IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

WatchGuard Firebox M290 review: Stiff security at a great price

The Firebox M290 delivers an incredible range of gateway security measures priced right for SMBs

A photograph of the WatchGuard Firebox M290
£4,148 exc VAT (Appliance with 3yr Total Security subscription)
  • Good value
  • Top performance
  • Easy deployment
  • Extensive security measures
  • WatchGuard Cloud
  • PoE+ services on expansion module not supported

WatchGuard’s latest M-series rackmount security appliances have a sharp focus on value and are designed to offer SMBs and mid-sized companies affordable enterprise-level gateway security. Stepping up as the entry point of the family, the Firebox M290 on review certainly hits this target: the price we’ve shown includes the appliance and a 3-year Total Security Suite (TSS) subscription which enables every feature WatchGuard has to offer.

Clothed in Watchguard’s customary fire engine-red chassis, this 1U rack appliance targets businesses with up to 75 users and boasts a high raw firewall throughput of 5.8Gbits/sec, dropping to 1.18Gbits/sec with all UTM services enabled. With the bulk of malware now being delivered over HTTPS-encrypted connections, the M290 has the horsepower to handle these inspection overheads, as it’s powered by a quad-core NXP LX1046A CPU partnered by 4GB of DDR4 system memory.

Network connections look good too, and the M290 presents eight Gigabit ports which can be used for WAN, LAN or DMZ duties. There’s room for even more via the expansion slot at the front, which supports an optional module with four copper or fibre Gigabit ports, or dual 10GbE SFP+.

On top of this, WatchGuard also offers a 4-port multi-Gigabit module with PoE+, but while you can use it in the M290, this appliance doesn’t support the required optional 54V power supply, so its PoE+ services will be disabled. If you want this functionality, you’ll have to opt for the M590 or the M690, as these are the only ones which fully support this module.

WatchGuard Firebox M290 review: Security features

WatchGuard offers two Firebox licence schemes so you could save some cash with the Basic Security Suite subscription. Available for one or three year periods and costing £2,077 exc VAT for the latter, this activates gateway antivirus (GAV), antispam, web filtering, HTTPS inspection, IPS, application controls, WatchGuard’s RED (reputation enabled defence) cloud-based URL filtering and secure software defined WAN (SD-WAN) services. 

A screenshot of the WatchGuard Firebox M290's web console

A TSS subscription includes all these features, but additionally augments them with WatchGuard’s advanced persistent threat (APT) blocker, plus its Threat Detection and Response (TDR) service with a 75 host sensor licence included. Malware protection is beefed up with IntelligentAV which uses the Cylance AI-based engine to scan files such as Office documents, Windows portable executables and PDFs after they’ve passed through the GAV scanner.

WatchGuard’s DNSWatch service also monitors client DNS requests and blocks access to known malicious domains. Remote monitoring and management via the WatchGuard Cloud portal is enabled across all subscriptions and TSS increases the log retention to 30 days.

WatchGuard Firebox M290 review: Management choices

Management choices are impressive - you can monitor and configure the M290 using its local web console and run WatchGuard’s free System Manager (WSM) suite on a separate Windows host to provide central management, logging and reporting services. 

Next up is WatchGuard’s free Dimension software which is virtualized on a Hyper-V or VMware host. This provides a separate web console for viewing appliance utilisation, an executive dashboard, policy activity graphs and a global threat map, and enabling the optional Dimension Command feature brings Firebox management into play.

We think WatchGuard’s Cloud is a better choice than Dimension, as it provides all the same features without the need for a host system. You have two choices: you can keep local management enabled and set the appliance to send its logs to the cloud for monitoring and reporting, or disable local management and move it all into the cloud.

A screenshot of the WatchGuard Firebox M290's config dashboards

WatchGuard Firebox M290 review: Cloud deployment

Initial deployment is swift, as the appliance’s web console provides a quick start wizard which runs through enabling firewall-protected internet access and applying a base set of security policies. We had already registered the serial number of the M290 with our cloud support account so it grabbed our TSS feature key and applied it for us.

From our WatchGuard Cloud portal, we could see the appliance was available for allocation and selecting this offered two options: local management with cloud reporting and full cloud management. Initially, we chose the former and after a few minutes, a wealth of information from the M290’s activity logs started appearing in our portal including detailed views of traffic, web and application activity, all security services and the most active clients.

Swapping to full cloud management required the M290 to be deallocated, returned to our inventory and reallocated with this option selected. After running through WAN port setup and applying a new administrative password, the M290 disabled local management and only provided options to view its status, upgrade the OS and load the cloud portal.

WatchGuard Firebox M290 review: Cloud security settings

Configuring the M290 from the cloud portal is even easier than using its local web interface, as all security settings are accessed from a single web page. For content scanning, we could enable GAV and choose an action when a virus is detected, activate IntelligentAV with one click and set APT to drop traffic for high, medium and low threat levels.

Antispam uses policies for incoming SMTP, IMAP or POP3 traffic with options to allow, deny or tag suspect messages. The content filtering section provides access to the WebBlocker service which offers 130 URL categories that can be allowed, blocked or set to display a warning page to users.  

A screenshot of the WatchGuard Firebox M290's threat map

WebBlocker actions are applied with firewall rules and are also used to manage the application control service. This presents nearly 1,300 predefined app signatures, including 12 sub-categories for all Facebook activities, making it easy to block or control its use in the workplace.

WatchGuard Firebox M290 review: Verdict

The Firebox M290 is an attractive choice for SMBs; it combines a superb range of security measures and delivers them at a sensible price. We found it easy to deploy and configure, with WatchGuard’s Cloud portal providing excellent remote management and monitoring features.

WatchGuard Firebox M290 specifications


1U rack


Quad-core NXP LX1046A






8 x Gigabit


1 x module bay

Other ports

2 x USB 2, RJ-45 serial


Internal 65W PSU


Web browser, WatchGuard WSM/Dimension/Command/Cloud


Included in subscription

Optional modules

2 x 10GbE SFP+, £711; 4 x 1GbE copper, £466 (all exc VAT)

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download


Sophos XGS 116 review: A small and mighty appliance
unified threat management (UTM)

Sophos XGS 116 review: A small and mighty appliance

14 Sep 2022
Sophos XGS 3300 review: Xstream firewall performance

Sophos XGS 3300 review: Xstream firewall performance

7 Jan 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers

The top 12 password-cracking techniques used by hackers

14 Nov 2022
Ex-Twitter tech lead says platform's infrastructure can sustain engineering layoffs

Ex-Twitter tech lead says platform's infrastructure can sustain engineering layoffs

23 Nov 2022