Firebox M470 w/Total Security Suite
Starts at $6,185
Strengths: RapidDeploy functionality is a game changer for multi-site locations as well as a huge benefit to MSSPs.
Weaknesses: UI not as intuitive as we would expect from WatchGuard.
Verdict: Whether you are adding an appliance to your already outfitted WatchGuard environment, or you are in the market for your first midsized UTM the Firebox M470 should be on your list to consider.
The WatchGuard Firebox M470 is designed to support midsize and distributed enterprises that need an effective and affordable solution. To this end, the M470 leverages its Intel-based platform with some impressive specs. The device is capable of running full UTM services at over 3 Gigabit per second, and 2 Gigabits per second inspecting HTTPS traffic with IPS enabled. At the same time, the M470 is also the smallest rack-mount capable of accepting additional fiber interface modules.
With installation and configuration, we felt the experience to be a bit average with one distinction - WatchGuard RapidDeploy. Using WatchGuard RapidDeploy, it is possible to start setting things up even before the device arrives onsite. This cloud-based configuration allows WatchGuard firewalls and UTM solutions to securely configure themselves. IT staff can load configuration data in the cloud so that once the device arrives and is powered up, it effectively deploys itself by automatically connecting to the cloud for a secure download of its configuration settings.
While testing, we logged into the Firebox management interface and were pleased to see everything is set up logically and clean. Categories are located on the left side of the interface allowing you to easily drill down to the desired detail. One notable item of interest, is the breadcrumb navigation scheme, allowing you to easily return to the starting page after drilling down many times. Thanks to the UI design, logical categories, and detailed documentation someone new can start using this device quickly.
There are two other notable features that drew our attention. The first is a cloud-ready security visibility technology, which is becoming more common in the NGFW market space. WatchGuard Dimension comes standard with WatchGuard's UTM and NGFW platforms, and aggregates log data from multiple WatchGuard firewalls. It applies a suite of big data visibility and reporting tools that instantly identify and extract key network security threats, issues and trends. Its diverse set of PCI and HIPAA compliance reports provides keen insight and evidence for compliance tracking. The adaptive user interface allows you to view network activity in real-time through interactive dashboards and reports.
The second feature is Threat Detection and Response, which enables M470's real-time threat detection and policy-based automated response. This capability is achieved by consuming event data from other Firebox appliances on the network, host sensors on endpoints, and cloud threat intelligence feeds to correlate data and initiate automatic malware response actions. WatchGuard's response in these cases is Host Ransomware Prevention, which blocks the execution of ransomware before any file encryption on the endpoint takes place, neutralizing the ransomware attack before any damage can be done.
- Matt Hreben with Dan Cure;
tested by Matt Hreben and Michael Diehl