WatchGuard Firebox T20-W review: Superb all-in-one protection

A versatile appliance that delivers super security for both wired and wireless networks at a great price

£720 exc VAT (Appliance with 1yr Total Security Suite)
  • Swift setup
  • Strong value
  • Solid feature-set
  • No AI-based malware scanning or deep packet analysis

WatchGuard’s Firebox T20-W is a compact, silent tabletop UTM appliance that will appeal to small businesses – and to larger organisations seeking easily managed protection for remote sites. 

The price above includes a year’s subscription to WatchGuard’s Total Security Suite, which enables a broad selection of security measures: these include antivirus, anti-spam, web filtering, application controls, botnet detection, intrusion prevention, DNSWatch, an advanced persistent threat blocker – plus WatchGuard’s RED (Reputation Enabled Defense) service for tighter web security. Alongside its four Gigabit LAN ports, the unit even includes a Wi-Fi gateway that can broadcast its own 802.11ac services or provision other WatchGuard access points. 

While this is a great spread of features, it’s worth noting that the T20-W doesn’t support WatchGuard’s IntelligentAV AI-based malware scanner, nor does it perform deep packet inspection of HTTPS traffic, as these functions are too demanding for the appliance’s dual-core CPU. The wireless gateway isn’t quite state-of-the-art, either: it’s limited to Wave 1 standards, and can work on either the 2.4GHz or 5GHz radio bands, but not both at once.

Still, local deployment is swift and easy. A Gold Support contract entitles you to a remote setup session with a WatchGuard in-house engineer, but we didn’t see much need for this, as the web-based quick-start wizard walked us clearly through the process of securing administrative access, configuring the firewall and applying a base set of security policies. For remote sites, a nifty zero-touch deployment option allows newly registered appliances to automatically pick up preconfigured settings from the internet and apply them with no user intervention required.

Once you’re up and running, network traffic is handled by a suite of protocol-specific proxies, including HTTP, HTTPS, FTP, SIP, POP3 and SMTP, each of which has its own setup wizard. The APT service checks incoming files with the Lastline cloud service to see if they’re known malware, while the gateway antivirus component automatically blocks or drops infected content. Anti-spam policies are just as easy to configure: once you enable monitoring of SMTP, IMAP or POP3 traffic, junk messages get a tag inserted in their subject line. 

Then there’s WatchGuard’s Application Controls service, which lets you approve or block a huge range of predefined apps and services, with 12 policies available for Facebook alone. It’s partnered by the WebBlocker service, which recognises 130 URL categories and has an optional password feature that lets privileged users bypass the blocks. For even more fine-grained control, the T20-W’s wireless services can be presented as three separate virtual access points, each with its own encryption scheme, optional L2 isolation, DHCP settings and firewall policies.

The T20-W’s local web console makes this all a breeze to configure, but the appliance can alternatively be administered using WatchGuard’s Dimension software, which is freely available for Hyper-V and VMware hosts. An update later this year will allow you to configure the appliance via your WatchGuard Cloud account too, and this portal can already be used to monitor security services, detected threats and performance.

The WatchGuard Firebox T20-W crams a great set of security services into a neat and affordable little box. With a superb set of deployment and management options, it’s perfect for small businesses seeking all-in-one protection, and for larger companies looking to keep their remote workers secure. 

WatchGuard Firebox T20-W specifications


Fanless desktop chassis


Dual-core 1GHz NXP LS1023A CPU



Storage included



5 x Gigabit Ethernet (WAN, 4 x LAN), 2.4/5GHz 802.11ac Wave 1 wireless

Other ports

2 x USB 2, RJ-45 serial port  


Web browser and cloud management

Dimensions (WDH)

217 x 206 x 44mm (WDH)



Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
Jack Dorsey resigns as Twitter CEO
business management

Jack Dorsey resigns as Twitter CEO

29 Nov 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

12 Nov 2021