WatchGuard Firebox M5600 review

WatchGuard’s Firebox M5600 delivers enterprise-grade network security and beats the rest on price

IT Pro RecommendedWatchGuard Firebox m5600 front and rear
  • Top security measures; High firewall throughput; Good value; Easy deployment; Optional 40GbE ports
  • Noisy cooling system; Older Xeon CPU

Enterprise network security usually costs a king's ransom but WatchGuard's Firebox M5600 bucks the trend by delivering a wealth of features at a more palatable price. It may only be a 1U rack appliance but it's plenty powerful, with WatchGuard claiming a 60Gbits/sec firewall throughput and 11Gbits/sec with all UTM services enabled.

Targeting distributed environments of up to 7,500 users, the M5600 offers a versatile range of port options. The appliance has four expansion slots at the front and comes with the eight copper Gigabit and quad 10GbE SFP+ port modules as standard.

The two spare slots accept any module so you can add eight more 10GbE ports if you wish. However, the clincher is WatchGuard's dual-port 40GbE fibre module, as few competing vendors offer this as an option.

The M5600 is powered by elderly 10-core 2.8GHz E5-2680 v2 Xeon CPU teamed up with 16GB of DDR3 memory, while internal storage is handled by a 2GB CFast card and 250GB LFF SATA hard disk. Dual 400W PSUs come as standard, as do four hot-plug fan modules - but this combination produces annoyingly loud noise levels.

WatchGuard Firebox m5600 web console


The price may initially seem steep but it looks a lot more appealing when stacked up against the competition. The price we've shown includes the M5600 appliance and a full three-year subscription to the Total Security Suite, which activates everything WatchGuard has to offer.

Advertisement - Article continues below
Advertisement - Article continues below

Along with the firewall, VPNs and 24x7 Gold LiveSecurity support, it enables IPS, web content filtering, anti-spam, gateway anti-virus, application controls and HTTPS inspection, plus WatchGuard's reputation enabled defence, advanced persistent threat (APT) blocker service and data leak prevention (DLP) module.

There's more; WatchGuard's RED (reputation enabled defence) service is included for increased web protection. Web access requests send the URL in question to WatchGuard's RED cloud servers where they score it and instruct the appliance to either allow or block it.

To put the outlay into perspective, SonicWALL's top-of-the-line SuperMassive 9800 2U appliance (its E10xxx range recently went on EOL notice) starts at over 46K just for the hardware. Add in a three-year subscription to its Comprehensive Gateway Security Suite and the price jumps to nearly 100K.

WatchGuard Firebox m5600 web console subscription activity


The M5600 is very easy to deploy, as the web interface fires up a wizard to secure administrative access and get Internet access running on an external port along with DHCP services on your first trusted interface. Three operational modes are available and we opted for the mixed routing mode as it's the most versatile.

This mode allows all ports to be defined as separate interfaces where we could set them as external, trusted, optional or custom and add DHCP services on selected trusted ports. Port aliases streamline further configuration and we used these to assign multiple firewall policies to source and destination ports.

Advertisement - Article continues below

WatchGuard uses proxies to handle all traffic and includes ones for HTTP, HTTPS, FTP, SIP, IMAP, POP3 and SMTP. The relationship between proxies and actions takes a little while to get the hang of, but on first access, the web console provides a wizard for each one.

Enforcing web content filtering using the WebBlocker service was a three-step process. We chose from over 120 URL categories, applied HTTP and HTTPS filtering and on completion, the wizard created a new firewall rule.

WatchGuard Firebox m5600 web console firewall policies


Mail security is handled by the spamBlocker service, and to use it we set up the POP3 proxy to tag messages classed as spam, suspect and bulk. It's very effective: in live tests of other WatchGuard appliances, we've seen spam detection rates of 97-98 percent with no false positives.

Within selected policies, we could enable IPS and apply allow, drop or block actions based on five threat levels. Gateway AV is a cinch to set up - you enable it on selected policies and choose actions for virus detections, scan errors, oversized files and encrypted files.

You'll need to enable gateway AV if you want to apply APT protection. As files come in to the network, it scans them, creates an MD5 hash and checks the LastLine cloud service to see if they're known malware.

Advertisement - Article continues below

WatchGuard's application awareness controls access to hundreds of apps and has eleven entries for Facebook alone. DLP is another easy one to configure and uses predefined and custom rules on the HTTP, FTP and SMTP proxies to check for keywords such as credit card or social security numbers.

Dimension provides centralized management for all your WatchGuard security appliances

Security and management

The mobile security service queries Android and iOS devices and blocks access if they don't meet the minimum OS level. To use it on iOS devices, we loaded the free WatchGuard FireClient app and could then set blocking policies for any devices not running the latest OS version.

You can use the M5600 to centrally manage wireless networks that employ WatchGuard's own APs. Once paired with the appliance, they take all their settings from it and you can apply selected security policies to wireless traffic.

The appliance's web console provides plenty of detail about all activity and we also used WatchGuard's Dimension software on our Hyper-V host for centralized monitoring. It provides an impressive amount of information such as global threat maps and security service graphs and with Dimension Command activated, you can only log in to an appliance's web console from Dimension's interface.


Considering the price of the hardware, we would have liked a newer Xeon CPU and more memory (plus quieter fans) but performance is impressive and there's no denying the M5600's security credentials. WatchGuard offers a wealth of easily managed enterprise-grade security services at a price the competition will have trouble matching.


WatchGuard’s flagship M5600 UTM appliance is a great choice for enterprises that want tough and easily deployed network security at a more sensible price

As reviewed

Chassis: 1U rack CPU: 2.8GHz Intel Xeon E5-2680 v2 Memory: 16GB DDR3 Storage: 2GB CFast 3SE SATA card, 250GB LFF SATA HDD Network: 8 x Gigabit, 4 x 10GbE SFP+ Expansion: 4 x module slots (2 free) Other ports: Gigabit management, 2 x USB 2, RJ-45 serial Power: 2 x 400W hot-plus PSUs Management: Web browser, WatchGuard Dimension/Command Warranty: 3-year advanced hardware replacement

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now


Server & storage

Broadberry CyberServe R182-Z90 review: Gigabyte’s EPYC gamble pays off handsomely

7 Jan 2020
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Server & storage

HPE ProLiant DL20 Gen10 review: Compact and bijou

31 Aug 2019

Most Popular

Microsoft Windows

Microsoft pulls disastrous Windows 10 security update

17 Feb 2020

How to use Chromecast without Wi-Fi

5 Feb 2020
Business operations

HP shareholders invited to come dine with Xerox

17 Feb 2020
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020