WatchGuard Firebox T45-W-PoE review: Enterprise-class gateway security measures at an affordable price

WatchGuard's Firebox T45-W-PoE is an eye-catcher not just for its tomato-red chassis but also for its excellent range of security measures. Aimed at small businesses and branch offices, it combines wired and wireless protection and is one of the first desktop appliances to bring integral Wi-Fi 6 services to the table.

Sporting a new NXP quad-core 1.6GHz CPU, it claims a high raw firewall throughput of 3.94Gbits/sec and 557Mbits/sec with all UTM services enabled – respective speed boosts of 16% and 86% over the older T40-W. Its internal aerials don't give the wireless game away, and for those who want WAN redundancy, the T45-CW model has an integral 5G NR SIM slot at the rear.

The appliance has five-gigabit ports for WAN, LAN, and DMZ duties. The fourth LAN port presents 30W PoE+ services for powering external devices such as IP cameras or phones and other wireless APs. WatchGuard offers a range of pocket-friendly licensing schemes; we've shown the price for a three-year Total Security subscription. This enables a wealth of services including gateway antivirus, anti-spam, web content filtering, application controls, intrusion prevention services (IPS), and an advanced persistent threat (APT) blocker with cloud sandboxing.

You also get WatchGuard's reputation-enabled defence (RED) cloud-based URL filtering, DNSWatch to monitor client DNS requests and block access to known malicious domains, and ThreatSync XDR for collection, correlation, and automated responses to threat events. Unlike the entry-level T25 appliances, all T45 models have enough CPU power to run the Cylance AI-based IntelligentAV malware scanning engine. 

WatchGuard Firebox T45-W-PoE reviews: Performance

The appliance can be managed in standalone mode, but both the Basic and Total Security packages include access to the WatchGuard Cloud for remote management, with the latter extending log and report data retention to one year and 30 days respectively. It's easy to set up: we registered the appliance with our support account, allocated it to our site, and chose the management and monitoring option.

All the settings in the local console are mirrored in the cloud portal. From the content scanning section, you activate antivirus scanning, APT blocking, IntelligentAV, and anti-spam policies, while the network≈blocking section covers botnet detection, IPS, port and site blocks, and detection of Tor (The onion router) exit points.

The portal's content filtering section allows you to control website access by creating policies using up to 130 URL categories and deciding whether to block or allow them. You can use a single policy to combine these with application controls, and WatchGuard presents over 1,250 predefined app signatures, including 40 subcategories for social networking with 12 just for Facebook activities.

Monitoring details are impressive. You choose a remote Firebox from the cloud portal and view details such as live activity, traffic, application usage, blocked websites, the top clients, a geolocation map, IPS, and botnet detection. The dashboard view takes all the features from WatchGuard's on-premises Dimension monitoring software and provides executive threat summaries, live graphs of all security services, a customizable global threat map, and policy activity graphs.

Wireless services see big improvements over the older Fireboxes as you can now create multiple SSIDs with guest networks, enable either or both radios on each one, and enforce strong WPA3 encryption. It's a good performer, too, with large file copies between a Wi-Fi 6 Windows workstation and server on the LAN returning close-range speeds of 89MB/sec.

WatchGuard's Firebox T45-W-PoE offers enterprise-class gateway security measures at an affordable price, making it a great choice for SMBs and remote offices. Integral Wi-Fi 6 services add extra value and it can be easily managed and monitored from WatchGuard's slick cloud portal.

WatchGuard Firebox T45-W-PoE specifications