WatchGuard Firebox T15 review

Perfect for small businesses, the Firebox T15 offers the toughest gateway security measures at a pocket-friendly price

Editor's Choice
Price
£429
  • Excellent value; Superb range of protection features; Great monitoring facilities
  • UTM features slightly drop firewall throughput

Stepping up as the new entry-point to WatchGuard's tabletop security appliance family, the Firebox T15 offers a set of features that belie its small stature. It's excellent value too, as it offers super-strength network security at a price small businesses will love.

WatchGuard's Total Security Suite subscription enables web content filtering, application controls, anti-spam, gateway antivirus (AV), network discovery, IPS and reputation enabled defence. It also activates data loss prevention (DLP), Dimension Command plus the advanced persistent threat (APT) blocker and includes a Gold Support subscription.

The T15 is no slouch in the performance stakes either as it boasts a high raw firewall throughput of 400Mbits/sec. Enabling gateway AV drops this by 120Mbits/sec and even with all UTM features running, it still musters a very respectable 90Mbits/sec.

Worry not about deployment as the subscription includes a free remote setup and configuration session with a WatchGuard in-house engineer. And if you choose to go it alone, the appliance's web console offers a wizard-based setup routine that creates a base set of firewall policies for securing internet access.

The T15 employs proxies to control different traffic types and on first contact, each one loads a wizard to help with initial setup. For web content filtering, we chose from 110 URL categories, added blocking actions for the HTTP and HTTPS proxies and left the wizard to add new firewall rules for our policies.

Spam control is a cinch; the spamBlocker wizard asked us to select incoming SMTP traffic and provide an internal mail server address or just activate IMAP or POP3. We chose the latter for transparent scanning where the POP3 proxy client was set to append the subject line of dodgy messages with 'Spam', 'Bulk' or 'Suspect' tags so we could filter them out using Outlook message rules.

Gateway AV scanning is enabled on selected proxies and you'll need this running if you want to apply APT protection. This scans incoming files, creates MD5 hashes and checks them with the LastLine cloud service to see if they're known malware.

Within selected policies, we could enable IPS and apply allow, drop or block actions based on five threat levels. DLP uses predefined and custom rules on the HTTP, FTP and SMTP proxies to check for keywords such as credit card or social security numbers.

WatchGuard's Application Control service has options for managing hundreds of apps and is perfect for businesses worried about Facebook's chicanery. You can block Facebook completely or use any of the 11 behavioural entries to decide, for example, who can post 'likes', comment, chat, edit their profile or upload media.

VPN support is tops as the T15 supports 5 site-to-site tunnels plus 5 mobile VPN clients. During setup, it also creates configuration files for Watchguard's Windows, iOS and Android clients plus the Shrew Soft VPN client.

A wireless version of the T15 is available while the base model we have can centrally manage WatchGuard's own APs. After pairing them with the appliance, you can assign SSIDs, enforce client isolation for guest networks and choose which security services to apply to wireless traffic.

Plenty of standard reporting tools are provided including the web console's traffic monitor and clever FireWatch display. We run WatchGuard's free Dimension software as a VMware VM and after adding the T15, we could keep an eye on all our Firebox appliances and view global threat maps, an executive dashboard and see what each security service was doing.

There's more; Total Security subscriptions include WatchGuard's RED (reputation enabled defence) service for even tougher web protection. Applied to the HTTP proxy, it sends user web requests to the RED cloud servers where they score them and instruct the appliance to either allow or block them.

The Firebox T15 is a remarkable little appliance that looks to have every security angle covered. Combine this prowess with its low price and it earns a well-deserved IT Pro Editor's Choice award.

Verdict

The Firebox T15 is a remarkable little appliance that looks to have every security angle covered. Combine this prowess with its low price and it earns a well-deserved IT Pro Editor's Choice award.

Desktop chassis 1GB RAM 3 x Gigabit (WAN, 2 x LAN) USB 2 RJ-45 serial port Fan-less cooling External PSU Web browser and Dimension management

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

The ultimate guide to landing a cyber security career
Careers & training

The ultimate guide to landing a cyber security career

30 Sep 2020
8 of the most secure web browsers
web browser

8 of the most secure web browsers

25 Sep 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Nokia will replace Huawei as BT's largest 5G equipment provider
5G

Nokia will replace Huawei as BT's largest 5G equipment provider

29 Sep 2020