WatchGuard Firebox M270 review: Top-notch security, rock-bottom price

A powerful security appliance that’s chock-full of tough protection measures and priced right for SMBs

Reviews
By Dave Mitchell
published

IT Pro Verdict

The Firebox M270 dispels the notion that high UTM performance has to come at a high price. It offers a persuasive range of security measures and is ideal for SMBs that want the same protection as enterprises but at price they can afford.

Pros

  • +

    Phenomenal value; Great management options; Strong range of security features

Cons

  • -

    None to speak of

Small and medium sized businesses (SMBs) are now the go-to place for cyber-criminals as they're seen as soft targets. They need to stiffen their network defenses and WatchGuard has the perfect solution: its Firebox M270 offers enterprise-class security and performance at a sensible price.

WatchGuard Firebox T15 review WatchGuard AP420 review WatchGuard Firebox T70 review

Recommended for businesses with around 60 users, this 1U rack appliance boasts a high raw firewall throughput of 4.9Gbits/sec. Enabling gateway AV drops this to 2.1Gbits/sec and activating all UTM services cuts this to a still very respectable 1.6Gbits/sec.

The price we've shown includes the appliance and a one--year subscription to every security feature you can imagine. It enables web content filtering, application controls, anti-spam, gateway AV, network discovery, IPS, data loss prevention (DLP), Dimension Command and an advanced persistent threat (APT) blocker.

There's more: you also get WatchGuard's RED (reputation enabled defence) service for even tougher web protection. A Gold Support subscription tops it all off nicely and this includes a free remote setup and configuration session with a WatchGuard in-house engineer.

Not that the M270 is difficult to deploy. Far from it, as its web console runs a wizard-based setup routine that creates a base set of firewall policies for securing internet access.

The M270 employs proxies to control different traffic types and each one loads a wizard the first time you access them. Web content filtering takes two minutes to configure, where we chose from 130 URL categories, added blocking actions for the HTTP and HTTPS proxies and watched the wizard add new firewall policy rules.

Gateway AV comes courtesy of the Bitdefender scanning engine and can be enabled on selected proxies. You now get double protection from malware as the new IntelligentAV feature in Fireware 12.2 uses the Cylance AI-based engine.

IntelligentAV doesn't rely on signatures, and scans files such as Office documents, Windows portable executables and PDFs after they've passed through the Bitdefender engine. It's activated with one click and automatically applied to all proxies that have gateway AV enabled.

The new DNSWatch service adds even more web protection by monitoring client DNS requests and blocking access to known malicious domains. It's another service that's easy to enable and can be applied to all or specific network ports on the appliance.

If you're worried about Facebook sneaking in to the workplace, the M270 has you covered. The Application Control service manages access to hundreds of predefined apps and its 11 entries for Facebook mean you can block all usage or fine-tune access and decide, for example, whether staff can chat, like, comment, edit profiles or transfer files.

Spam filtering is easy to apply; the spamBlocker wizard asked us to select incoming SMTP traffic and provide an internal mail server address or just activate IMAP or POP3. We chose the latter for transparent scanning where the POP3 proxy client was set to append the subject line of dubious messages with "Spam", "Bulk" or "Suspect" tags so we could filter them out using Outlook message rules.

The DLP service scans files and emails looking for keywords and can be applied to the HTTP, HTTPS, FTP and SMTP proxies. We created a DLP sensor looking for a group of phrases and when we tried to send Word documents containing these to our external FTP site, the service blocked the transfer.

The M270 is a great choice for securing large remote or branch offices as multiple appliances can be remotely managed in the cloud or via the free Dimension software. We run Dimension in the lab as a VMware VM and after adding the M270, we could view global threat maps, an executive dashboard and see activities for all its security services.

The Firebox M270 dispels the notion that high UTM performance has to come at a high price. It offers a persuasive range of security measures and is ideal for SMBs that want the same protection as enterprises but at price they can afford.

Verdict

The Firebox M270 dispels the notion that high UTM performance has to come at a high price. It offers a persuasive range of security measures and is ideal for SMBs that want the same protection as enterprises but at price they can afford.

1U rack appliance

4GB RAM

8 x Gigabit (WAN, 7 x LAN)

2 x USB 3

RJ-45 serial port

Web browser and Dimension management

Dave Mitchell
Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.