WatchGuard Firebox T10 review
Enterprise-level network security has traditionally been way beyond the
means of small offices, but WatchGuard’s little Firebox T10 changes the landscape. It offers virtually every feature present in WatchGuard’s higher-end unified threat management (UTM) appliances at a remarkably low cost.
WatchGuard Firebox T10 review: features
For the starting price of £195, you get the appliance with firewall, VPN support and a one-year LiveSecurity support subscription. Step up to the £260 package and you get the full security suite with a wealth of extras, including an intrusion-prevention system (IPS), web-content filtering, anti-spam, Gateway AntiVirus, application controls and HTTPS inspection. You can add WatchGuard’s optional advanced persistent threat (APT) blocker service and a three-year licence and data-leakage prevention (DLP) or only £630.
A palm-sized slab of plastic, the T10 features three Gigabit ports. It’s fanless and silent in operation, and installation is swift: simply point a web browser at the T10 and follow a quick-start wizard, which activates a default firewall policy to provide basic protection.
The T10 runs the same Fireware XTM firmware as its bigger brothers, which introduces a range of new features. The dashboard is much more informative and provides details of the top clients, destinations, policies and ports. Performance graphs are provided for subscription services, so you can see what’s being allowed and blocked. You can also run manual signature updates from here.
The FireWatch feature from WatchGuard’s Dimension management software also makes an appearance, displaying sets of coloured squares where their size indicates the level of activity for sources, destinations, policies, applications and interfaces. Managed service providers will appreciate the full Dimension product, which is included free of charge and runs as a VMware virtual appliance.
The T10 uses proxies for all security services, so you can create firewall rules for each one that define the interfaces they apply to and the actions they will carry out. There are plenty to choose from, since there are proxies for HTTP, HTTPS, FTP, SIP, H.323, POP3 and SMTP. The process takes a little getting used to: you view the predefined actions for each proxy and clone them for use in your policies. For web filtering, you clone the HTTP client action and assign a profile to it.
The web-filter profile uses the Websense cloud service and offers no fewer than 127 categories to block or allow. An HTTP firewall policy activates it, and you can enable IPS on a per-policy basis where it applies allow, drop or block actions, based on five detected threat levels.
To test the spamBlocker service, we configured the POP3 proxy to tag messages classed as spam, suspect and bulk. After running it for a week using live mail, we saw a high detection rate of 97.5% with no false positives. Gateway AntiVirus scanning is also enabled per policy, and you’ll need to have this running if you want to apply APT protection. As files come into the network, they’re scanned, an MD5 hash is created, and then they’re checked with the Lastline cloud service to see if they’re known malware.
WatchGuard’s application awareness finely controls access to hundreds of apps – there are 11 entries for Facebook alone. Link the T10 with Active Directory authentication and you can precisely control social networking on a per-user basis, deciding who can log in, post “Likes”, edit profiles, upload media or chat.
In addition, there’s DLP, which can now be used with custom rules. Along with predefined policies for HIPAA and PCI, you can create your own that run in the HTTP, FTP and SMTP proxies and check for keywords such as credit card numbers.
WatchGuard Firebox T10 review: performance
To test the T10’s performance, we hooked it up to the lab’s Ixia Optixia XM2 chassis and its two Xcellon-Ultra NP blades. Using lightweight UDP packets, raw firewall throughput settled at 170Mbits/sec – 15% lower than the claimed 200Mbits/sec.
For HTTP traffic using 512KB web pages, we saw a steady firewall throughput of 140Mbits/sec. With the HTTP proxy, IPS and Gateway AntiVirus enabled, this dropped to 44Mbits/sec – 11Mbits/sec less than the claimed UTM throughput. Even though performance in our tests wasn’t quite as high as the claimed speeds, it’s still good enough for the T10’s target market of small businesses and remote and home offices.
WatchGuard Firebox T10 review: verdict
The WatchGuard Firebox T10 is a remarkable little appliance with more features than any other UTM appliance in this market sector. Combine this prowess with an affordable price and it takes a well-deserved place on the PC Pro A-List.
|Warranty extra information||1yr advanced hardware replacement|
|Server configuration||Desktop chassis|
|Gigabit LAN ports||3|