WatchGuard Firebox T15 review

Perfect for small businesses, the Firebox T15 offers the toughest gateway security measures at a pocket-friendly price

Editor's Choice
Price
£429
  • Excellent value; Superb range of protection features; Great monitoring facilities
  • UTM features slightly drop firewall throughput

Stepping up as the new entry-point to WatchGuard's tabletop security appliance family, the Firebox T15 offers a set of features that belie its small stature. It's excellent value too, as it offers super-strength network security at a price small businesses will love.

WatchGuard's Total Security Suite subscription enables web content filtering, application controls, anti-spam, gateway antivirus (AV), network discovery, IPS and reputation enabled defence. It also activates data loss prevention (DLP), Dimension Command plus the advanced persistent threat (APT) blocker and includes a Gold Support subscription.

The T15 is no slouch in the performance stakes either as it boasts a high raw firewall throughput of 400Mbits/sec. Enabling gateway AV drops this by 120Mbits/sec and even with all UTM features running, it still musters a very respectable 90Mbits/sec.

Worry not about deployment as the subscription includes a free remote setup and configuration session with a WatchGuard in-house engineer. And if you choose to go it alone, the appliance's web console offers a wizard-based setup routine that creates a base set of firewall policies for securing internet access.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The T15 employs proxies to control different traffic types and on first contact, each one loads a wizard to help with initial setup. For web content filtering, we chose from 110 URL categories, added blocking actions for the HTTP and HTTPS proxies and left the wizard to add new firewall rules for our policies.

Spam control is a cinch; the spamBlocker wizard asked us to select incoming SMTP traffic and provide an internal mail server address or just activate IMAP or POP3. We chose the latter for transparent scanning where the POP3 proxy client was set to append the subject line of dodgy messages with 'Spam', 'Bulk' or 'Suspect' tags so we could filter them out using Outlook message rules.

Gateway AV scanning is enabled on selected proxies and you'll need this running if you want to apply APT protection. This scans incoming files, creates MD5 hashes and checks them with the LastLine cloud service to see if they're known malware.

Within selected policies, we could enable IPS and apply allow, drop or block actions based on five threat levels. DLP uses predefined and custom rules on the HTTP, FTP and SMTP proxies to check for keywords such as credit card or social security numbers.

WatchGuard's Application Control service has options for managing hundreds of apps and is perfect for businesses worried about Facebook's chicanery. You can block Facebook completely or use any of the 11 behavioural entries to decide, for example, who can post 'likes', comment, chat, edit their profile or upload media.

VPN support is tops as the T15 supports 5 site-to-site tunnels plus 5 mobile VPN clients. During setup, it also creates configuration files for Watchguard's Windows, iOS and Android clients plus the Shrew Soft VPN client.

Advertisement - Article continues below

A wireless version of the T15 is available while the base model we have can centrally manage WatchGuard's own APs. After pairing them with the appliance, you can assign SSIDs, enforce client isolation for guest networks and choose which security services to apply to wireless traffic.

Plenty of standard reporting tools are provided including the web console's traffic monitor and clever FireWatch display. We run WatchGuard's free Dimension software as a VMware VM and after adding the T15, we could keep an eye on all our Firebox appliances and view global threat maps, an executive dashboard and see what each security service was doing.

There's more; Total Security subscriptions include WatchGuard's RED (reputation enabled defence) service for even tougher web protection. Applied to the HTTP proxy, it sends user web requests to the RED cloud servers where they score them and instruct the appliance to either allow or block them.

The Firebox T15 is a remarkable little appliance that looks to have every security angle covered. Combine this prowess with its low price and it earns a well-deserved IT Pro Editor's Choice award.

Verdict

The Firebox T15 is a remarkable little appliance that looks to have every security angle covered. Combine this prowess with its low price and it earns a well-deserved IT Pro Editor's Choice award.

Desktop chassis 1GB RAM 3 x Gigabit (WAN, 2 x LAN) USB 2 RJ-45 serial port Fan-less cooling External PSU Web browser and Dimension management

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/security/cyber-security/354827/mcafee-researchers-trick-tesla-autopilot-with-a-strip-of-tape
cyber security

McAfee researchers trick Tesla autopilot with a strip of tape

21 Feb 2020