IT Pro Verdict
Pros
- +
Good value
- +
High performance
- +
Great security services
- +
WatchGuard Automation Core
- +
Choice of cloud and on-prem management
Cons
- -
None
Stepping in at the top of WatchGuard's security appliance family, the M5800 claims to be its fastest Firebox ever. Targeting distributed environments of up to 7,500 users and taking over from the six-year-old M5600, it delivers a big boost in performance with WatchGuard quoting a high 87Gbits/sec raw firewall throughput and 11.3Gbits/sec with antivirus (AV), the intrusion prevention service (IPS) and application controls all activated.
Hardware-wise, the M5800 is endowed with a superior specification as the pensionable 2.8GHz E5-2680 v2 Xeon CPU in its predecessor gets replaced with a second generation 20-core 2.1GHz Xeon Scalable Gold 6230. Internal memory is doubled to 32GB of the faster ECC DDR4 variety while internal storage is handled by a more capacious 512GB SATA SSD.
The M5800 offers the same versatile range of port options with four expansion slots at the front. The appliance comes as standard with the first two occupied by eight copper Gigabit and quad 10GbE SFP+ modules with WatchGuard also offering eight Gigabit SFP and dual 40GbE fibre options.
The four rear cooling fans have been changed from hot-plug to fixed and you get the same dual 400W hot-plug PSUs. One point worth mentioning is when we reviewed the M5600, we complained about its annoyingly loud fan noise – suffice to say the M5800 is a lot quieter.
WatchGuard Firebox M5800 review: Subscriptions and prices
WatchGuard makes it easy to choose the right subscription plan as it only offers two options. Its Basic Security Suite (BSS) subscription activates gateway antivirus (GAV), antispam, web filtering, HTTPS inspection, IPS, application controls, WatchGuard's RED (reputation-enabled defense) cloud-based URL filtering, and network discovery.
Moving up to a Total Security Suite (TSS) subscription adds WatchGuard's advanced persistent threat (APT) blocker with cloud sandboxing, DNSWatch for monitoring client DNS requests and blocking access to known malicious domains with WatchGuard's Gold support providing advanced hardware replacement and a one hour targeted response time for high priority issues.
Part of WatchGuard's Automation Core (WAC), ThreatSync XDR is designed to reduce the burden on support staff. It provides policy-based collection, correlation, and automated responses for threat events from all Fireboxes and endpoints with WatchGuard's host sensor installed.
You also get the IntelligentAV anti-malware service which employs the Cylance AI-based engine to scan files such as Office documents, Windows portable executables, and PDFs after they've passed through the GAV scanner. Both subscriptions enable access to WatchGuard's cloud portal for remote monitoring and management with TSS increasing the log retention period from 90 to 365 days.
Prices stack up very favorably against the competition with the appliance plus one-year and three-year BSS subscriptions costing around £27,300 and £48,000 (exc VAT) respectively. One-year and three-year TSS subscriptions have list prices of around £48,000 and £88,000.
WatchGuard Firebox M5800 review: Deploy and monitor
The M5800 has a dedicated Gigabit management port so you can isolate this traffic from the main network. Deployment is a piece of cake as after registering the appliance with our WatchGuard customer account, we ran through the local web browser's quick start wizard and chose local management with cloud logging.
The appliance grabbed the TSS feature key from our account and after we allocated it to our cloud account, it started sending details on all traffic, detected threats, and responses. Plenty of monitoring information is provided in the cloud portal with views including live activity, all traffic, the top clients, application usage, and blocked websites.
It's easy to see threats with the portal's Monitor page providing a summary view of all the Fireboxes in our account, pending incidents, and a timeline graph showing when they occurred. The incident list allows you to view all detected threats such as blocked botnet sites and malicious websites over custom time periods and drill down deeper to see associated devices, websites, IP addresses, and client devices.
You can run WatchGuard's free Dimension software on-site as a Hyper-V or VMware VM, but cloud reporting does away with this need. The portal's device dashboard presents all the same information for executive, security, and subscription dashboards along with WatchGuard's nifty FireWatch block charts and a global threat map.
WatchGuard Firebox M5800 review: Cloud management
Moving to full cloud management is really easy as you pull up the portal's device configuration page and click one button. After reconfiguration, the M5800 disables its local web interface, takes all further settings from the cloud, and provisions full access for remote configuration.
We think cloud management is the best option as you pull up the portal's configuration page, select a Firebox device and manage all its security services from a single screen. Consistency across all Firebox models means if you can manage an entry-level T25, you won't have any problems with the M5800
From the portal's content scanning page, you access the gateway AV, IntelligentAV, APT blocker, and spamBlocker services and in most cases, activate or deactivate them by moving a slider bar. Anti-spam policies are available for SMTP, IMAP, or POP3 traffic where you allow, deny, or tag spam messages in their subject line for ongoing local rule processing.
Move to the network blocking section, and you can control botnet detection, IPS, custom blocked URLs and ports, and detection of Tor (The onion router) exit points. The initial quick start wizard automatically blocks access to common unwanted website categories. Still, you can create your own custom policies by choosing from 130 URL categories and deciding whether to block or allow them. This section also provides direct access to WatchGuard's application control service which offers over 1,250 predefined app signatures making it simple to block unwanted apps and control access to social networking services such as Facebook and Twitter
WatchGuard's Firebox M5800 offers a wealth of enterprise-grade security services at a competitive price. Its Xeon Scalable power delivers high performance, easy cloud or on-premises management adds extra versatility and its modular design allows you to expand network capabilities in line with demand.
WatchGuard Firebox M5800 specifications
Chassis | 1U rackmount |
CPU | 20-core 2.1GHz Intel Xeon Scalable Gold 6230 |
Memory | 32GB ECC DDR4 |
Storage | 512GB SATA SSD |
Network | 8 x Gigabit module, 4 x 10GbE SFP+ module |
Expansion | 4 x module bays (2 free) |
Other ports | Gigabit Management, 2 x USB 3, RJ-45 serial |
Power | Dual 400W hot-plug PSUs |
Management | Web browser, WatchGuard WSM/Dimension/Command/Cloud |
Warranty | Included in subscription |
Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.
Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.