WatchGuard Firebox T40-W review: Powerful yet classy

Designed for small offices and remote sites, the Firebox T40-W offers enterprise-class gateway security measures at an affordable price. It’s big on performance, too, as its 1GHz quad-core CPU and 4GB of DDR4 RAM provide – WatchGuard claims – a high raw firewall throughput of 3.4Gbits/sec and 300Mbits/sec with the AV, IPS and application control services enabled.

Management choices are extensive, as the T40-W offers a local web console and can be monitored using WatchGuard’s free Dimension logging software. More importantly, it can be integrated with WatchGuard’s cloud portal, which now provides remote configuration services along with monitoring.

The T40-W offers a solid hardware package, with five Gigabit ports for WAN, LAN and DMZ duties. The fourth LAN port adds extra versatility as it presents PoE+ services for powering compliant external devices.

Integral wireless services are limited to the older 11ac variety, while the 2.4GHz and 5GHz radios can’t both be active at the same time. Even so, this will be enough for many small businesses, and the appliance’s wireless gateway feature can provision and manage other WatchGuard access points.

The price above includes a one-year subscription to WatchGuard’s Total Security suite, which enables everything the company has to offer. Features include gateway AV, anti-spam, web content filtering, application controls, intrusion prevention services (IPS) and an advanced persistent threat (APT) blocker.

WatchGuard’s RED (reputation enabled defence) service provides tighter web security, and cloud management is included in both the Basic and Total subscriptions. Unlike the entry-level T20-W, this model has enough horsepower to handle the IntelligentAV malware scanner, which uses the Cylance AI-based engine.

Local deployment is swift as the web console quick-start wizard enables firewall-protected internet access and applies a base set of security policies. Network traffic is handled by various proxies, which include HTTP, HTTPS, FTP, SIP, POP3 and SMTP, and each one offers a wizard to simplify setup.

Cloud management is equally easy to master, and after registering the appliance with our WatchGuard support account, it appeared in the cloud console ready for allocation. You then choose between local or remote management, with the former simply activating monitoring and sending activity logs to your account.

Remote management requires a few more steps: you set up the WAN port, enable basic wireless services and apply a new administrative password. When the appliance is powered up, it takes all these settings from the cloud, disables local management and only provides options to view its status, upgrade the OS and load the cloud portal.

The cloud portal has full access to all the same settings you’ll see in the local console, so nothing is beyond its remit. You can configure gateway AV scanning and APT blocking, enable IntelligentAV with one click on its slider bar and set up anti-spam policies for incoming SMTP, IMAP or POP3 traffic, and tag spam messages in their subject line for ongoing local rule processing.

The WebBlocker service presents 130 URL categories that can be blocked or allowed, and you can add new policies with different actions and apply them to custom firewall rules. The content-filtering section in the portal also provides access to WatchGuard’s application control service, which offers over 1,100 predefined app signatures, including 41 for fine-grained control over all popular social networking platforms.

Cloud monitoring is excellent, with the portal providing detailed views of live activities, all traffic, the top clients, application usage, and much more. It also adds the same services as provided by WatchGuard’s Dimension server, so you can pull up views of appliance utilisation plus an executive dashboard, global threat map, and policy activity graphs.

Wireless services are comparatively basic, but the Firebox T40-W makes up for this with impressive performance and top-notch gateway security measures. It’s affordable for SMBs, and the configuration and monitoring services provided by the cloud portal will appeal to businesses deploying it to remote offices.

WatchGuard Firebox T40-W review: Specifications