WatchGuard Firebox T20-W review: Superb all-in-one protection

A versatile appliance that delivers super security for both wired and wireless networks at a great price

Editor's Choice
Price
£720 exc VAT (Appliance with 1yr Total Security Suite)
  • Swift setup
  • Strong value
  • Solid feature-set
  • No AI-based malware scanning or deep packet analysis

WatchGuard’s Firebox T20-W is a compact, silent tabletop UTM appliance that will appeal to small businesses – and to larger organisations seeking easily managed protection for remote sites. 

The price above includes a year’s subscription to WatchGuard’s Total Security Suite, which enables a broad selection of security measures: these include antivirus, anti-spam, web filtering, application controls, botnet detection, intrusion prevention, DNSWatch, an advanced persistent threat blocker – plus WatchGuard’s RED (Reputation Enabled Defense) service for tighter web security. Alongside its four Gigabit LAN ports, the unit even includes a Wi-Fi gateway that can broadcast its own 802.11ac services or provision other WatchGuard access points. 

While this is a great spread of features, it’s worth noting that the T20-W doesn’t support WatchGuard’s IntelligentAV AI-based malware scanner, nor does it perform deep packet inspection of HTTPS traffic, as these functions are too demanding for the appliance’s dual-core CPU. The wireless gateway isn’t quite state-of-the-art, either: it’s limited to Wave 1 standards, and can work on either the 2.4GHz or 5GHz radio bands, but not both at once.

Still, local deployment is swift and easy. A Gold Support contract entitles you to a remote setup session with a WatchGuard in-house engineer, but we didn’t see much need for this, as the web-based quick-start wizard walked us clearly through the process of securing administrative access, configuring the firewall and applying a base set of security policies. For remote sites, a nifty zero-touch deployment option allows newly registered appliances to automatically pick up preconfigured settings from the internet and apply them with no user intervention required.

Once you’re up and running, network traffic is handled by a suite of protocol-specific proxies, including HTTP, HTTPS, FTP, SIP, POP3 and SMTP, each of which has its own setup wizard. The APT service checks incoming files with the Lastline cloud service to see if they’re known malware, while the gateway antivirus component automatically blocks or drops infected content. Anti-spam policies are just as easy to configure: once you enable monitoring of SMTP, IMAP or POP3 traffic, junk messages get a tag inserted in their subject line. 

Then there’s WatchGuard’s Application Controls service, which lets you approve or block a huge range of predefined apps and services, with 12 policies available for Facebook alone. It’s partnered by the WebBlocker service, which recognises 130 URL categories and has an optional password feature that lets privileged users bypass the blocks. For even more fine-grained control, the T20-W’s wireless services can be presented as three separate virtual access points, each with its own encryption scheme, optional L2 isolation, DHCP settings and firewall policies.

The T20-W’s local web console makes this all a breeze to configure, but the appliance can alternatively be administered using WatchGuard’s Dimension software, which is freely available for Hyper-V and VMware hosts. An update later this year will allow you to configure the appliance via your WatchGuard Cloud account too, and this portal can already be used to monitor security services, detected threats and performance.

The WatchGuard Firebox T20-W crams a great set of security services into a neat and affordable little box. With a superb set of deployment and management options, it’s perfect for small businesses seeking all-in-one protection, and for larger companies looking to keep their remote workers secure. 

WatchGuard Firebox T20-W specifications

Chassis

Fanless desktop chassis

CPU

Dual-core 1GHz NXP LS1023A CPU

Memory

2GB DDR4 ECC

Storage included

4GB eMMC

Network

5 x Gigabit Ethernet (WAN, 4 x LAN), 2.4/5GHz 802.11ac Wave 1 wireless

Other ports

2 x USB 2, RJ-45 serial port  

Management

Web browser and cloud management

Dimensions (WDH)

217 x 206 x 44mm (WDH)

Weight

0.9kg

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Most Popular

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020