WatchGuard Firebox T35-R Outdoor Firewall Appliance w/ 3-Year Total Security Suite (WG35R643)
WatchGuard WG35R643 Firebox T35-R Outdoor Network Firewall
The WatchGuard Firebox T35-R Outdoor Firewall Appliance provides ruggedised security for harsh environments. Traditional firewalls are designed for office environments or rack-mounted in a climate-controlled server room, where issues with temperature, water and dust are negligible. Initiatives to connect and modernise industrial operations require a device that can withstand these conditions, ensure effective security, and deliver consistently high performance. As an IP64-rated device, Firebox T35-R is the highest-performing industrially hardened compact security appliance available.
- Includes a three (3) year total security suite licence subscription.
- IP64-rated industrial enclosure is dust and splash proof, and capable of operating in temperatures of -40ºC to +60ºC (-40ºF to +140ºF).
- All logging and reporting functions included with purchase, with over 100 dashboards and reports including PCI and HIPAA.
- Five (5) Gigabit Ethernet ports support high-speed LAN backbone infrastructures & Gigabit WAN connections.
- Variable DC power from 12 to 48 V with optional AC power supply.
- SCADA IPS signatures to protect against well-known exploits of common industrial control systems.
- DIN rail included.
Built to Withstand Harsh Conditions
Dust, moisture, and extreme temperatures can dramatically reduce the lifecycle and performance of network hardware. The Firebox T35-R features an IP64-rated industrial enclosure that is both dust and splash proof, and capable of operating in temperatures of -40ºC to +60ºC (-40ºF to +140ºF). The ruggedised construction of Firebox T35-R means you can deploy the appliance in harsh environments without needing to build a special enclosure.
Zero-Touch Remote Deployment
With the Firebox T35-R you can avoid sending your team to every location a device is needed. WatchGuard’s Cloud-based RapidDeploy technology allows you to create and store Firebox configuration data in the Cloud and have an appliance directly shipped to its destination. Once the device arrives, a user only need plug it in – RapidDeploy will automatically download and apply your pre-determined configuration.
Easy to Manage and Understand
The Firebox T35-R is not only easy to initially configure and deploy, but is also designed with an emphasis on centralised management, making ongoing policy and network management across your distributed environment simple and straightforward. WatchGuard Cloud provides a suite of big data visibility and reporting tools that instantly identify and distil key network security threats, issues and trends so you can take immediate preventive or corrective action. Security is complex – running it doesn’t have to be.
Layered Security for Industrial Use Cases
While connecting remote locations and industrial environments can help you achieve a higher level of operational efficiency, the security implications of doing so can be severe. Breaches of industrial control systems (ICS) can have significant impact, bringing your business to a halt and even potentially endangering lives. The Firebox T35-R includes specific SCADA IPS signatures to protect against well-known exploits of common industrial control systems (ICS), making it an ideal choice for remote locations with ICS security needs.
WatchGuard Total Security Suite
Turn your WatchGuard Firewall appliance into a comprehensive Unified Threat Management solution with the Total Security Software Suite from WatchGuard. This suite subscription includes powerful UTM security subscriptions that boost defences in critical attack areas for maximum network protection. At an exceptional value, this suite includes all the subscriptions from the Basic Security package, plus additional services including Gold support, Advanced Persistent Threat Blocker, Data Loss Prevention, WatchGuard Dimension, and Threat Detection & Response.
In addition to the Standard Support package for your WatchGuard appliance, with the Gold level on top, you’ll qualify for Live Call on critical support, and web or phone-based support within 1 hour for high priority issues, and 4 hours for medium/low priority issues.
Advanced Persistent Threat Blocker:
APT Blocker uses an award-winning next-generation sandbox to detect and stop the most sophisticated attacks including ransomware, zero day threats, and other advanced malware designed to evade traditional network security defences.
Data Loss Prevention:
DLP stops data breaches and enforces compliance by scanning text and files to detect sensitive information attempting to exit your network, whether it is transferred via email, web, or FTP. A very comprehensive service that helps keep your confidential data private.
A cloud-ready network security visibility solution that provides the big data visibility and reporting tools that uniquely identify and distil key network security threats, issues and trends, accelerating the ability to set meaningful security policies across the network. Use this service to monitor and gain critical and timely insights about network security, in real time, from anywhere and at any time, easily and quickly.
Threat Detection & Response:
Security data collected from the Firebox and WatchGuard Host Sensor is correlated by enterprise-grade threat intelligence to detect, prioritise and enable immediate action against malware attacks.
Intrusion Prevention Service:
Intrusion Prevention Service uses continually updated signatures to scan traffic on all major protocols, providing real-time protection against network threats, including spyware, SQL injections, cross-site scripting, and buffer overflows.
Allow, block, or restrict access to applications based on a user’s department, job function, and time of day. It’s never been easier to decide who, what, when, where, why and how applications are used on your network. You will have the power to limit application usage, and keep unproductive, inappropriate, and dangerous applications off your network.
In addition to automatically blocking known malicious sites, WatchGuard WebBlocker delivers granular content and URL filtering tools to block inappropriate content, conserve network bandwidth, and increase employee productivity. A powerful and easy-to-use solution for controlling and monitoring web activity across your entire organisation.
