I tried the WatchGuard Firebox - here's what I thought of this 5G appliance

17 hours ago 13

Why you can trust TechRadar We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.

This review first appeared in issue 354 of PC Pro.

WatchGuard’s family of Firebox security appliances offers an unbeatable range of desktop solutions, and the T45-CW brings 5G failover to the table. Ideal for businesses that need always-on internet access for remote sites, its multi-WAN features combine wired and 5G mobile connections in a single policy so if one goes down, the other seamlessly steps in and takes over.

The T45-CW’s quad-core 1.6GHz NXP CPU claims a high raw firewall throughput of 3.94Gbits/sec and 557Mbits/sec with all UTM services enabled. It has five gigabit ports for WAN, LAN plus DMZ duties and, unlike many table-top security appliances, it offers secure Wi-Fi 6 services.

The appliance delivers a wealth of security features, and it’s easy to choose the right subscription as WatchGuard offers two options. A Basic Security Suite subscription enables gateway antivirus, anti-spam, web filtering, HTTPS inspection, IPS, application controls, WatchGuard’s RED (reputation enabled defense) cloud-based URL filtering and network discovery.

Full view of the WatchGuard Firebox T45-CW

We’ve shown the price for a three-year Total Security Suite subscription, which adds WatchGuard’s advanced persistent threat (APT) blocker with cloud sandboxing, DNSWatch for monitoring client DNS requests and blocking access to known malicious domains, IntelligentAV anti-malware services and ThreatSync XDR, which provides policy-based collection, correlation and automated responses for Firebox threat events.

Local management is simple. The web console runs a wizard to enable wired internet access, activate a basic security policy and create a wireless SSID. Our unit came with a Vodafone 5G SIM and, after enabling the internal modem, the SIM came online.

WatchGuard includes four SMA external aerials; LEDs on the front panel show the cellular signal strength, failover status and whether you have a 4G LTE or 5G connection. Configuring failover is a cinch: you use the multi-WAN feature to define primary and backup connections and decide how failback is handled.

In practice, it works perfectly. We set up a continuous ping to an external website and then pulled the wired internet cable. We saw a single ping timeout, after which it continued unabated, and when we plugged the WAN cable in again, the appliance swapped back to it without any ping timeouts being recorded.

Naturally, you can use 5G as your primary connection, and defining the modem as an external interface means all your security policies will be automatically applied to it. In fact, you can have both wired and 5G internet connections active and use multi-WAN round-robin weightings to determine how connections are distributed across them.

Desktop screenshot of the WatchGuard Firebox T45-CW's cloud management system

For cloud management, we registered the appliance with our support account, allocated it to our site and chose the management and monitoring option. After reconfiguration, the T45-CW disables its local web interface, takes further settings from the cloud and provisions full access for remote configuration.

All security functions are easily accessible. From the portal’s content scanning page, you use a simple slider bar to enable the gateway AV, IntelligentAV, APT blocker and spamBlocker services. Anti-spam policies are available for SMTP, IMAP or POP3 traffic, where you allow, deny or tag spam messages in their subject line for ongoing local rule processing.

From the network blocking section, you can control botnet detection, IPS, custom blocked URLs and ports plus detection of Tor (The onion router) exit points. Web content filtering offers 130 URL categories for blocking or allowing, while WatchGuard’s application control service presents over 1,250 predefined app signatures.

The multi-WAN function is found in the device’s networks page where you select the Global WAN option, choose failover or round-robin operations and set the failback mode. Move to the portal’s monitoring page and you can see the status and strength of the 5G connection and view RSRP and RSRQ graphs.

Businesses that hate internet downtime will love WatchGuard’s Firebox T45-CW. It provides a wealth of top-class security services, can be easily cloud managed and delivers seamless 5G WAN failover.

We also rated the best document management software.

Probably the most respected tester of IT equipment in the UK, if you’ve bought a piece of kit for the office - whether printer, server or rack appliance - then you’ve probably read Dave’s verdict at some point along the way.

What is a hands on review?

Hands on reviews' are a journalist's first impressions of a piece of kit based on spending some time with it. It may be just a few moments, or a few hours. The important thing is we have been able to play with it ourselves and can give you some sense of what it's like to use, even if it's only an embryonic view. For more information, see TechRadar's Reviews Guarantee.