WatchGuard Firebox M590 Review: Great Red Network Security

WatchGuard has been busy hardening its Firebox security appliances to handle the latest threats and high demands for inspection of HTTPS and encrypted traffic. The Firebox M590 under review is a good example: this 1U rackmount device ditches the older T570’s dual-core Intel i3-6100 desktop CPU and replaces it with a 2GHz NXP LX2120A SoC, placing twelve ARM Cortex A72 cores. on the table.

Aimed at midsize businesses and distributed enterprises with up to 1,000 users, the M590 claims raw firewall throughput of 20 Gbits/sec, 3.3 Gbits/sec with UTM services enabled, and 1.9 Gbits/sec with HTTPS content inspection enabled. Other improvements over the M570 include a larger 128GB internal M.2 SSD, dual 150W PSUs, and two 10GbE SFP+ ports for high-speed connections over longer distances.

The single expansion bay to the right of the built-in ports accepts a range of modules including four Gigabit copper or fiber, two 10GbE SFP+, or a four-port multigigabit option with PoE+. Our review system came with the latter, and the kit includes a chunky 54V power brick that needs to be plugged into a dedicated port on the back to enable PoE+ delivery.

WatchGuard Firebox M590 Review: Management and Deployment

One area where WatchGuard excels is device management, as your options are manifold. The M590 can be run in stand-alone mode and configured using its local web console and WatchGuard’s free System Manager (WSM) software suite, or can be linked with VMware and Hyper-V’s free virtualized Dimension software and its optional Command Service .

Companies that manage multiple geographically distributed Fireboxes will love WatchGuard’s cloud service because they can all be accessed from a single web portal. Included with both security subscriptions, it offers two options: you can choose to retain local management and configure the device to send all its logs to the cloud portal, or opt for full cloud management.

The cloud option adds another benefit by bringing WatchGuard’s RapidDeploy feature into play. Upload a predefined configuration file created from a local Firebox, assign it to a newly registered device, save it to a remote site, and after connection and power up, it automatically takes the file from your cloud account.

We started our tests by registering the M590 with our WatchGuard customer account, and once it was powered on, it opened our function key and offered a quick start wizard. We initially chose local management with cloud logging, and once we assigned the M590 to our cloud account, it started sending details about all traffic, detected threats, and responses.

A new feature makes it super easy to switch to full cloud management, and we just had to click a button on the portal’s device settings page. After the reconfiguration, the M590 disabled its local web interface, took all of its settings from the cloud, and gave us full remote configuration access.

WatchGuard Firebox M590 Review: Security Subscriptions

WatchGuard keeps licensing as simple as possible; all Fireboxes are available with two options and we show the price of the M590 appliance with a 3-year subscription to Total Security Suite (TSS). This starts with the same features you’ll get with the cheaper Basic Security Suite (BSS) and includes Gateway AV, anti-spam, web content filtering, application controls, intrusion prevention services (IPS), and WatchGuard RED (reputation-enabled defense). ) .

Subscribing to TSS essentially activates WatchGuard’s Automation Core (WAC) technology, which is designed to make life easier for support staff by providing proactive responses to threats. ThreatSync collects event data from all Fireboxes, DNSWatch blocks user access to known malicious domains, while IntelligentAV and its Cylance AI-based engine analyze files after they’ve passed through the gateway’s AV scanner and they use machine learning to identify and block new malware.

TSS also enables WatchGuard Gold Support, which provides a specific one-hour response time for high-priority issues. It also increases the cloud log retention period from 1 day to 30 days.

WatchGuard Firebox M590 Review: Cloud Configuration

We found the WatchGuard Cloud portal to be very easy to use with five main menu tabs provided for a dashboard view of Firebox and account status, monitoring, configuration, inventory, and management. The monitoring page opens with an overview of all Fireboxes showing all the action for each security service and you can drill down to individual devices.

Go to the configuration page and you will be able to select a specific Firebox and manage all your security services from one screen. The content scanning section provided access to the Gateway AV, IntelligentAV, APT blocker and spamBlocker services and in many cases can be activated simply by clicking a slider bar.

Network blocking includes botnet detection and IPS settings with the Geolocation section below that allows you to block traffic from specific countries. Web filtering and application controls are managed through custom actions where you can choose from 130 URL categories to block or allow and explore nearly 1,300 predefined application signatures neatly organized into 11 categories for easy access.

From the inventory page, you view all activated Fireboxes and assign new ones to your cloud account. The administration section provides access to Firebox audit logs and you can create scheduled reports for any or all devices, choose the services for which you want executive summaries, and provide recipient email addresses.

WatchGuard Firebox M590 Review: Verdict

The Firebox M590 is a versatile UTM appliance, and WatchGuard’s simplified licensing schemes make it easy to choose the right level of protection. Deployment is a no-brainer, it offers a host of enterprise-grade security services at a very competitive price, and the option of local or cloud management makes it equally suitable for mid-range businesses and enterprises that need to protect distributed remote offices.

WatchGuard Firebox M590 Specifications