WatchGuard Firebox M590 review: Big red network security
A powerful mid-range UTM appliance with top-notch security features at a sensible price
WatchGuard has been busy beefing up its Firebox security appliances to handle the latest threats and the high demands of inspecting encrypted and HTTPS traffic. The Firebox M590 on review is a prime example: this 1U rack appliance ditches the dual-core Intel i3-6100 desktop–class CPU from the elderly T570 and replaces it with a 2GHz NXP LX2120A SoC, which puts twelve ARM Cortex A72 cores on the table.
Targeting mid-sized businesses and distributed enterprises with up to 1,000 users, the M590 claims a raw firewall throughput of 20Gbits/sec, 3.3Gbits/sec with UTM services enabled and a very creditable 1.9Gbit/sec with HTTPS content inspection activated. Other improvements over the M570 include a larger internal 128GB M.2 SSD, dual 150W PSUs and two 10GbE SFP+ ports for high-speed connections over longer distances.
The single expansion bay to the right of the embedded ports accepts a range of modules including quad copper or fibre Gigabit, dual 10GbE SFP+ or a four-port multi-Gigabit option with PoE+. Our review system came with the latter, and the kit includes a chunky 54V power brick which needs to be plugged into a dedicated port at the rear to enable PoE+ delivery.
WatchGuard Firebox M590 review: Management and deployment
One area where WatchGuard excels is appliance management, as your choices are manifold. The M590 can be run in standalone mode and configured using its local web console and WatchGuard’s free System Manager (WSM) software suite, or linked up with the free VMware and Hyper-V virtualised Dimension software and its optional Command service.
Businesses managing multiple, geographically distributed Fireboxes will love WatchGuard’s Cloud service as they can access them all from a single web portal. Included with both security subscriptions, it offers two choices: you can elect to retain local management and set the appliance up to send all its logs to the cloud portal, or opt for full cloud management.
The cloud option adds another benefit by bringing WatchGuard’s RapidDeploy feature into play. Upload a predefined configuration file created from a local Firebox, assign it to a newly registered appliance, pack it off to a remote site and after connection and power up, it automatically takes the file from your cloud account.
We began testing by registering the M590 with our WatchGuard customer account and once it was powered up, it pulled down our feature key and offered a quick start wizard. We initially chose local management with cloud logging and once we’d allocated the M590 to our cloud account, it duly started sending details on all traffic, detected threats and responses.
A new feature makes it dead easy to swap to full cloud management, and we just had to click one button in the portal’s device configuration page. After reconfiguration, the M590 disabled its local web interface, took all its settings from the cloud and furnished us with full remote configuration access.
WatchGuard Firebox M590 review: Security subscriptions
WatchGuard keeps licensing as simple as possible; all Fireboxes are available with two options and we’ve shown the price for the M590 appliance with a 3-year Total Security Suite (TSS) subscription. This starts with the same features as you’ll get with the cheaper Basic Security Suite (BSS) and includes gateway AV, anti-spam, web content filtering, application controls, intrusion prevention services (IPS) and WatchGuard’s RED (reputation enabled defence).
The TSS subscription essentially activates WatchGuard’s Automation Core (WAC) technology, which is designed to ease the life of support staff by providing proactive threat responses. ThreatSync collects event data from all Fireboxes, DNSWatch blocks user access to known malicious domains while IntelligentAV and its Cylance AI-based engine scans files after they’ve passed through the gateway AV scanner and uses machine learning to identify and block new malware.
TSS also activates WatchGuard’s Gold support, which provides a one hour targeted response time for high priority issues. It also increases the cloud log retention period from 1 day to 30 days.
WatchGuard Firebox M590 review: Cloud configuration
We found the WatchGuard Cloud portal very easy to use with five main menu tabs provided for a dashboard view of account and Firebox status, monitoring, configuration, inventory and administration. The monitoring page opens with an overview of all Fireboxes showing all the action for every security service and you can drill down to individual appliances.
Move to the configuration page and you can select a specific Firebox and manage all its security services from one screen. The content scanning section provided access to gateway AV, IntelligentAV, the APT blocker and spamBlocker services and in many cases, they can be activated simply by clicking on a slider bar.
Network blocking includes botnet detection and IPS settings with the Geolocation section below allowing you to block traffic from specific countries. Web filtering and application controls are both managed using custom actions where you choose from 130 URL categories to block or allow and browse nearly 1,300 predefined app signatures neatly organised into 11 categories for easy access.
From the inventory page, you view all activated Fireboxes and allocate new ones to your cloud account. The administration section provides access to Firebox audit logs and you can create scheduled reports for any or all devices, choose which services you want executive summaries for and provide email addresses of recipients.
WatchGuard Firebox M590 review: Verdict
The Firebox M590 is a versatile UTM appliance and WatchGuard’s simplified licensing schemes make it easy to choose the right level of protection. Deployment is cinch, it offers a wealth of enterprise-grade security services at a very competitive price and the choice of local or cloud management makes it equally well suited to mid-range businesses and enterprises needing to protect distributed remote offices.
WatchGuard Firebox M590 specifications
12-core 2GHz NXP LX2120A
8GB ECC DDR4
128GB M.2 SATA SSD
8 x Gigabit, 2 x 10GbE SFP+
1 x module bay
2 x USB 2, RJ-45 serial
Dual internal 150W PSUs
Web browser, WatchGuard WSM/Dimension/Command/Cloud
Included in subscription
2 x 10GbE SFP+, £706; 4 x 1GbE copper, £462, 4 x multi-Gigabit PoE+ with 54V PSU, £1,383 (all exc VAT)
The state of Salesforce: Future of business
Three articles that look forward into the changing state of Salesforce and the future of businessFree Download
The mighty struggle to migrate SAP to the cloud may be over
A simplified and unified approach to delivering Enterprise Transformation in the cloudFree Download
The business value of the transformative mainframe
Modernising on the mainframeFree Download
The Total Economic Impact™ Of IBM FlashSystem
Cost savings and business benefits enabled by FlashSystemFree Download