WatchGuard Firebox T70 review

With top performance and features, the Firebox T70 is an enterprise-class security appliance at an SMB price

IT Pro Value
  • Tremendous value; Enterprise-grade features.
  • OS identification can be hit and miss;

WatchGuard's Firebox T70 could be the perfect security solution for bandwidth-hungry workforces, thanks to the highest performance we've seen in a desktop appliance. This desktop box claims a remarkable 4Gbits/sec raw firewall throughput; even with all UTM services enabled, it can still handle more than 1Gbit/sec.

Even better, this exceptional performance comes at a very reasonable price: the appliance costs only 2,178 exc VAT, with a one-year subscription to WatchGuard's Total Security Suite. That compares favourably to the competition: SonicWALL's NSA 3600, for example, has a lower 3.4Gbits/sec raw firewall throughput, and the hardware alone costs over three grand.

The Total Security Suite lives up to its name, too. It activates WatchGuard's web-content filtering features, plus application controls, anti-spam, gateway antivirus, network discovery, IPS, reputation-enabled defence, data loss prevention (DLP) and an advanced persistent threat (APT) blocker. A Gold Support subscription is included as well.

The T70 isn't lacking in the hardware department, either. It sports eight Gigabit ports for LAN, WAN and DMZ duties - and the sixth and seventh LAN ports are PoE-enabled, so you can easily add wireless APs or IP cameras.

Advertisement - Article continues below

When it came to deployment, the network discovery tool automatically scanned our lab network, and after around 30 minutes presented us with a list of all systems. Any new systems that we subsequently placed on the network appeared in the list after a few seconds. Our only niggle is that the OS identification isn't perfect: a Windows Server 2012 R2 system was wrongly identified as running Windows 8 or 8.1.

Setting up firewall-protected internet access took less than five minutes, thanks to a helpful wizard. Traffic is handled by a variety of different dedicated proxies - including HTTP, HTTPS, FTP, SIP, POP3 and SMTP - and these too can be configured with wizards. Web content filtering is thus reduced to a three-step process: we were able to choose from over 120 URL categories and applied HTTP and HTTPS filtering, and on completion a new firewall rule was generated for us.

Gateway antivirus and WatchGuard's spamBlocker services are just as easy to set up. For the latter, you can apply actions to tag dodgy emails as spam, suspect or bulk. Once gateway AV is enabled, you can use the APT blocker service that transparently scans incoming files, creates MD5 hashes and compares them with the Lastline cloud service to see if they're known malware.

A nice touch in the web console is the padlock symbol at the top of each screen to prevent accidental changes. This must be unlocked by clicking on it before the appliance will accept any configuration changes.

The T70 doesn't have integral wireless services, but it can manage WatchGuard's own APs. We paired an AP200 with the T70 and were able to assign SSIDs to its dual radios, enforce client isolation for guest networks, and choose which security services to apply to wireless traffic.

The T70 can also help maintain mobile security by querying the OS of connected Android and iOS devices and blocking access if they don't meet a minimum requirement. We tested this using an iPad loaded with the FireClient app: initially, the T70 blocked it for non-compliance, but we quickly realised that this was because only iOS 8 and 9 are accepted by default. As soon as we added iOS 10 in the policy, we were good to go.

One final feature worth noting is the Dimension monitoring system. This provides a wealth of information, including an executive dashboard, global threat maps and security service graphs. Businesses with multiple Fireboxes can take advantage of the Dimension Command feature - included in the Total Security Suite - which centralises appliance management in one place, as well as adding tabs for mobile devices and wireless APs.

High-performing UTM appliances usually come with a price premium, so the Firebox T70 stands well apart from the crowd. It offers SMBs a wealth of security measures, teamed with a super set of remote-management tools, at an extremely competitive price.

This review originally appeared in PC Pro issue 268.


High-performing UTM appliances usually come with a price premium, so the Firebox T70 stands well apart from the crowd. It offers SMBs a wealth of security measures, teamed with a super set of remote-management tools, at an extremely competitive price.

Advertisement - Article continues below

Desktop chassis 2GB RAM 8 x Gigabit Ethernet (PoE on ports 6 & 7) 2 x USB 2 RJ-45 serial port External PSU Web browser management Options: Appliance with 3yr Total Security Suite, £3,977 exc VAT

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now

Most Popular

Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019