WatchGuard Firebox M290 review: Stiff security at a great price

The Firebox M290 delivers an incredible range of gateway security measures priced right for SMBs

A photograph of the WatchGuard Firebox M290

IT Pro Verdict


  • +

    Good value

  • +

    Top performance

  • +

    Easy deployment

  • +

    Extensive security measures

  • +

    WatchGuard Cloud


  • -

    PoE+ services on expansion module not supported

WatchGuard’s latest M-series rackmount security appliances have a sharp focus on value and are designed to offer SMBs and mid-sized companies affordable enterprise-level gateway security. Stepping up as the entry point of the family, the Firebox M290 on review certainly hits this target: the price we’ve shown includes the appliance and a 3-year Total Security Suite (TSS) subscription which enables every feature WatchGuard has to offer.

Clothed in Watchguard’s customary fire engine-red chassis, this 1U rack appliance targets businesses with up to 75 users and boasts a high raw firewall throughput of 5.8Gbits/sec, dropping to 1.18Gbits/sec with all UTM services enabled. With the bulk of malware now being delivered over HTTPS-encrypted connections, the M290 has the horsepower to handle these inspection overheads, as it’s powered by a quad-core NXP LX1046A CPU partnered by 4GB of DDR4 system memory.

Network connections look good too, and the M290 presents eight Gigabit ports which can be used for WAN, LAN or DMZ duties. There’s room for even more via the expansion slot at the front, which supports an optional module with four copper or fibre Gigabit ports, or dual 10GbE SFP+.

On top of this, WatchGuard also offers a 4-port multi-Gigabit module with PoE+, but while you can use it in the M290, this appliance doesn’t support the required optional 54V power supply, so its PoE+ services will be disabled. If you want this functionality, you’ll have to opt for the M590 or the M690, as these are the only ones which fully support this module.

WatchGuard Firebox M290 review: Security features

WatchGuard offers two Firebox licence schemes so you could save some cash with the Basic Security Suite subscription. Available for one or three year periods and costing £2,077 exc VAT for the latter, this activates gateway antivirus (GAV), antispam, web filtering, HTTPS inspection, IPS, application controls, WatchGuard’s RED (reputation enabled defence) cloud-based URL filtering and secure software defined WAN (SD-WAN) services.

A screenshot of the WatchGuard Firebox M290's web console

A TSS subscription includes all these features, but additionally augments them with WatchGuard’s advanced persistent threat (APT) blocker, plus its Threat Detection and Response (TDR) service with a 75 host sensor licence included. Malware protection is beefed up with IntelligentAV which uses the Cylance AI-based engine to scan files such as Office documents, Windows portable executables and PDFs after they’ve passed through the GAV scanner.

WatchGuard’s DNSWatch service also monitors client DNS requests and blocks access to known malicious domains. Remote monitoring and management via the WatchGuard Cloud portal is enabled across all subscriptions and TSS increases the log retention to 30 days.

WatchGuard Firebox M290 review: Management choices

Management choices are impressive - you can monitor and configure the M290 using its local web console and run WatchGuard’s free System Manager (WSM) suite on a separate Windows host to provide central management, logging and reporting services.

Next up is WatchGuard’s free Dimension software which is virtualized on a Hyper-V or VMware host. This provides a separate web console for viewing appliance utilisation, an executive dashboard, policy activity graphs and a global threat map, and enabling the optional Dimension Command feature brings Firebox management into play.

We think WatchGuard’s Cloud is a better choice than Dimension, as it provides all the same features without the need for a host system. You have two choices: you can keep local management enabled and set the appliance to send its logs to the cloud for monitoring and reporting, or disable local management and move it all into the cloud.

A screenshot of the WatchGuard Firebox M290's config dashboards

WatchGuard Firebox M290 review: Cloud deployment

Initial deployment is swift, as the appliance’s web console provides a quick start wizard which runs through enabling firewall-protected internet access and applying a base set of security policies. We had already registered the serial number of the M290 with our cloud support account so it grabbed our TSS feature key and applied it for us.

From our WatchGuard Cloud portal, we could see the appliance was available for allocation and selecting this offered two options: local management with cloud reporting and full cloud management. Initially, we chose the former and after a few minutes, a wealth of information from the M290’s activity logs started appearing in our portal including detailed views of traffic, web and application activity, all security services and the most active clients.

Swapping to full cloud management required the M290 to be deallocated, returned to our inventory and reallocated with this option selected. After running through WAN port setup and applying a new administrative password, the M290 disabled local management and only provided options to view its status, upgrade the OS and load the cloud portal.

WatchGuard Firebox M290 review: Cloud security settings

Configuring the M290 from the cloud portal is even easier than using its local web interface, as all security settings are accessed from a single web page. For content scanning, we could enable GAV and choose an action when a virus is detected, activate IntelligentAV with one click and set APT to drop traffic for high, medium and low threat levels.

Antispam uses policies for incoming SMTP, IMAP or POP3 traffic with options to allow, deny or tag suspect messages. The content filtering section provides access to the WebBlocker service which offers 130 URL categories that can be allowed, blocked or set to display a warning page to users.

A screenshot of the WatchGuard Firebox M290's threat map

WebBlocker actions are applied with firewall rules and are also used to manage the application control service. This presents nearly 1,300 predefined app signatures, including 12 sub-categories for all Facebook activities, making it easy to block or control its use in the workplace.

WatchGuard Firebox M290 review: Verdict

The Firebox M290 is an attractive choice for SMBs; it combines a superb range of security measures and delivers them at a sensible price. We found it easy to deploy and configure, with WatchGuard’s Cloud portal providing excellent remote management and monitoring features.

WatchGuard Firebox M290 specifications

Swipe to scroll horizontally
Chassis1U rack
CPUQuad-core NXP LX1046A
Memory4GB ECC DDR4
Storage128GB M.2 SATA SSD
Network8 x Gigabit
Expansion1 x module bay
Other ports2 x USB 2, RJ-45 serial
PowerInternal 65W PSU
ManagementWeb browser, WatchGuard WSM/Dimension/Command/Cloud
WarrantyIncluded in subscription
Optional modules2 x 10GbE SFP+, £711; 4 x 1GbE copper, £466 (all exc VAT)
Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.