IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

WatchGuard Firebox M290 review: Stiff security at a great price

The Firebox M290 delivers an incredible range of gateway security measures priced right for SMBs

Editor's Choice
A photograph of the WatchGuard Firebox M290
Price
£4,148 exc VAT (Appliance with 3yr Total Security subscription)
  • Good value
  • Top performance
  • Easy deployment
  • Extensive security measures
  • WatchGuard Cloud
  • PoE+ services on expansion module not supported

WatchGuard’s latest M-series rackmount security appliances have a sharp focus on value and are designed to offer SMBs and mid-sized companies affordable enterprise-level gateway security. Stepping up as the entry point of the family, the Firebox M290 on review certainly hits this target: the price we’ve shown includes the appliance and a 3-year Total Security Suite (TSS) subscription which enables every feature WatchGuard has to offer.

Clothed in Watchguard’s customary fire engine-red chassis, this 1U rack appliance targets businesses with up to 75 users and boasts a high raw firewall throughput of 5.8Gbits/sec, dropping to 1.18Gbits/sec with all UTM services enabled. With the bulk of malware now being delivered over HTTPS-encrypted connections, the M290 has the horsepower to handle these inspection overheads, as it’s powered by a quad-core NXP LX1046A CPU partnered by 4GB of DDR4 system memory.

Network connections look good too, and the M290 presents eight Gigabit ports which can be used for WAN, LAN or DMZ duties. There’s room for even more via the expansion slot at the front, which supports an optional module with four copper or fibre Gigabit ports, or dual 10GbE SFP+.

On top of this, WatchGuard also offers a 4-port multi-Gigabit module with PoE+, but while you can use it in the M290, this appliance doesn’t support the required optional 54V power supply, so its PoE+ services will be disabled. If you want this functionality, you’ll have to opt for the M590 or the M690, as these are the only ones which fully support this module.

WatchGuard Firebox M290 review: Security features

WatchGuard offers two Firebox licence schemes so you could save some cash with the Basic Security Suite subscription. Available for one or three year periods and costing £2,077 exc VAT for the latter, this activates gateway antivirus (GAV), antispam, web filtering, HTTPS inspection, IPS, application controls, WatchGuard’s RED (reputation enabled defence) cloud-based URL filtering and secure software defined WAN (SD-WAN) services. 

A screenshot of the WatchGuard Firebox M290's web console

A TSS subscription includes all these features, but additionally augments them with WatchGuard’s advanced persistent threat (APT) blocker, plus its Threat Detection and Response (TDR) service with a 75 host sensor licence included. Malware protection is beefed up with IntelligentAV which uses the Cylance AI-based engine to scan files such as Office documents, Windows portable executables and PDFs after they’ve passed through the GAV scanner.

WatchGuard’s DNSWatch service also monitors client DNS requests and blocks access to known malicious domains. Remote monitoring and management via the WatchGuard Cloud portal is enabled across all subscriptions and TSS increases the log retention to 30 days.

WatchGuard Firebox M290 review: Management choices

Management choices are impressive - you can monitor and configure the M290 using its local web console and run WatchGuard’s free System Manager (WSM) suite on a separate Windows host to provide central management, logging and reporting services. 

Next up is WatchGuard’s free Dimension software which is virtualized on a Hyper-V or VMware host. This provides a separate web console for viewing appliance utilisation, an executive dashboard, policy activity graphs and a global threat map, and enabling the optional Dimension Command feature brings Firebox management into play.

We think WatchGuard’s Cloud is a better choice than Dimension, as it provides all the same features without the need for a host system. You have two choices: you can keep local management enabled and set the appliance to send its logs to the cloud for monitoring and reporting, or disable local management and move it all into the cloud.

A screenshot of the WatchGuard Firebox M290's config dashboards

WatchGuard Firebox M290 review: Cloud deployment

Initial deployment is swift, as the appliance’s web console provides a quick start wizard which runs through enabling firewall-protected internet access and applying a base set of security policies. We had already registered the serial number of the M290 with our cloud support account so it grabbed our TSS feature key and applied it for us.

From our WatchGuard Cloud portal, we could see the appliance was available for allocation and selecting this offered two options: local management with cloud reporting and full cloud management. Initially, we chose the former and after a few minutes, a wealth of information from the M290’s activity logs started appearing in our portal including detailed views of traffic, web and application activity, all security services and the most active clients.

Swapping to full cloud management required the M290 to be deallocated, returned to our inventory and reallocated with this option selected. After running through WAN port setup and applying a new administrative password, the M290 disabled local management and only provided options to view its status, upgrade the OS and load the cloud portal.

WatchGuard Firebox M290 review: Cloud security settings

Configuring the M290 from the cloud portal is even easier than using its local web interface, as all security settings are accessed from a single web page. For content scanning, we could enable GAV and choose an action when a virus is detected, activate IntelligentAV with one click and set APT to drop traffic for high, medium and low threat levels.

Antispam uses policies for incoming SMTP, IMAP or POP3 traffic with options to allow, deny or tag suspect messages. The content filtering section provides access to the WebBlocker service which offers 130 URL categories that can be allowed, blocked or set to display a warning page to users.  

A screenshot of the WatchGuard Firebox M290's threat map

WebBlocker actions are applied with firewall rules and are also used to manage the application control service. This presents nearly 1,300 predefined app signatures, including 12 sub-categories for all Facebook activities, making it easy to block or control its use in the workplace.

WatchGuard Firebox M290 review: Verdict

The Firebox M290 is an attractive choice for SMBs; it combines a superb range of security measures and delivers them at a sensible price. We found it easy to deploy and configure, with WatchGuard’s Cloud portal providing excellent remote management and monitoring features.

WatchGuard Firebox M290 specifications

Chassis

1U rack

CPU

Quad-core NXP LX1046A

Memory

4GB ECC DDR4

Storage

128GB M.2 SATA SSD

Network

8 x Gigabit

Expansion

1 x module bay

Other ports

2 x USB 2, RJ-45 serial

Power

Internal 65W PSU

Management

Web browser, WatchGuard WSM/Dimension/Command/Cloud

Warranty

Included in subscription

Optional modules

2 x 10GbE SFP+, £711; 4 x 1GbE copper, £466 (all exc VAT)

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Sophos XGS 3300 review: Xstream firewall performance
Security

Sophos XGS 3300 review: Xstream firewall performance

7 Jan 2022
Ubiquiti Networks UniFi Dream Machine Pro review: All the security you need in one handy box
Security

Ubiquiti Networks UniFi Dream Machine Pro review: All the security you need in one handy box

18 Nov 2021
Big zero-day flaw found in Palo Alto security appliance
internet security

Big zero-day flaw found in Palo Alto security appliance

11 Nov 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Samsung proposes 11 Texas semiconductor plants worth $191 billion
Hardware

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022