WatchGuard Firebox T70 review: Compact but capable

Top performance and a great set of security and management options

Editor's Choice
Price
£2,366 exc VAT (inc. 1yr Total Security Suite)
  • High-speed HTTPS deep packet inspection
  • Simple, speedy setup
  • Heaps of security features
  • Cloud-based configuration not currently supported

Gateway security often involves a performance trade-off, but WatchGuard’s Firebox T70 is designed for SMBs who aren’t willing to compromise. It’s the vendor’s first appliance built on an Intel CPU, which enables it to deliver high-speed deep packet inspection of HTTPS traffic – something many rival appliances struggle with.

Indeed, the T70’s numbers are impressive across the board. It claims a raw firewall throughput of 4Gbits/sec, and a remarkable 1.1Gbits/sec with all UTM services enabled. You don’t have to pay a steep premium for this performance either: the appliance costs a competitive £2,366 exc VAT, including a one-year subscription to WatchGuard’s Total Security Suite.

That subscription unleashes a wealth of security measures. Along with the aforementioned DPI, you get gateway antivirus, anti-spam, web-content filtering, application controls, network discovery, IPS, data-loss prevention and an advanced persistent threat (APT) blocker. Web security is bolstered by WatchGuard’s Reputation Enabled Defense service, and the included Gold Support provides a free remote setup session with a WatchGuard engineer. 

To be honest, though, we had no problem getting set up on our own. The appliance’s web console took us through the initial setup procedure, which involved securing admin access, enabling firewall-protected internet access and applying a base set of security policies. 

Additional wizards are then on hand to help you set up the various proxies that manage HTTP, HTTPS, FTP, SIP, POP3 and SMTP traffic. It’s notably easy to set up web-content filtering: WatchGuard offers 130 URL categories to choose from, and you can simply pick those you want to block. Similarly, the T70’s application control module can manage access to hundreds of predefined apps, so it’s a piece of cake to control what’s allowed in the workplace.

Gateway AV scanning is enabled on selected proxies too, and alongside basic malware detection, the IntelligentAV feature uses the Cylance AI-based engine to analyse files such as Office documents and PDFs. For anti-spam services, all you need to do is select whether you want to inspect SMTP, IMAP or POP3 traffic, and whether spam messages should be blocked or merely tagged. The APT service, meanwhile, generates hashes of inbound files and checks them with the Lastline cloud service to see if they match the signatures of any known threats. 

Finally, that fast deep packet inspection feature we mentioned is enabled within the HTTPS proxy action. Here you just need to choose the domain names and WebBlocker categories you want it to inspect, then import the predefined proxy authority certificate to your computers. 

One feature the T70 lacks is Wi-Fi services, but it can centrally manage other WatchGuard APs, pushing out wireless settings and applying security policies to their traffic. It can even power your APs, as PoE+ is provided on the sixth and seventh Ethernet ports.

And the T70 is ideal for those who like the idea of multiple-choice management, as you can use either its local web console or WatchGuard’s Dimension management platform (which we run in a Hyper-V VM in our lab). It’s also possible to link the T70 to a WatchGuard Cloud account, allowing you to remotely check on security services, detected threats and appliance performance; proper cloud-based configuration isn’t supported, but it’s promised soon.

If you’re seeking tough perimeter security that won’t slow down your network, the Firebox T70 is a superb choice. It’s easy to deploy and manage, it’s loaded with features and it’s powerful enough to cope with high demand.

WatchGuard Firebox T70 specifications

Chassis

Desktop chassis (fanless)

CPU

1.6GHz Intel Celeron N3160 CPU

Memory

2GB RAM

Storage included

16GB SSD

Network

8 x Gigabit Ethernet (PoE+ on ports 6 & 7)

Other ports

2 x USB 2, RJ-45 serial port

Management

Web, Dimension and cloud management

Dimensions (WDH)

233 x 206 x 48mm

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

Sophos XG 135w Rev. 3 review: The full package
unified threat management (UTM)

Sophos XG 135w Rev. 3 review: The full package

25 Feb 2020
Zyxel NSG200 review: A fine spread of features
unified threat management (UTM)

Zyxel NSG200 review: A fine spread of features

21 Feb 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Google takes on Zoom with launch of Meet hardware
video conferencing

Google takes on Zoom with launch of Meet hardware

16 Sep 2020