WatchGuard Firebox T30-W
Affordable and packed to the rafters with gateway security measures – a top choice for SMBs
SCORE ✪✪✪✪✪ PRICE Appliance with 1yr Security Suite, £942 exc VAT from watchguardonline.co.uk
If you need an on-site network security solution that does it all, WatchGuard’s Firebox T30-W is a great choice. This tomato-red desktop box delivers every gateway security service you could possibly need – and the icing on the cake is its integral wireless 802.11ac dual-band AP and wireless gateway controller for WatchGuard’s own APs.
Prices start at a reasonable £942 for the appliance and a one-year Security Suite subscription. Your licence activates the Firebox’s antivirus, anti-spam, web content filtering, IPS, HTTPS inspection, application controls and WatchGuard Reputation Enabled Defence.
If that’s not enough, you can step up to the premium Total Security Suite licence, for a total cost of £1,323: this adds WatchGuard’s Data Loss Prevention (DLP) and Advanced Persistent Threat (APT) Blocker services. Both suites also include a free remote setup and configuration session with a WatchGuard engineer, so you can be certain of a successful and secure deployment.
The box has five Gigabit Ethernet ports for LAN, WAN and DMZ duties, with the fourth LAN port PoE enabled. Speed looks good: the appliance claims firewall and UTM throughput rates of up to 620Mbits/sec and 135Mbits/sec respectively.
Installation is fast. The appliance’s browser-based wizard had us up and running with secure internet access in five minutes. It also enabled Mixed Routing Mode, in which each Ethernet port appears as a separate interface, allowing different network segments to have different security policies. The Threat Detection and Response cloud service uses locally installed host sensors to collect forensics data and provide policy-based endpoint protection for Windows clients.
WatchGuard uses proxies to control various traffic types; HTTP, HTTPS, FTP, DNS, SIP, H.323, POP3 and SMTP are supported, and can be quickly set up by working through a helpful configuration wizard.
For web content filtering, you can choose from over 120 URL categories, set up blocking actions for HTTP and HTTPS traffic, then simply let the wizard create a firewall rule for your new policy. Controlling app usage is similarly easy, as the appliance has entries for over 1,800 including all
“VPN support is excellent: the T30-W works with site-to-site IPsec tunnels, plus mobile IPsec, PPTP and L2TP clients”
popular social networks.
Gateway antivirus is enforced simply by enabling it on selected proxies, and the spamBlocker uses POP3 proxy actions to transparently scan traffic and tag qualifying messages as spam, suspect or bulk. It doesn’t provide its own quarantining services, however, so you’ll need to create email client rules to handle tagged messages. You can also scan traffic inbound to an internal mail server with an SMTP proxy action set to use the server’s IP address.
The latest version of the FireWare software brings new geolocation capabilities, allowing you to block traffic to or from specific countries. It provides a global real-time map showing where traffic is emanating from or going to, and you can block a country area by simply clicking on it.
VPN support is excellent: the T30-W works with site-to-site IPsec tunnels, plus mobile IPsec, PPTP and L2TP clients and SSL VPNs. For mobile IPsec VPNs, the appliance creates a configuration file that provides quick setup of WatchGuard’s Windows, iOS and Android clients as well as the Shrew Soft VPN client.
Unlike some appliance vendors, WatchGuard doesn’t charge extra for reporting. On-appliance reporting includes the very handy FireWatch feature, and WatchGuard’s free Dimension software can be used to monitor multiple Fireboxes.
If you’re looking for serious network protection at an affordable price, WatchGuard’s Firebox T30-W ticks all the boxes. It has all of the key security features, can be customised to suit your needs and is very easy to deploy.
SPECIFICATIONS
Desktop chassis 1GB RAM 5 x Gigabit Ethernet (PoE on LAN port 4) 2 x USB 2 RJ-45 serial port, external PSU web browser and Dimension management