for LAN, WAN and DMZ duties, and it's big on performance, with a fast UTM throughput of 135Mbits/sec.

    The standard UTM subscription enables anti-spam, gateway antivirus, IPS, web-content filtering, application controls, HTTPS inspection and WatchGuard's reputation-enabled defence. WatchGuard also offers optional data-leak prevention (DLP) and advanced persistent threat (APT) blocker services, which only increase a one-year subscription to 1,001 exc VAT.

    Standalone deployment isn't taxing: we followed the web console's quick-start wizard to provide firewall-protected internet access in less than five minutes. Proxies are used to control all traffic types, with WatchGuard catering for HTTP, HTTPS, FTP, DNS, SIP, H.323, POP3 and SMTP.

    These used to be tricky to set up, but the latest firmware lightens the load by providing wizards for each of them. Web content filtering is now a painless three-step process in which we provided a name for the blocking action, chose from more than 120 URL categories and applied it to HTTP and HTTPS traffic.

    The wizard also handled firewall configuration and automatically created new policy rules for our web-content filters. Anti-spam measures are just as easy to apply using the SpamBlocker service, where we created actions to tag dubious emails as spam, suspect or bulk.

    Simplicity is the watchword when it comes to gateway antivirus. It only took us a few seconds to activate -- again using a wizard, which displayed the proxy actions we could enable. You'll need gateway antivirus running to use the APT blocking service; it transparently scans incoming files, creates MD5 hashes and compares them with the Lastline cloud service to root out known malware.

    We were impressed with the T30's application controls, which provide a searchable list of around 1,800 apps with all the main social networks represented. Rules are very versatile, too.

    For example, we could let users log in to their Facebook and Twitter accounts, but block them from uploading media, playing games, Liking, following and retweeting.

    The T30 functions as a central wireless controller for WatchGuard's own access points, and its fourth LAN port is also PoE-enabled (Power over Ethernet). After pairing a WatchGuard AP200 model with the appliance, we used the main web console to assign SSIDs to its 2.4GHz and 5GHz radios, enforce wireless security, enable client isolation and apply separate proxy policies to the port to which it was connected.

    Enterprises and managed services providers will appreciate WatchGuard's RapidDeploy cloud service, which will allow them to send new appliances to remote offices and have them receive a configuration file once they've been powered up (you need a local appliance to create a file and upload it to your cloud support account).

    Once the remote appliance has been registered and RapidDeploy enabled, it will then download and apply the file as soon as it connects to the internet.

    The web console provides plenty of monitoring facilities for network and proxy activity, which can be augmented with WatchGuard's freely available Log Server software. The T30 also sports the FireWatch feature found in WatchGuard's Dimension management software. This displays sets of coloured squares, the size of which indicates the level of activity for sources, destinations, policies, applications and interfaces.

    Despite its dainty proportions, the Firebox T30 delivers a remarkable range of features. Add in its powerful performance and sensible price, and you have a highly recommended security solution for growing small and medium-sized businesses.

    Verdict

    Despite its dainty proportions, the Firebox T30 delivers a remarkable range of features. Add in its powerful performance and sensible price, and you have a highly recommended security solution for growing small and medium-sized businesses.

    Desktop chassis

    1GB RAM

    5 x Gigabit (PoE on port 5)

    2 x USB 2

    RJ45 serial port

    External PSU

    Web browser management

    Options: appliance with UTM, APT and DLP/3yr, £1,805 exc VAT

    Dave Mitchell

    Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

    Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.