WatchGuard Firebox T185 review: WatchGuard puts enterprise-class gateway security on the desk at an SMB price

The Firebox security appliances have always impressed us with their fine combination of features, performance, and affordability. And WatchGuard adds even more appeal with a complete refresh across its entire range of desktop and rackmount solutions. Stepping in at the top of the new family of four desktop appliances, the T185 comes in as the replacement for the T85, which is now no longer available for sale and will be retired at the end of 2030.

Aimed at SMB and remote office environments with up to 100 users, the T185 delivers a persuasive performance boost as it dispenses with the 1.8GHz NXP LS1046A CPU in its predecessor and replaces it with a faster quad-core 2.2GHz Intel x7405C. This allows the T185 to claim a 5.7Gbps raw firewall throughput and 1.83Gbps with antivirus (AV), the intrusion prevention service (IPS), and application controls all activated for respective speed increases over the T85 of 15% and 94%.

It's all change in the port department too, as the T185 teams up quartets of Gigabit and 2.5GbE multi-Gig and adds a 10GbE SFP+ port for long-distance uplinks over fibre. Power over Ethernet (PoE) services are still present with the T185 extending this to the last two 2.5GbE ports, making it more suitable for Wi-Fi 6 and 7 access point deployments.

As with all of WatchGuard's new rackmount appliances, the port module expansion bay is no longer present, as the improved range of fixed ports should cover most network requirements. Measuring 330mm wide, the T185 will sit happily on a table top, but WatchGuard also offers an optional rack mount kit (WG9041) for around £60, which comprises a pair of extension ear brackets.

WatchGuard Firebox T185 review: Abundant management choices

Firewall management options are plentiful; the T185 can be monitored and configured in standalone mode via its local web console. More options are available for local management as WatchGuard offers its free System Manager (WSM) suite, which runs on a separate on-premises Windows host and provides central management, logging, and reporting services for multiple Fireboxes.

There's more, as WatchGuard's free Dimension software can be virtualized on a local Hyper-V or VMware host. This presents a separate web console for viewing appliance utilisation, an executive dashboard, policy activity graphs plus a global threat map with the optional Dimension Command add-on offering enhanced Firebox management and security policy creation.

Personally, we prefer the WatchGuard Cloud service as it provides full remote management services and is the ideal choice for businesses that want to protect geographically distributed remote offices. Two choices are available as you can keep local management and only send appliance logs to the cloud for monitoring and reporting or move it all into the cloud and disable local management completely.

Full cloud deployment is a breeze, and after registering the appliance with our customer account, we allocated it to our site from the inventory. A quick start wizard enabled cloud management plus secure internet access with a base firewall policy, and after a reboot, it had its local web console disabled and appeared online in our portal.

WatchGuard Firebox T185 review: Subscription features

WatchGuard's licensing is so simple to understand that many competitors have emulated it and moved away from complex security component pricing. Another bonus is all the new appliances, bar the entry-level T115-W, have enough processing power and memory to run every security service.

For the desktop models you have two subscription options available with the Basic Security Suite (BSS) enabling gateway antivirus (GAV), antispam, web filtering, HTTPS inspection, IPS, application controls, WatchGuard's RED (reputation enabled defence) cloud-based URL filtering and network discovery. Our appliance was supplied with a one-year Total Security Suite (TSS) subscription which adds WatchGuard's advanced persistent threat (APT) blocker with cloud sandboxing and DNSWatch for monitoring client DNS requests and blocking access to known malicious domains.

You also get the IntelligentAV anti-malware service which augments the standard GAV scanner while ThreatSync XDR provides policy-based collection, correlation and automated responses for Firebox threat events. It includes a Gold support licence and both subscriptions enable access to the WatchGuard cloud portal with TSS increasing log retention to one year and reports to 30 days.

WatchGuard Firebox T185 review: Security configuration

SMBs will love WatchGuard's cloud management portal, as all appliance network and security settings are accessed from one page. The Fireboxes support three operational modes and default to mixed routing, which allows networks to be segmented as each port is designated as a separate interface with its own IP address and DHCP services.

The content scanning section provides access to both AV scanners, the APT blocker, and spamBlocker for applying anti-spam policies to inbound SMTP, IMAP, and POP3 traffic. The network blocking section covers botnet detection, IPS, port and site block,s and detection of Tor (The onion router) exit points.

WatchGuard's WebBlocker service is accessed in the content filtering section and offers 169 URL categories that can be allowed, blocked, or set to display a warning page to users. Each content filter action policy manages both web access and application controls, with the latter presenting nearly 1,300 predefined app and protocol signatures, and they're easy to apply, as when creating firewalls rules, you just choose the action policy you want to assign.

The new hardware allows the T185 to support 100 branch office and mobile VPNs. Furthermore, VPN throughput has been boosted to 2.2Gbps, making the T185 WatchGuard's most powerful desktop appliance yet.

The portal's monitoring page provides a wealth of information on all activities. Graphs and charts are provided for live activity, traffic, detected malware and botnets, application usage, blocked websites, the top clients, and much more.

WatchGuard Firebox T185 review: Is it worth it?

The Firebox T185 is an attractive choice for SMBs and remote office deployments as it combines a superb range of security measures and delivers them at a sensible price with the appliance and a full 3-year TSS subscription available from Broadbandbuyer for around £5,300 excluding VAT. The simple and flexible licensing makes it easy to tailor the T185 to your budget, WatchGuard's Cloud portal delivers excellent remote management features and security services are beyond reproach.

WatchGuard Firebox T185 specifications