WatchGuard Firebox T55-W review

A wealth of security measures at a knock-down price

Editor's Choice
Price
£3,324
  • Excellent value; Huge range of security services; Easy to deploy; Integral dual-radio wireless AP
  • Could do with a little more internal memory

Stepping in to the middle of WatchGuard's desktop security appliance family, the Firebox T55-W is equally at home protecting SMEs, remote workers or branch offices. Clothed in the classic bright red Firebox chassis, this desktop box delivers an impressive range of security measures and amalgamates them with integral 11ac dual-band wireless.

It may be small but it's no lightweight for performance, with WatchGuard recommending it for up to 30 users and claiming a 1Gbits/sec raw firewall throughput and 523Mbits/sec with all UTM services enabled. It has five Gigabit ports for WAN, LAN and DMZ duties with PoE+ presented on the fourth LAN port.

The appliance doesn't give the wireless game away as its aerials are tucked away inside the chassis. Another useful wireless feature present on all Firebox appliances is their integral gateway controller which can centrally manage and provision WatchGuard's own APs.

WatchGuard Firebox T55-W: Security features

Prices starting at 960 for the hardware, plus a one-year 24/7 support contract and all software updates. Where you go from here is up to you; suffice to say that WatchGuard offers plenty of choice.

A one-year Basic Security Suite subscription pushes the price to 1,293 and activates anti-virus, anti-spam, web filtering, HTTPS inspection, IPS, application controls and WatchGuard's reputation enabled defence. The price we've shown is for a three-year Total Security Suite subscription which adds WatchGuard's data leak prevention (DLP) and advanced persistent threat (APT) blocker service.

Along with a Gold 24/7 support contract, Total Security includes WatchGuard's RED (reputation enabled defence) service. Web access requests send the URL to WatchGuard's RED cloud servers where they assign a score and instruct the appliance to either allow or block it.

VPN services are extensive as the T55-W supports site-to-site IPsec tunnels plus mobile IPsec, PPTP and L2TP clients along with SSL VPNs. Note that the new Access Portal feature which provisions secure, client-free VPN connections, is not supported on the Firebox 'T' models.

WatchGuard Firebox T55-W: Installation and management

The T55-W is easy to deploy: the web console runs a wizard to secure the appliance and get Internet access running on an external port along with DHCP services on the first trusted LAN interface. Large distributed businesses will like WatchGuard's RapidDeploy cloud service as they can send new appliances to remote offices and have them receive a configuration file as soon as they are powered up.

The wizard defaults to the flexible mixed-mode routing which allows wired and wireless ports to be defined as separate interfaces. Configuring the remaining ports is a cinch as we defined them as external, trusted, optional or custom and added DHCP services on selected trusted ports.

WatchGuard's browser interface is well-designed and standard across all Firebox appliances. It opens with a tidy dashboard showing a breakdown of traffic for the top clients, web destinations, policies and applications with options to drill down for more detail on each entry.

Management choices are extensive, and you can load the WatchGuard System Manager (WSM) suite on a separate Windows host to provide central management, logging and reporting services. We run WatchGuard's Dimension as a VMware VM in the lab and after linking it to the T55-W, used it for viewing appliance utilisation plus an executive dashboard, global threat map and policy activity graphs.

WatchGuard Firebox T55-W: Rules and proxies

The T55-W uses proxies for all security services and there are plenty to choose as you have ones for HTTP, HTTPS, FTP, SIP, H.323, POP3 and SMTP. Firewall rules are created for each proxy which define the interfaces they apply to and their actions - and WatchGuard provides wizards for all of them.

Highly granular web content filtering policies are possible where you choose from 130 Websense URL categories, enable blocking actions on the HTTP and HTTPS proxies, add exceptions and enable alerting. Anti-spam measures are just as easy to configure; you can select incoming SMTP, IMAP or POP3 traffic and block or tag spam messages.

Gateway AV scanning can be enabled on selected proxies, which you'll need running if you want to enable the APT service. This scans inbound files, creates MD5 hashes and checks them with the LastLine cloud service to see if they're known malware.

We noticed that Dimension was reporting a total appliance memory usage of between 65-90% and WatchGuard advised us this is due to the demands of the new BitDefender AV engine. It can get close to the edge although we didn't encounter any performance issues during testing.

WatchGuard Firebox T55-W: Wireless features

The T55-W can present up to three separate APs that act as DHCP relays or provide their own DHCP services. Along with all key encryption schemes, their SSIDs can be broadcast or hidden and you can apply client isolation so users on the same wireless network can't see each other.

Global wireless settings include 2.4GHz and 5GHz radio modes, a choice of channel widths and protection against the WPA/WPA2 KRACK vulnerability for unpatched wireless clients. Rogue AP detection can be enabled - but be careful when you schedule it as it will temporarily disable the appliance's APs while it's running.

If you want more APs, you can add any of WatchGuards's four available models and pair them with the appliance's wireless gateway controller. Once paired, you can assign SSIDs to their dual radios, enforce wireless security and apply custom firewall policies to the ports they are connected to.

WatchGuard Firebox T55-W: Verdict

The T55-W is a versatile security appliance that's well-suited to deployments in SMEs and enterprise branch or remote offices. For the price, it's offering a remarkable range of easily configured security features, all management components are inclusive and the icing on the on the cake is its integral wireless network services.

Verdict

SMEs that want tough gateway security, a good range of wireless services and a low price will find WatchGuard’s T55-W ticks all their boxes

Chassis: Desktop Memory: 2GB RAM Network: 5 x Gigabit (Port 4 with PoE) Wireless: 2.4/5GHz 802.11ac Other ports: 2 x USB 2, RJ-45 serial Power: External PSU Management: Web browser, WatchGuard Dimension/Command Warranty: 3-year Gold 24/7 support

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

SonicWall warns of imminent ransomware campaign on VPN hardware
virtual private network (VPN)

SonicWall warns of imminent ransomware campaign on VPN hardware

16 Jul 2021
Zyxel USG Flex 100 review: Flexible gateway security
unified threat management (UTM)

Zyxel USG Flex 100 review: Flexible gateway security

15 Apr 2021
Veritas Access Appliance with IBM Spectrum® Protect
Server & storage

Veritas Access Appliance with IBM Spectrum® Protect

27 Nov 2020
Zoom starts rolling out end-to-end encryption for all users
encryption

Zoom starts rolling out end-to-end encryption for all users

27 Oct 2020

Most Popular

UK gov considers blocking Nvidia's takeover of Arm
Acquisition

UK gov considers blocking Nvidia's takeover of Arm

4 Aug 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Preparing for AI-enabled cyber attacks
Whitepaper

Preparing for AI-enabled cyber attacks

22 Jul 2021