WatchGuard Firebox T70 review: Compact but capable

Top performance and a great set of security and management options

Editor's Choice
Price
£2,366 exc VAT (inc. 1yr Total Security Suite)
  • High-speed HTTPS deep packet inspection
  • Simple, speedy setup
  • Heaps of security features
  • Cloud-based configuration not currently supported

Gateway security often involves a performance trade-off, but WatchGuard’s Firebox T70 is designed for SMBs who aren’t willing to compromise. It’s the vendor’s first appliance built on an Intel CPU, which enables it to deliver high-speed deep packet inspection of HTTPS traffic – something many rival appliances struggle with.

Indeed, the T70’s numbers are impressive across the board. It claims a raw firewall throughput of 4Gbits/sec, and a remarkable 1.1Gbits/sec with all UTM services enabled. You don’t have to pay a steep premium for this performance either: the appliance costs a competitive £2,366 exc VAT, including a one-year subscription to WatchGuard’s Total Security Suite.

That subscription unleashes a wealth of security measures. Along with the aforementioned DPI, you get gateway antivirus, anti-spam, web-content filtering, application controls, network discovery, IPS, data-loss prevention and an advanced persistent threat (APT) blocker. Web security is bolstered by WatchGuard’s Reputation Enabled Defense service, and the included Gold Support provides a free remote setup session with a WatchGuard engineer. 

To be honest, though, we had no problem getting set up on our own. The appliance’s web console took us through the initial setup procedure, which involved securing admin access, enabling firewall-protected internet access and applying a base set of security policies. 

Additional wizards are then on hand to help you set up the various proxies that manage HTTP, HTTPS, FTP, SIP, POP3 and SMTP traffic. It’s notably easy to set up web-content filtering: WatchGuard offers 130 URL categories to choose from, and you can simply pick those you want to block. Similarly, the T70’s application control module can manage access to hundreds of predefined apps, so it’s a piece of cake to control what’s allowed in the workplace.

Gateway AV scanning is enabled on selected proxies too, and alongside basic malware detection, the IntelligentAV feature uses the Cylance AI-based engine to analyse files such as Office documents and PDFs. For anti-spam services, all you need to do is select whether you want to inspect SMTP, IMAP or POP3 traffic, and whether spam messages should be blocked or merely tagged. The APT service, meanwhile, generates hashes of inbound files and checks them with the Lastline cloud service to see if they match the signatures of any known threats. 

Finally, that fast deep packet inspection feature we mentioned is enabled within the HTTPS proxy action. Here you just need to choose the domain names and WebBlocker categories you want it to inspect, then import the predefined proxy authority certificate to your computers. 

One feature the T70 lacks is Wi-Fi services, but it can centrally manage other WatchGuard APs, pushing out wireless settings and applying security policies to their traffic. It can even power your APs, as PoE+ is provided on the sixth and seventh Ethernet ports.

And the T70 is ideal for those who like the idea of multiple-choice management, as you can use either its local web console or WatchGuard’s Dimension management platform (which we run in a Hyper-V VM in our lab). It’s also possible to link the T70 to a WatchGuard Cloud account, allowing you to remotely check on security services, detected threats and appliance performance; proper cloud-based configuration isn’t supported, but it’s promised soon.

If you’re seeking tough perimeter security that won’t slow down your network, the Firebox T70 is a superb choice. It’s easy to deploy and manage, it’s loaded with features and it’s powerful enough to cope with high demand.

WatchGuard Firebox T70 specifications

Chassis

Desktop chassis (fanless)

CPU

1.6GHz Intel Celeron N3160 CPU

Memory

2GB RAM

Storage included

16GB SSD

Network

8 x Gigabit Ethernet (PoE+ on ports 6 & 7)

Other ports

2 x USB 2, RJ-45 serial port

Management

Web, Dimension and cloud management

Dimensions (WDH)

233 x 206 x 48mm

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
SonicWall warns of imminent ransomware campaign on VPN hardware
virtual private network (VPN)

SonicWall warns of imminent ransomware campaign on VPN hardware

16 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021
Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition
mergers and acquisitions

Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition

14 Sep 2021