WatchGuard Firebox T70 review

With top performance and features, the Firebox T70 is an enterprise-class security appliance at an SMB price

IT Pro Value
  • Tremendous value; Enterprise-grade features.
  • OS identification can be hit and miss;

WatchGuard's Firebox T70 could be the perfect security solution for bandwidth-hungry workforces, thanks to the highest performance we've seen in a desktop appliance. This desktop box claims a remarkable 4Gbits/sec raw firewall throughput; even with all UTM services enabled, it can still handle more than 1Gbit/sec.

Even better, this exceptional performance comes at a very reasonable price: the appliance costs only 2,178 exc VAT, with a one-year subscription to WatchGuard's Total Security Suite. That compares favourably to the competition: SonicWALL's NSA 3600, for example, has a lower 3.4Gbits/sec raw firewall throughput, and the hardware alone costs over three grand.

The Total Security Suite lives up to its name, too. It activates WatchGuard's web-content filtering features, plus application controls, anti-spam, gateway antivirus, network discovery, IPS, reputation-enabled defence, data loss prevention (DLP) and an advanced persistent threat (APT) blocker. A Gold Support subscription is included as well.

The T70 isn't lacking in the hardware department, either. It sports eight Gigabit ports for LAN, WAN and DMZ duties - and the sixth and seventh LAN ports are PoE-enabled, so you can easily add wireless APs or IP cameras.

Advertisement - Article continues below
Advertisement - Article continues below

When it came to deployment, the network discovery tool automatically scanned our lab network, and after around 30 minutes presented us with a list of all systems. Any new systems that we subsequently placed on the network appeared in the list after a few seconds. Our only niggle is that the OS identification isn't perfect: a Windows Server 2012 R2 system was wrongly identified as running Windows 8 or 8.1.

Setting up firewall-protected internet access took less than five minutes, thanks to a helpful wizard. Traffic is handled by a variety of different dedicated proxies - including HTTP, HTTPS, FTP, SIP, POP3 and SMTP - and these too can be configured with wizards. Web content filtering is thus reduced to a three-step process: we were able to choose from over 120 URL categories and applied HTTP and HTTPS filtering, and on completion a new firewall rule was generated for us.

Gateway antivirus and WatchGuard's spamBlocker services are just as easy to set up. For the latter, you can apply actions to tag dodgy emails as spam, suspect or bulk. Once gateway AV is enabled, you can use the APT blocker service that transparently scans incoming files, creates MD5 hashes and compares them with the Lastline cloud service to see if they're known malware.

A nice touch in the web console is the padlock symbol at the top of each screen to prevent accidental changes. This must be unlocked by clicking on it before the appliance will accept any configuration changes.

The T70 doesn't have integral wireless services, but it can manage WatchGuard's own APs. We paired an AP200 with the T70 and were able to assign SSIDs to its dual radios, enforce client isolation for guest networks, and choose which security services to apply to wireless traffic.

The T70 can also help maintain mobile security by querying the OS of connected Android and iOS devices and blocking access if they don't meet a minimum requirement. We tested this using an iPad loaded with the FireClient app: initially, the T70 blocked it for non-compliance, but we quickly realised that this was because only iOS 8 and 9 are accepted by default. As soon as we added iOS 10 in the policy, we were good to go.

Advertisement - Article continues below

One final feature worth noting is the Dimension monitoring system. This provides a wealth of information, including an executive dashboard, global threat maps and security service graphs. Businesses with multiple Fireboxes can take advantage of the Dimension Command feature - included in the Total Security Suite - which centralises appliance management in one place, as well as adding tabs for mobile devices and wireless APs.

High-performing UTM appliances usually come with a price premium, so the Firebox T70 stands well apart from the crowd. It offers SMBs a wealth of security measures, teamed with a super set of remote-management tools, at an extremely competitive price.

This review originally appeared in PC Pro issue 268.


High-performing UTM appliances usually come with a price premium, so the Firebox T70 stands well apart from the crowd. It offers SMBs a wealth of security measures, teamed with a super set of remote-management tools, at an extremely competitive price.

Desktop chassis 2GB RAM 8 x Gigabit Ethernet (PoE on ports 6 & 7) 2 x USB 2 RJ-45 serial port External PSU Web browser management Options: Appliance with 3yr Total Security Suite, £3,977 exc VAT

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020