WatchGuard Firebox M590 review: Big red network security

A powerful mid-range UTM appliance with top-notch security features at a sensible price

A photograph of the WatchGuard Firebox M590

IT Pro Verdict


  • +

    Simple subscriptions

  • +

    Stiff security measures

  • +

    Great value

  • +

    Choice of management methods

  • +

    Good performance


  • -

    Separate PSU required for the PoE+ expansion module

WatchGuard has been busy beefing up its Firebox security appliances to handle the latest threats and the high demands of inspecting encrypted and HTTPS traffic. The Firebox M590 on review is a prime example: this 1U rack appliance ditches the dual-core Intel i3-6100 desktop–class CPU from the elderly T570 and replaces it with a 2GHz NXP LX2120A SoC, which puts twelve ARM Cortex A72 cores on the table.

Targeting mid-sized businesses and distributed enterprises with up to 1,000 users, the M590 claims a raw firewall throughput of 20Gbits/sec, 3.3Gbits/sec with UTM services enabled and a very creditable 1.9Gbit/sec with HTTPS content inspection activated. Other improvements over the M570 include a larger internal 128GB M.2 SSD, dual 150W PSUs and two 10GbE SFP+ ports for high-speed connections over longer distances.

The single expansion bay to the right of the embedded ports accepts a range of modules including quad copper or fibre Gigabit, dual 10GbE SFP+ or a four-port multi-Gigabit option with PoE+. Our review system came with the latter, and the kit includes a chunky 54V power brick which needs to be plugged into a dedicated port at the rear to enable PoE+ delivery.

WatchGuard Firebox M590 review: Management and deployment

One area where WatchGuard excels is appliance management, as your choices are manifold. The M590 can be run in standalone mode and configured using its local web console and WatchGuard’s free System Manager (WSM) software suite, or linked up with the free VMware and Hyper-V virtualised Dimension software and its optional Command service.

Businesses managing multiple, geographically distributed Fireboxes will love WatchGuard’s Cloud service as they can access them all from a single web portal. Included with both security subscriptions, it offers two choices: you can elect to retain local management and set the appliance up to send all its logs to the cloud portal, or opt for full cloud management.

A screenshot of the WatchGuard Firebox M590 control dashboard

The cloud option adds another benefit by bringing WatchGuard’s RapidDeploy feature into play. Upload a predefined configuration file created from a local Firebox, assign it to a newly registered appliance, pack it off to a remote site and after connection and power up, it automatically takes the file from your cloud account.

We began testing by registering the M590 with our WatchGuard customer account and once it was powered up, it pulled down our feature key and offered a quick start wizard. We initially chose local management with cloud logging and once we’d allocated the M590 to our cloud account, it duly started sending details on all traffic, detected threats and responses.

A new feature makes it dead easy to swap to full cloud management, and we just had to click one button in the portal’s device configuration page. After reconfiguration, the M590 disabled its local web interface, took all its settings from the cloud and furnished us with full remote configuration access.

WatchGuard Firebox M590 review: Security subscriptions

WatchGuard keeps licensing as simple as possible; all Fireboxes are available with two options and we’ve shown the price for the M590 appliance with a 3-year Total Security Suite (TSS) subscription. This starts with the same features as you’ll get with the cheaper Basic Security Suite (BSS) and includes gateway AV, anti-spam, web content filtering, application controls, intrusion prevention services (IPS) and WatchGuard’s RED (reputation enabled defence).

The TSS subscription essentially activates WatchGuard’s Automation Core (WAC) technology, which is designed to ease the life of support staff by providing proactive threat responses. ThreatSync collects event data from all Fireboxes, DNSWatch blocks user access to known malicious domains while IntelligentAV and its Cylance AI-based engine scans files after they’ve passed through the gateway AV scanner and uses machine learning to identify and block new malware.

A screenshot of the WatchGuard Firebox M590 security settings

TSS also activates WatchGuard’s Gold support, which provides a one hour targeted response time for high priority issues. It also increases the cloud log retention period from 1 day to 30 days.

WatchGuard Firebox M590 review: Cloud configuration

We found the WatchGuard Cloud portal very easy to use with five main menu tabs provided for a dashboard view of account and Firebox status, monitoring, configuration, inventory and administration. The monitoring page opens with an overview of all Fireboxes showing all the action for every security service and you can drill down to individual appliances.

Move to the configuration page and you can select a specific Firebox and manage all its security services from one screen. The content scanning section provided access to gateway AV, IntelligentAV, the APT blocker and spamBlocker services and in many cases, they can be activated simply by clicking on a slider bar.

Network blocking includes botnet detection and IPS settings with the Geolocation section below allowing you to block traffic from specific countries. Web filtering and application controls are both managed using custom actions where you choose from 130 URL categories to block or allow and browse nearly 1,300 predefined app signatures neatly organised into 11 categories for easy access.

From the inventory page, you view all activated Fireboxes and allocate new ones to your cloud account. The administration section provides access to Firebox audit logs and you can create scheduled reports for any or all devices, choose which services you want executive summaries for and provide email addresses of recipients.

WatchGuard Firebox M590 review: Verdict

The Firebox M590 is a versatile UTM appliance and WatchGuard’s simplified licensing schemes make it easy to choose the right level of protection. Deployment is cinch, it offers a wealth of enterprise-grade security services at a very competitive price and the choice of local or cloud management makes it equally well suited to mid-range businesses and enterprises needing to protect distributed remote offices.

WatchGuard Firebox M590 specifications

Swipe to scroll horizontally
Chassis1U rack
CPU12-core 2GHz NXP LX2120A
Memory8GB ECC DDR4
Storage128GB M.2 SATA SSD
Network8 x Gigabit, 2 x 10GbE SFP+
Expansion1 x module bay
Other ports2 x USB 2, RJ-45 serial
PowerDual internal 150W PSUs
ManagementWeb browser, WatchGuard WSM/Dimension/Command/Cloud
WarrantyIncluded in subscription
Optional modules2 x 10GbE SFP+, £706; 4 x 1GbE copper, £462, 4 x multi-Gigabit PoE+ with 54V PSU, £1,383 (all exc VAT)
Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.