WatchGuard Firebox M270
A powerful security appliance that’s chock-full of tough protection measures and priced right for SMBs
SCORE PRICE With 1yr Total Security Suite, £2,743 exc VAT from watchguard- online.co.uk
Small and medium sized businesses are now the go-to place for cyber-criminals as they’re seen as soft targets. They need to stiffen their network defences and WatchGuard has the perfect solution, as its Firebox M270 offers enterprise-class security and performance at a sensible price.
Recommended for businesses with around 60 users, this 1U rack appliance boasts a high raw firewall throughput of 4.9Gbits/sec. Enabling gateway AV drops this to 2.1Gbits/sec and activating all UTM services cuts this to a still very respectable 1.6Gbits/sec.
The price we’ve shown includes the appliance and a one–year subscription to every security feature you can imagine. It enables web content filtering, application controls, anti-spam, gateway AV, network discovery, IPS, data loss prevention (DLP), Dimension Command and an APT blocker.
There’s more as you get WatchGuard’s Reputation Enabled Defence (RED) service for tougher web protection. A Gold Support subscription tops it all off nicely , which includes a free remote setup and configuration session with a WatchGuard in-house engineer.
Not that the M270 is difficult to deploy. Far from it, as its web console runs a wizard-based setup routine that creates a base set of firewall policies for securing internet access.
The M270 employs proxies to control different traffic types and each one loads a wizard the first time you access them. Web content filtering takes two minutes to configure. We chose from 130 URL categories, added blocking actions for the HTTP and HTTPS proxies and watched the wizard add new firewall policy rules.
Gateway AV comes courtesy of the Bitdefender scanning engine and can be enabled on selected proxies. You now get double protection from malware as the new IntelligentAV feature in Fireware 12.2 uses the Cylance AI-based engine.
IntelligentAV doesn’t rely on signatures and scans files such as Office documents, Windows portable executables and PDFs after they’ve passed through the Bitdefender engine. It’s activated with one-click and applied to all proxies that have gateway AV enabled.
“The M270 is a great choice for securing large remote or branch offices as multiple appliances can be remotely managed in the cloud”
The new DNSWatch service adds even more web protection by monitoring client DNS requests and blocking access to known malicious domains. It’s another service that’s both easy to enable and can be applied to all or specific network ports on the appliance.
If you’re worried about Facebook sneaking in to the workplace, the Firebox M270 has you covered. The Application Control service manages access to hundreds of predefined apps and its 11 entries for Facebook mean that you can block all usage or fine-tune access and decide, for example, whether staff can chat, like, comment, edit profiles or transfer files on the site.
Spam filtering is easy to apply as the spamBlocker wizard asked us to select incoming SMTP traffic and provide an internal mail server address or just activate IMAP or POP3. We chose the latter for transparent scanning where the POP3 proxy client was set to append the subject line of dubious messages with “Spam”, “Bulk” or “Suspect” tags so we could filter them out using Outlook message rules.
The DLP service scans files and emails looking for keywords and can be applied to the HTTP, HTTPS, FTP and SMTP proxies. We created a DLP sensor looking for a group of phrases and when we tried to send Word documents containing these to our external FTP site, the service blocked the transfer.
The M270 is a great choice for securing large remote or branch offices as multiple appliances can be remotely managed in the cloud or via the free Dimension software. We run Dimension in the lab as a VMware VM and, after adding the M270, we could view global threat maps, an executive dashboard and see activities for all its security services.
The Firebox M270 dispels the notion that high UTM performance has to come at a high price. It offers a persuasive range of security measures and is perfect for SMBs that want the same protection as enterprises but at price they can actually afford. SPECIFICATIONS 1U rack appliance 4GB RAM 8 x Gigabit (WAN, 7 x LAN) 2 x USB 3, RJ-45 serial port web browser and Dimension Command