WatchGuard Firebox T20-W review: Superb all-in-one protection
A versatile appliance that delivers super security for both wired and wireless networks at a great price
WatchGuard’s Firebox T20-W is a compact, silent tabletop UTM appliance that will appeal to small businesses – and to larger organisations seeking easily managed protection for remote sites.
The price above includes a year’s subscription to WatchGuard’s Total Security Suite, which enables a broad selection of security measures: these include antivirus, anti-spam, web filtering, application controls, botnet detection, intrusion prevention, DNSWatch, an advanced persistent threat blocker – plus WatchGuard’s RED (Reputation Enabled Defense) service for tighter web security. Alongside its four Gigabit LAN ports, the unit even includes a Wi-Fi gateway that can broadcast its own 802.11ac services or provision other WatchGuard access points.
While this is a great spread of features, it’s worth noting that the T20-W doesn’t support WatchGuard’s IntelligentAV AI-based malware scanner, nor does it perform deep packet inspection of HTTPS traffic, as these functions are too demanding for the appliance’s dual-core CPU. The wireless gateway isn’t quite state-of-the-art, either: it’s limited to Wave 1 standards, and can work on either the 2.4GHz or 5GHz radio bands, but not both at once.
Still, local deployment is swift and easy. A Gold Support contract entitles you to a remote setup session with a WatchGuard in-house engineer, but we didn’t see much need for this, as the web-based quick-start wizard walked us clearly through the process of securing administrative access, configuring the firewall and applying a base set of security policies. For remote sites, a nifty zero-touch deployment option allows newly registered appliances to automatically pick up preconfigured settings from the internet and apply them with no user intervention required.
Once you’re up and running, network traffic is handled by a suite of protocol-specific proxies, including HTTP, HTTPS, FTP, SIP, POP3 and SMTP, each of which has its own setup wizard. The APT service checks incoming files with the Lastline cloud service to see if they’re known malware, while the gateway antivirus component automatically blocks or drops infected content. Anti-spam policies are just as easy to configure: once you enable monitoring of SMTP, IMAP or POP3 traffic, junk messages get a tag inserted in their subject line.
Then there’s WatchGuard’s Application Controls service, which lets you approve or block a huge range of predefined apps and services, with 12 policies available for Facebook alone. It’s partnered by the WebBlocker service, which recognises 130 URL categories and has an optional password feature that lets privileged users bypass the blocks. For even more fine-grained control, the T20-W’s wireless services can be presented as three separate virtual access points, each with its own encryption scheme, optional L2 isolation, DHCP settings and firewall policies.
The T20-W’s local web console makes this all a breeze to configure, but the appliance can alternatively be administered using WatchGuard’s Dimension software, which is freely available for Hyper-V and VMware hosts. An update later this year will allow you to configure the appliance via your WatchGuard Cloud account too, and this portal can already be used to monitor security services, detected threats and performance.
The WatchGuard Firebox T20-W crams a great set of security services into a neat and affordable little box. With a superb set of deployment and management options, it’s perfect for small businesses seeking all-in-one protection, and for larger companies looking to keep their remote workers secure.
WatchGuard Firebox T20-W specifications
Fanless desktop chassis
Dual-core 1GHz NXP LS1023A CPU
2GB DDR4 ECC
5 x Gigabit Ethernet (WAN, 4 x LAN), 2.4/5GHz 802.11ac Wave 1 wireless
2 x USB 2, RJ-45 serial port
Web browser and cloud management
217 x 206 x 44mm (WDH)
Humility in AI: Building trustworthy and ethical AI systems
How humble AI can help safeguard your businessDownload now
Future of video conferencing
Optimising video conferencing features to achieve business goalsDownload now
Leadership compass: Privileged Access Management
Securing privileged accounts in a high-risk environmentDownload now
Why you need to include the cloud in your disaster recovery plan
Preserving data for business successDownload now