WatchGuard Firebox T30-W review
Affordable and packed to the gills with gateway security measures – a top choice for SMBs
SMEs that want an on-premises network security solution will find WatchGuard's Firebox T30-W a great choice that won't be beaten for features and value. This tomato-red desktop box delivers every gateway security service they could possibly need and the icing on the cake is its integral wireless 11ac dual-band AP and wireless gateway controller for WatchGuard's own APs.
Prices start at only 942 which gets you the appliance and a one-year Security Suite subscription. This activates anti-virus, anti-spam, web content filtering, IPS, HTTPS inspection, application controls and WatchGuard's reputation enabled defence.
A one-year Total Security Suite subscription costs 1,323 and adds Watchguard's data leak prevention (DLP) and advanced persistent threat (APT) blocker services. Don't worry about deployment either as both suites includes a free remote setup and configuration session with a WatchGuard in-house engineer.
There's more, as WatchGuard's latest FireWare software adds geolocation, which allows traffic to or from specific countries to be blocked. The new threat detection and response (TDR) cloud subscription service uses locally installed host sensors to collect forensics data and provide policy-based endpoint protection for Windows servers and desktops.
The T30-W has five Gigabit ports for LAN, WAN and DMZ duties with the fourth LAN port PoE enabled. Performance looks good too, as the appliance claims top firewall and UTM throughputs of 620Mbits/sec and 135Mbits/sec.
Installation is swift, as the appliance's web browser wizard handed us secure internet access in five minutes. It also enabled the mixed routing mode where all ports appear as separate interfaces allowing different security policies to be applied to network segments.
WatchGuard uses proxies to control various traffic types and includes ones for HTTP, HTTPS, FTP, DNS, SIP, H.323, POP3 and SMTP. These are also much easier to set up now, as wizards guided us through configuring each proxy and applying actions.
For web content filtering, we chose from over 120 URL categories, added blocking actions for HTTP and HTTPS traffic and let the wizard create a firewall rule for our new policy. Gateway anti-virus is enforced simply by enabling it on selected proxies while the spamBlocker anti-spam measures use POP3 proxy actions to transparently scan traffic and tag qualifying emails as spam, suspect and bulk.
The spamBlocker service doesn't provide quarantining services so we needed to create email client rules to decide how to handle tagged messages. We could also scan traffic inbound to an internal mail server with an SMTP proxy action set to use the server's IP address.
The geolocation feature provides a global real-time map showing where traffic is emanating from or going to and blocking it is swift as you just click on the country area to turn it red. Controlling app usage doesn't get any easier either as the appliance has entries for over 1,800 including all popular social networks.
VPN services are excellent as the T30-W supports site-to-site IPsec tunnels plus mobile IPsec, PPTP and L2TP clients along with SSL VPNs. For mobile IPsec VPNs, the appliance creates a configuration file which provides quick setup of Watchguard's Windows, iOS and Android clients as well as the Shrew Soft VPN client.
Value gets even better as, unlike some appliance vendors, WatchGuard doesn't sting you for reporting software. On-appliance reporting includes the handy FireWatch feature and we use WatchGuard's free Dimension software on our VMware host to monitor and report on multiple Fireboxes.
Small and medium-sized businesses looking for seriously strong network protection at an affordable price will find WatchGuard's Firebox T30-W ticks all the boxes. It has all the best security features, can be customized to suit and is very easy to deploy.
Small and medium-sized businesses looking for seriously strong network protection at an affordable price will find WatchGuard’s Firebox T30-W ticks all the boxes. It has all the best security features, can be customized to suit and is very easy to deploy.
Desktop chassis; 1GB RAM; 5 x Gigabit (PoE on LAN port 4); 2 x USB 2, RJ-45 serial port, external PSU; web browser and Dimension management
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now