IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

WatchGuard Firebox T70 review

With top performance and features, the Firebox T70 is an enterprise-class security appliance at an SMB price

IT Pro Value
Price
£2,178
  • Tremendous value; Enterprise-grade features.
  • OS identification can be hit and miss;

WatchGuard's Firebox T70 could be the perfect security solution for bandwidth-hungry workforces, thanks to the highest performance we've seen in a desktop appliance. This desktop box claims a remarkable 4Gbits/sec raw firewall throughput; even with all UTM services enabled, it can still handle more than 1Gbit/sec.

Even better, this exceptional performance comes at a very reasonable price: the appliance costs only 2,178 exc VAT, with a one-year subscription to WatchGuard's Total Security Suite. That compares favourably to the competition: SonicWALL's NSA 3600, for example, has a lower 3.4Gbits/sec raw firewall throughput, and the hardware alone costs over three grand.

The Total Security Suite lives up to its name, too. It activates WatchGuard's web-content filtering features, plus application controls, anti-spam, gateway antivirus, network discovery, IPS, reputation-enabled defence, data loss prevention (DLP) and an advanced persistent threat (APT) blocker. A Gold Support subscription is included as well.

The T70 isn't lacking in the hardware department, either. It sports eight Gigabit ports for LAN, WAN and DMZ duties - and the sixth and seventh LAN ports are PoE-enabled, so you can easily add wireless APs or IP cameras.

When it came to deployment, the network discovery tool automatically scanned our lab network, and after around 30 minutes presented us with a list of all systems. Any new systems that we subsequently placed on the network appeared in the list after a few seconds. Our only niggle is that the OS identification isn't perfect: a Windows Server 2012 R2 system was wrongly identified as running Windows 8 or 8.1.

Setting up firewall-protected internet access took less than five minutes, thanks to a helpful wizard. Traffic is handled by a variety of different dedicated proxies - including HTTP, HTTPS, FTP, SIP, POP3 and SMTP - and these too can be configured with wizards. Web content filtering is thus reduced to a three-step process: we were able to choose from over 120 URL categories and applied HTTP and HTTPS filtering, and on completion a new firewall rule was generated for us.

Gateway antivirus and WatchGuard's spamBlocker services are just as easy to set up. For the latter, you can apply actions to tag dodgy emails as spam, suspect or bulk. Once gateway AV is enabled, you can use the APT blocker service that transparently scans incoming files, creates MD5 hashes and compares them with the Lastline cloud service to see if they're known malware.

A nice touch in the web console is the padlock symbol at the top of each screen to prevent accidental changes. This must be unlocked by clicking on it before the appliance will accept any configuration changes.

The T70 doesn't have integral wireless services, but it can manage WatchGuard's own APs. We paired an AP200 with the T70 and were able to assign SSIDs to its dual radios, enforce client isolation for guest networks, and choose which security services to apply to wireless traffic.

The T70 can also help maintain mobile security by querying the OS of connected Android and iOS devices and blocking access if they don't meet a minimum requirement. We tested this using an iPad loaded with the FireClient app: initially, the T70 blocked it for non-compliance, but we quickly realised that this was because only iOS 8 and 9 are accepted by default. As soon as we added iOS 10 in the policy, we were good to go.

One final feature worth noting is the Dimension monitoring system. This provides a wealth of information, including an executive dashboard, global threat maps and security service graphs. Businesses with multiple Fireboxes can take advantage of the Dimension Command feature - included in the Total Security Suite - which centralises appliance management in one place, as well as adding tabs for mobile devices and wireless APs.

High-performing UTM appliances usually come with a price premium, so the Firebox T70 stands well apart from the crowd. It offers SMBs a wealth of security measures, teamed with a super set of remote-management tools, at an extremely competitive price.

This review originally appeared in PC Pro issue 268.

Verdict

High-performing UTM appliances usually come with a price premium, so the Firebox T70 stands well apart from the crowd. It offers SMBs a wealth of security measures, teamed with a super set of remote-management tools, at an extremely competitive price.

Desktop chassis
2GB RAM
8 x Gigabit Ethernet (PoE on ports 6 & 7)
2 x USB 2
RJ-45 serial port
External PSU
Web browser management
Options: Appliance with 3yr Total Security Suite, £3,977 exc VAT

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

WatchGuard Firebox M290 review: Stiff security at a great price
unified threat management (UTM)

WatchGuard Firebox M290 review: Stiff security at a great price

23 Feb 2022
Sophos XGS 3300 review: Xstream firewall performance
Security

Sophos XGS 3300 review: Xstream firewall performance

7 Jan 2022
Ubiquiti Networks UniFi Dream Machine Pro review: All the security you need in one handy box
Security

Ubiquiti Networks UniFi Dream Machine Pro review: All the security you need in one handy box

18 Nov 2021
Big zero-day flaw found in Palo Alto security appliance
internet security

Big zero-day flaw found in Palo Alto security appliance

11 Nov 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022