WatchGuard Firebox M200 review
A high-performance security appliance delivering enterprise-grade protection at an SMB-friendly price
Premium security appliances don't have to be expensive. WatchGuard's Firebox M200 has a raw firewall throughput of 3.2Gbits/sec, eight Gigabit Ethernet ports and the same features as WatchGuard's Enterprise unified threat management appliances for only 2,548, excluding VAT. Along with a standard SPI firewall and support for IPsec and SSL VPNs, you get IPS, web filtering, anti-spam, Gateway AntiVirus and WatchGuard's reputation-enabled defence.
The M200 is a doddle to deploy we had secure internet access for our LAN users in less than ten minutes. It defaults to mixed routing mode, allowing us to configure its ports as separate interfaces, with their own IP address and DHCP services. This meant we could give each network segment its own firewall policy, designating them as "external", "trusted", "optional" or "custom". We gave each one a unique alias to use as network sources and destinations in the policies.
Proxies control HTTP, HTTPS, FTP, SIP, H.323, POP3 and SMTP traffic. These can be fiddly to set up, but the firmware helps, providing wizards for first-time configuration to clone predefined proxy actions and apply them to the security policy. You can choose on which proxies to enable Gateway AntiVirus, and set the M200
to decompress and scan archives. The optional advanced persistent threat (APT) blocker service costs an extra 845 for three years and applies to the HTTP, FTP and SMTP proxies. It scans incoming files for malware by checking their MD5 hashes against the Lastline cloud service. The data-leak prevention (DLP) module is also worth considering, at 411 for three years. Applied to the HTTP, FTP and SMTP proxies, it blocks data such as credit card numbers from being transmitted.
The anti-spam wizard helped set up a policy to tag spam, suspect and bulk messages, and the transparent POP3 proxy meant there was no need to define internal mail servers. The WebBlocker filtering service has 130 website categories, allowing you to block or permit each one. The v11.9.6 firmware adds additional social networking categories and tweaks performance. The latest v11.10 upgrade isn't available for the M200, so you don't get the new web interface sported by WatchGuard's bigger boxes.
The M200 is recommended for networks of up to 60 users and gave a decent performance in our tests. With the appliance hooked up to the lab's Ixia Xcellon-Ultra NP load modules, the IxLoad control software reported a steady throughput of 1.2Gbits/sec for a basic HTTP packet filter policy, dropping to 700Mbits/sec with IPS enabled. HTTP proxies have higher performance overheads, meaning the speed settled at 510Mbits/sec. Enabling IPS and GateWay AntiVirus saw this fall to 340Mbits/sec slower than WatchGuard claims, but still good.
WatchGuard also includes freeDimension software. Offered as a Hyper-V or VMware VM, it monitors multiple appliances' traffic and user activity. Testing the VMware version was easy: we simply pointed the M200's Log Server service at the VM. Dashboards provide drill-down graphs, the Policy Map shows real-time traffic flows and the Threat Map shows where a threat came from.
We were unable to reach WatchGuard's speed claims in our real-world tests, but the Firebox M200 has a persuasive range of security features. It's ideally suited to SMBs that want the same network security as enterprises at a sensible price.
This review first appeared in PC Pro magazine issue 253
The Watchguard Firebox M200 is a fantastic choice for SMBs looking for professional security at a reasonable price.
1U rack chassis
Quad-core 1.4GHz Freescale CPU
2GB DDR3 RAM
8 x Gigabit Ethernet
2 x USB 2
System Manager and Dimension software
Hardware replacement warranty included