Network security

WatchGuard Firebox M590 review: Big red network security

WatchGuard has worked to harden its Firebox security appliances to handle the latest threats and demanding inspection requirements for encrypted and HTTPS traffic. The Firebox M590 under review is a prime example: this 1U rackmount device ditches the dual-core Intel i3-6100 processor from the older T570 and replaces it with a 2GHz NXP LX2120A SoC, which places twelve ARM cores Cortex A72 on the table.

Targeting midsize businesses and distributed enterprises with up to 1,000 users, the M590 claims 20 Gbps raw firewall throughput, 3.3 Gbps with UTM services enabled, and very creditable throughput 1.9 Gbps with HTTPS content inspection enabled. Other improvements over the M570 include a larger internal 128GB M.2 SSD, dual 150W power supplies, and dual 10GbE SFP+ ports for high-speed connections over longer distances.

The single expansion bay to the right of the integrated ports accepts a range of modules, including four Gigabit copper or fiber ports, two 10GbE SFP+s, or a four-port multi-Gigabit option with PoE+. Our review system came with the latter, and the kit includes a chunky 54V power supply that needs to be plugged into a dedicated port on the back to enable PoE+ delivery.

WatchGuard Firebox M590 review: Management and deployment

One area where WatchGuard excels is appliance management, because your choices are many. The M590 can be run in standalone mode and configured using its local web console and WatchGuard’s free System Manager (WSM) software suite, or linked to the free VMware and Hyper-V virtualized Dimension software and service. optional order.

Businesses managing multiple geographically distributed Fireboxes will love WatchGuard’s cloud service because they can access it from a single web portal. Included with both security subscriptions, it offers two choices: you can choose to retain local management and configure the appliance to send all its logs to the cloud portal, or opt for full cloud management.

The cloud option adds another benefit by bringing WatchGuard’s RapidDeploy functionality into play. Download a pre-built configuration file created from a local Firebox, assign it to a newly registered appliance, package it at a remote site, and after connecting and powering on, it automatically picks up the file from your cloud account .

We started testing by registering the M590 with our WatchGuard customer account and once it powered up it extracted our feature key and offered a quick start wizard. We initially chose local management with cloud logging and once we assigned the M590 to our cloud account it duly started sending details of all traffic, detected threats and responses.

A new feature makes it easier to move to full cloud management, and we only had to click a button in the portal’s device configuration page. After the reconfiguration, the M590 disabled its local web interface, took all its settings from the cloud, and gave us full access to remote configuration.

WatchGuard Firebox M590 review: Security subscriptions

WatchGuard keeps licensing as simple as possible; all Fireboxes are available with two options, and we have priced the M590 appliance with a 3-year Total Security Suite (TSS) subscription. It starts with the same features you’ll get with the cheaper Basic Security Suite (BSS) and includes AV Gateway, Anti-Spam, Web Content Filtering, Application Controls, intrusion prevention (IPS) and WatchGuard’s RED (reputation-enabled defense).

The TSS subscription essentially enables WatchGuard’s Automation Core (WAC) technology, which is designed to make life easier for support personnel by providing proactive responses to threats. ThreatSync collects event data from all Fireboxes, DNSWatch blocks user access to known malicious domains while IntelligentAV and its Cylance AI engine scans files after they pass through the gateway AV scanner and use machine learning to identify and block new malware.

A screenshot of the WatchGuard Firebox M590 security settings

TSS also enables WatchGuard Gold Support, which provides a targeted one-hour response time for high-priority issues. It also increases the cloud log retention period from 1 day to 30 days.

WatchGuard Firebox M590 review: Cloud setup

We found the WatchGuard Cloud portal to be very easy to use with five main menu tabs provided for an account dashboard view and Firebox status, monitoring, configuration, inventory, and status. ‘administration. The monitoring page opens with an overview of all Fireboxes showing all actions for each security service, and you can explore individual appliances.

Go to the configuration page and you can select a specific Firebox and manage all of its security services from a single screen. The content analysis section gave access to the AV gateway, IntelligentAV, APT blocker and spamBlocker services and in many cases they can be activated simply by clicking on a scroll bar.

Network blocking includes botnet detection and IPS settings with the Geolocation section below allowing you to block traffic from specific countries. Web filtering and app controls are both handled using custom actions where you choose from 130 categories of URLs to block or allow and browse nearly 1,300 predefined app signatures neatly organized into 11 categories for easy access.

From the inventory page, you view all activated Fireboxes and assign new ones to your cloud account. The admin section provides access to Firebox audit logs and you can create scheduled reports for any or all devices, choose which services you want executive summaries for, and provide recipient email addresses.

WatchGuard Firebox M590 review: Verdict

The Firebox M590 is a versatile UTM appliance, and WatchGuard’s simplified licensing schemes make it easy to choose the right level of protection. Deployment is simple, it offers a host of enterprise-grade security services at a very competitive price, and the choice of local or cloud management makes it equally well suited to midsize businesses and enterprises that need to protect distributed remote offices.

WatchGuard Firebox M590 Specifications

Frame

1U rack

CPU

NXP LX2120A 12 Core 2GHz

Memory

8GB ECC DDR4

Storage

128GB M.2 SATA Solid State Drive

Network

8x Gigabit, 2x 10GbE SFP+

Expansion

1 module bay

Other Ports

2 x USB 2, RJ-45 serial ports

Power

Two 150 W internal power supplies

Management

Web browser, WatchGuard WSM/Dimension/Command/Cloud

guarantee

Included in subscription

Optional modules

2 x 10GbE SFP+ ports, £706; 4 x 1GbE copper, £462, 4 x Multi-Gigabit PoE+ with 54V PSU, £1,383 (all excl. VAT)

Featured Resources

Accelerate AI modernization with data infrastructure

Generate business value from your AI initiatives

Free download

Recommendations for AI risk management

Integrate the results of your external AI tools into your broader security programs

Free download

Modernize your legacy databases in the cloud

An introduction to cloud databases

Free download

Switch to innovation

IT agility is driving digital transformation

Free download


Source link