Real-time, continuous, and highly reliable protection from spam and phishing attempts. WatchGuard spamBlocker is so fast and effective, it can review up to 4 billion messages per day, while providing effective protection regardless of the language, format, or content of the message. Get real-time, continuous, and highly reliable protection from spam and phishing attempts.
Leverage WatchGuard’s continuously updated signatures to identify and block in real time, known spyware, viruses, trojans, worms, rogue-ware and blended threats – including new variants of known viruses. At the same time, heuristic analysis tracks down suspicious data constructions and actions to make sure unknown viruses don’t slip by.
Reputation Enabled Defence:
A powerful, cloud-based web reputation service that aggregates data from multiple feeds to provide real-time protection from malicious sites and botnets, while dramatically improving web processing overhead.
This service generates a visual map of all nodes on your network, making it easy to see where you may be at risk. It helps ensure that only authorised devices are connected while detecting all open ports and protocols.
A stateful packet firewall, while essential, simply isn’t enough anymore. The reality is that every network needs a full arsenal of scanning engines to protect against spyware and viruses, malicious apps and data leakage – all the way through ransomware, botnets, advanced persistent threats, and zero day malware. A true network security solution will address all aspects of threat prevention, detection, correlation, and response – today, and as those threats evolve. WatchGuard’s award-winning network security platform not only provides the most complete suite of unified security controls on the market today, but has consistently been the first to offer solutions for addressing new and evolving network threats including, but not limited to, advanced malware and ransomware.
It’s more than just about security scanning engines, though. WatchGuard believes simplicity is the key to successful adoption of technology. As such, all of the products are not only easy to initially configure and deploy, they are also designed with an emphasis on centralised management, making ongoing policy and network management simple and straightforward. Security is complex, managing it doesn’t have to be.
All businesses, regardless of size, need to pay attention to performance. Slow security scanning times can cripple a network’s ability to handle high-volume traffic. Some companies are forced to decrease protection to keep performance strong, but WatchGuard solutions never make you choose between security and speed. Leveraging the power of multi-core processing, WatchGuard’s platform is engineered to deliver the fastest throughput when it matters – with all security controls turned on. The platform can run all scanning engines simultaneously for maximum protection, while still maintaining blazing fast throughput.
From the boardroom to the branch office, critical decisions about security often need to be made quickly before damage is done. Furthermore, you need to know what’s happening not just in the network, but on your devices inside and outside the firewall as well. Visibility is about more than data. Visibility is achieved when that data is converted into easily consumable, actionable information. The addition of the WatchGuard Host Sensor, available through Threat Detection and Response, provides continuous event monitoring, detection and remediation of threat activity on the endpoint. WatchGuard’s award-winning network visibility platform, Dimension, takes the data from all devices across your network and presents that data in the form of visually stunning, immediately actionable information. Using Dimension you can identify behavioural trends, pinpoint potential network threats, block inappropriate use, monitor network health and much more.
UTM (full scan)
HTTPS (IPS enabled, full scan)
IPS (full scan)
Firewall (UDP 1518)
VPN (UDP 1518)
Concurrent connections (proxy)
New connections per second
WSM licences (incl)
TDR Host Sensors included
Branch Office VPN
- Stateful packet inspection, TLS decryption, proxy firewall
- HTTP, HTTPS, FTP, DNS, TCP/UDP, POP3S, SMTPS, IMAPS and Explicit Proxy
- DoS attacks, fragmented & malformed packets, blended threats
- Browser Safe Search, Google for Business
Site to Site VPN
- IKEv2, IPSec, Policy and Route Based Tunnels, TLS hub and spoke
Remote Access VPN
Logging and notifications
- WatchGuard Cloud & Dimension, Syslog, SNMP v2/v3
- WatchGuard Cloud includes over 100 pre-defined reports, executive summary and visibility tools
- Pending: CC EAL4+, FIPS 140-2
- IPv6 Ready Gold (routing)
Hazardous substance control
- Multi-wan failover, dynamic path selection, jitter/loss/latency measurement
- Active/passive, active/active
- 802.1Q, DSCP, IP Precedence
IP address assignment
- Static, DHCP (server, client, relay), PPPoE, DynDNS
- Static, dynamic, 1:1, IPSec traversal, policy-based
- 02.3ad dynamic, static, active/backup
Physical and Power Specifications
- 240.6 x 66 x 43.3 mm (9.5 x 2.6 x 1.7 in.)
- 100-240 VAC Autosensing AC Power Supply (sold separately)
- -40ºC to 60ºC (-40ºF to 140ºF)
- -40ºC to 70ºC (-40ºF to 158ºF)
Operating Relative Humidity
- 10% to 85%, non-condensing
Storage Relative Humidity
- 10% to 85%, non-condensing
- 0 to 3,000 metres at 35ºC (0 to 9,843 feet at 95ºF)
- 0 to 4,570 metres at 35ºC (0 to 15,000 feet at 95ºF)
- 83,182 hours at 60ºC (140ºF)
Standard Warranty: 1-Year