IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

WatchGuard Firebox T20-W review: Superb all-in-one protection

A versatile appliance that delivers super security for both wired and wireless networks at a great price

Editor's Choice
£720 exc VAT (Appliance with 1yr Total Security Suite)
  • Swift setup
  • Strong value
  • Solid feature-set
  • No AI-based malware scanning or deep packet analysis

WatchGuard’s Firebox T20-W is a compact, silent tabletop UTM appliance that will appeal to small businesses – and to larger organisations seeking easily managed protection for remote sites. 

The price above includes a year’s subscription to WatchGuard’s Total Security Suite, which enables a broad selection of security measures: these include antivirus, anti-spam, web filtering, application controls, botnet detection, intrusion prevention, DNSWatch, an advanced persistent threat blocker – plus WatchGuard’s RED (Reputation Enabled Defense) service for tighter web security. Alongside its four Gigabit LAN ports, the unit even includes a Wi-Fi gateway that can broadcast its own 802.11ac services or provision other WatchGuard access points. 

While this is a great spread of features, it’s worth noting that the T20-W doesn’t support WatchGuard’s IntelligentAV AI-based malware scanner, nor does it perform deep packet inspection of HTTPS traffic, as these functions are too demanding for the appliance’s dual-core CPU. The wireless gateway isn’t quite state-of-the-art, either: it’s limited to Wave 1 standards, and can work on either the 2.4GHz or 5GHz radio bands, but not both at once.

Still, local deployment is swift and easy. A Gold Support contract entitles you to a remote setup session with a WatchGuard in-house engineer, but we didn’t see much need for this, as the web-based quick-start wizard walked us clearly through the process of securing administrative access, configuring the firewall and applying a base set of security policies. For remote sites, a nifty zero-touch deployment option allows newly registered appliances to automatically pick up preconfigured settings from the internet and apply them with no user intervention required.

Once you’re up and running, network traffic is handled by a suite of protocol-specific proxies, including HTTP, HTTPS, FTP, SIP, POP3 and SMTP, each of which has its own setup wizard. The APT service checks incoming files with the Lastline cloud service to see if they’re known malware, while the gateway antivirus component automatically blocks or drops infected content. Anti-spam policies are just as easy to configure: once you enable monitoring of SMTP, IMAP or POP3 traffic, junk messages get a tag inserted in their subject line. 

Then there’s WatchGuard’s Application Controls service, which lets you approve or block a huge range of predefined apps and services, with 12 policies available for Facebook alone. It’s partnered by the WebBlocker service, which recognises 130 URL categories and has an optional password feature that lets privileged users bypass the blocks. For even more fine-grained control, the T20-W’s wireless services can be presented as three separate virtual access points, each with its own encryption scheme, optional L2 isolation, DHCP settings and firewall policies.

The T20-W’s local web console makes this all a breeze to configure, but the appliance can alternatively be administered using WatchGuard’s Dimension software, which is freely available for Hyper-V and VMware hosts. An update later this year will allow you to configure the appliance via your WatchGuard Cloud account too, and this portal can already be used to monitor security services, detected threats and performance.

The WatchGuard Firebox T20-W crams a great set of security services into a neat and affordable little box. With a superb set of deployment and management options, it’s perfect for small businesses seeking all-in-one protection, and for larger companies looking to keep their remote workers secure. 

WatchGuard Firebox T20-W specifications


Fanless desktop chassis


Dual-core 1GHz NXP LS1023A CPU



Storage included



5 x Gigabit Ethernet (WAN, 4 x LAN), 2.4/5GHz 802.11ac Wave 1 wireless

Other ports

2 x USB 2, RJ-45 serial port  


Web browser and cloud management

Dimensions (WDH)

217 x 206 x 44mm (WDH)



Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Researchers demonstrate how to install malware on iPhone after it's switched off

Researchers demonstrate how to install malware on iPhone after it's switched off

18 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022