WatchGuard Firebox T30-W review

Affordable and packed to the gills with gateway security measures – a top choice for SMBs

Editor's Choice
Price
£942
  • Extremely simple deployment; Excellent security; Good value
  • spamBlocker doesn't offer quarantining

SMEs that want an on-premises network security solution will find WatchGuard's Firebox T30-W a great choice that won't be beaten for features and value. This tomato-red desktop box delivers every gateway security service they could possibly need and the icing on the cake is its integral wireless 11ac dual-band AP and wireless gateway controller for WatchGuard's own APs.

Prices start at only 942 which gets you the appliance and a one-year Security Suite subscription. This activates anti-virus, anti-spam, web content filtering, IPS, HTTPS inspection, application controls and WatchGuard's reputation enabled defence.

A one-year Total Security Suite subscription costs 1,323 and adds Watchguard's data leak prevention (DLP) and advanced persistent threat (APT) blocker services. Don't worry about deployment either as both suites includes a free remote setup and configuration session with a WatchGuard in-house engineer.

There's more, as WatchGuard's latest FireWare software adds geolocation, which allows traffic to or from specific countries to be blocked. The new threat detection and response (TDR) cloud subscription service uses locally installed host sensors to collect forensics data and provide policy-based endpoint protection for Windows servers and desktops.

The T30-W has five Gigabit ports for LAN, WAN and DMZ duties with the fourth LAN port PoE enabled. Performance looks good too, as the appliance claims top firewall and UTM throughputs of 620Mbits/sec and 135Mbits/sec.

Installation is swift, as the appliance's web browser wizard handed us secure internet access in five minutes. It also enabled the mixed routing mode where all ports appear as separate interfaces allowing different security policies to be applied to network segments.

WatchGuard uses proxies to control various traffic types and includes ones for HTTP, HTTPS, FTP, DNS, SIP, H.323, POP3 and SMTP. These are also much easier to set up now, as wizards guided us through configuring each proxy and applying actions.

For web content filtering, we chose from over 120 URL categories, added blocking actions for HTTP and HTTPS traffic and let the wizard create a firewall rule for our new policy. Gateway anti-virus is enforced simply by enabling it on selected proxies while the spamBlocker anti-spam measures use POP3 proxy actions to transparently scan traffic and tag qualifying emails as spam, suspect and bulk.

The spamBlocker service doesn't provide quarantining services so we needed to create email client rules to decide how to handle tagged messages. We could also scan traffic inbound to an internal mail server with an SMTP proxy action set to use the server's IP address.

The geolocation feature provides a global real-time map showing where traffic is emanating from or going to and blocking it is swift as you just click on the country area to turn it red. Controlling app usage doesn't get any easier either as the appliance has entries for over 1,800 including all popular social networks.

VPN services are excellent as the T30-W supports site-to-site IPsec tunnels plus mobile IPsec, PPTP and L2TP clients along with SSL VPNs. For mobile IPsec VPNs, the appliance creates a configuration file which provides quick setup of Watchguard's Windows, iOS and Android clients as well as the Shrew Soft VPN client.

Value gets even better as, unlike some appliance vendors, WatchGuard doesn't sting you for reporting software. On-appliance reporting includes the handy FireWatch feature and we use WatchGuard's free Dimension software on our VMware host to monitor and report on multiple Fireboxes.

Small and medium-sized businesses looking for seriously strong network protection at an affordable price will find WatchGuard's Firebox T30-W ticks all the boxes. It has all the best security features, can be customized to suit and is very easy to deploy.

Verdict

Small and medium-sized businesses looking for seriously strong network protection at an affordable price will find WatchGuard’s Firebox T30-W ticks all the boxes. It has all the best security features, can be customized to suit and is very easy to deploy.

Desktop chassis; 1GB RAM; 5 x Gigabit (PoE on LAN port 4); 2 x USB 2, RJ-45 serial port, external PSU; web browser and Dimension management

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Lookout reveals mobile-first endpoint detection and response solution
Security

Lookout reveals mobile-first endpoint detection and response solution

21 Oct 2020
Cisco finds an increase in security concerns due to remote working
Security

Cisco finds an increase in security concerns due to remote working

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020
'Robin Hood' hackers donate stolen Bitcoin to charity
ransomware

'Robin Hood' hackers donate stolen Bitcoin to charity

21 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020