WatchGuard Firebox T20-W review: Superb all-in-one protection

A versatile appliance that delivers super security for both wired and wireless networks at a great price

Editor's Choice
Price
£720 exc VAT (Appliance with 1yr Total Security Suite)
  • Swift setup
  • Strong value
  • Solid feature-set
  • No AI-based malware scanning or deep packet analysis

WatchGuard’s Firebox T20-W is a compact, silent tabletop UTM appliance that will appeal to small businesses – and to larger organisations seeking easily managed protection for remote sites. 

The price above includes a year’s subscription to WatchGuard’s Total Security Suite, which enables a broad selection of security measures: these include antivirus, anti-spam, web filtering, application controls, botnet detection, intrusion prevention, DNSWatch, an advanced persistent threat blocker – plus WatchGuard’s RED (Reputation Enabled Defense) service for tighter web security. Alongside its four Gigabit LAN ports, the unit even includes a Wi-Fi gateway that can broadcast its own 802.11ac services or provision other WatchGuard access points. 

While this is a great spread of features, it’s worth noting that the T20-W doesn’t support WatchGuard’s IntelligentAV AI-based malware scanner, nor does it perform deep packet inspection of HTTPS traffic, as these functions are too demanding for the appliance’s dual-core CPU. The wireless gateway isn’t quite state-of-the-art, either: it’s limited to Wave 1 standards, and can work on either the 2.4GHz or 5GHz radio bands, but not both at once.

Still, local deployment is swift and easy. A Gold Support contract entitles you to a remote setup session with a WatchGuard in-house engineer, but we didn’t see much need for this, as the web-based quick-start wizard walked us clearly through the process of securing administrative access, configuring the firewall and applying a base set of security policies. For remote sites, a nifty zero-touch deployment option allows newly registered appliances to automatically pick up preconfigured settings from the internet and apply them with no user intervention required.

Once you’re up and running, network traffic is handled by a suite of protocol-specific proxies, including HTTP, HTTPS, FTP, SIP, POP3 and SMTP, each of which has its own setup wizard. The APT service checks incoming files with the Lastline cloud service to see if they’re known malware, while the gateway antivirus component automatically blocks or drops infected content. Anti-spam policies are just as easy to configure: once you enable monitoring of SMTP, IMAP or POP3 traffic, junk messages get a tag inserted in their subject line. 

Then there’s WatchGuard’s Application Controls service, which lets you approve or block a huge range of predefined apps and services, with 12 policies available for Facebook alone. It’s partnered by the WebBlocker service, which recognises 130 URL categories and has an optional password feature that lets privileged users bypass the blocks. For even more fine-grained control, the T20-W’s wireless services can be presented as three separate virtual access points, each with its own encryption scheme, optional L2 isolation, DHCP settings and firewall policies.

The T20-W’s local web console makes this all a breeze to configure, but the appliance can alternatively be administered using WatchGuard’s Dimension software, which is freely available for Hyper-V and VMware hosts. An update later this year will allow you to configure the appliance via your WatchGuard Cloud account too, and this portal can already be used to monitor security services, detected threats and performance.

The WatchGuard Firebox T20-W crams a great set of security services into a neat and affordable little box. With a superb set of deployment and management options, it’s perfect for small businesses seeking all-in-one protection, and for larger companies looking to keep their remote workers secure. 

WatchGuard Firebox T20-W specifications

Chassis

Fanless desktop chassis

CPU

Dual-core 1GHz NXP LS1023A CPU

Memory

2GB DDR4 ECC

Storage included

4GB eMMC

Network

5 x Gigabit Ethernet (WAN, 4 x LAN), 2.4/5GHz 802.11ac Wave 1 wireless

Other ports

2 x USB 2, RJ-45 serial port  

Management

Web browser and cloud management

Dimensions (WDH)

217 x 206 x 44mm (WDH)

Weight

0.9kg

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020
How to wipe a laptop easily and securely
Security

How to wipe a laptop easily and securely

5 Oct 2020