WatchGuard Firebox T70 review

With top performance and features, the Firebox T70 is an enterprise-class security appliance at an SMB price

IT Pro Value
  • Tremendous value; Enterprise-grade features.
  • OS identification can be hit and miss;

WatchGuard's Firebox T70 could be the perfect security solution for bandwidth-hungry workforces, thanks to the highest performance we've seen in a desktop appliance. This desktop box claims a remarkable 4Gbits/sec raw firewall throughput; even with all UTM services enabled, it can still handle more than 1Gbit/sec.

Even better, this exceptional performance comes at a very reasonable price: the appliance costs only 2,178 exc VAT, with a one-year subscription to WatchGuard's Total Security Suite. That compares favourably to the competition: SonicWALL's NSA 3600, for example, has a lower 3.4Gbits/sec raw firewall throughput, and the hardware alone costs over three grand.

Advertisement - Article continues below

The Total Security Suite lives up to its name, too. It activates WatchGuard's web-content filtering features, plus application controls, anti-spam, gateway antivirus, network discovery, IPS, reputation-enabled defence, data loss prevention (DLP) and an advanced persistent threat (APT) blocker. A Gold Support subscription is included as well.

The T70 isn't lacking in the hardware department, either. It sports eight Gigabit ports for LAN, WAN and DMZ duties - and the sixth and seventh LAN ports are PoE-enabled, so you can easily add wireless APs or IP cameras.

When it came to deployment, the network discovery tool automatically scanned our lab network, and after around 30 minutes presented us with a list of all systems. Any new systems that we subsequently placed on the network appeared in the list after a few seconds. Our only niggle is that the OS identification isn't perfect: a Windows Server 2012 R2 system was wrongly identified as running Windows 8 or 8.1.

Advertisement - Article continues below
Advertisement - Article continues below

Setting up firewall-protected internet access took less than five minutes, thanks to a helpful wizard. Traffic is handled by a variety of different dedicated proxies - including HTTP, HTTPS, FTP, SIP, POP3 and SMTP - and these too can be configured with wizards. Web content filtering is thus reduced to a three-step process: we were able to choose from over 120 URL categories and applied HTTP and HTTPS filtering, and on completion a new firewall rule was generated for us.

Gateway antivirus and WatchGuard's spamBlocker services are just as easy to set up. For the latter, you can apply actions to tag dodgy emails as spam, suspect or bulk. Once gateway AV is enabled, you can use the APT blocker service that transparently scans incoming files, creates MD5 hashes and compares them with the Lastline cloud service to see if they're known malware.

A nice touch in the web console is the padlock symbol at the top of each screen to prevent accidental changes. This must be unlocked by clicking on it before the appliance will accept any configuration changes.

Advertisement - Article continues below

The T70 doesn't have integral wireless services, but it can manage WatchGuard's own APs. We paired an AP200 with the T70 and were able to assign SSIDs to its dual radios, enforce client isolation for guest networks, and choose which security services to apply to wireless traffic.

The T70 can also help maintain mobile security by querying the OS of connected Android and iOS devices and blocking access if they don't meet a minimum requirement. We tested this using an iPad loaded with the FireClient app: initially, the T70 blocked it for non-compliance, but we quickly realised that this was because only iOS 8 and 9 are accepted by default. As soon as we added iOS 10 in the policy, we were good to go.

One final feature worth noting is the Dimension monitoring system. This provides a wealth of information, including an executive dashboard, global threat maps and security service graphs. Businesses with multiple Fireboxes can take advantage of the Dimension Command feature - included in the Total Security Suite - which centralises appliance management in one place, as well as adding tabs for mobile devices and wireless APs.

Advertisement - Article continues below

High-performing UTM appliances usually come with a price premium, so the Firebox T70 stands well apart from the crowd. It offers SMBs a wealth of security measures, teamed with a super set of remote-management tools, at an extremely competitive price.

This review originally appeared in PC Pro issue 268.


High-performing UTM appliances usually come with a price premium, so the Firebox T70 stands well apart from the crowd. It offers SMBs a wealth of security measures, teamed with a super set of remote-management tools, at an extremely competitive price.

Desktop chassis 2GB RAM 8 x Gigabit Ethernet (PoE on ports 6 & 7) 2 x USB 2 RJ-45 serial port External PSU Web browser management Options: Appliance with 3yr Total Security Suite, £3,977 exc VAT

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


unified threat management (UTM)

Sophos XG 135w Rev. 3 review: The full package

25 Feb 2020
unified threat management (UTM)

WatchGuard Firebox T70 review: Compact but capable

24 Feb 2020
unified threat management (UTM)

Zyxel NSG200 review: A fine spread of features

21 Feb 2020

Most Popular


The top ten password-cracking techniques used by hackers

5 May 2020

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
cloud computing

Microsoft launches public cloud service for health care

21 May 2020