What is our primary use case?
Our primary use case for this solution is traffic management.
When the system recognizes that we are using something like VoIP, Skype, or Cisco Video Conference, then one can adjust the bandwidth. For example, we have it set so that VoIP has a limit of 120Kbps (Kilobits per second).
What is most valuable?
The most valuable feature of this solution is traffic management.
We like the diversity of categories for blocking and allowing traffic.
This solution is very easy to manage.
What needs improvement?
There is no message displayed for the user on the desktop informing them that access to a web page has been blocked by Application Control. Because of this, the administrator has to check the logs to find out. It would be better if the user could call the administrator and explain that the page has been blocked by Application Control, and give the details, like the category and the reason, at that time. In the Web Blocker module, you can define a message that is sent to the user on their browser.
For how long have I used the solution?
I have been using this solution for eight years.
What do I think about the stability of the solution?
This solution is very, very stable. We have never had a hardware failure, but the solution does require maintenance. You have to tune it because as more applications are developed and enhanced, there are new categories or applications that you have to allow or to block.
We use this solution on a daily basis.
What do I think about the scalability of the solution?
This solution is scalable but within the limits already set by WatchGuard. You can edit categories but you cannot add a new category by yourself. Rather, it is a feature request. I would say that the main categories that are available at the moment are enough, but if something is missing then you cannot add it.
Every department is using this application, and each of them has a different configuration. For example, the sales department configuration is different from the management department, which is different from the service department. The Marketing department has to have access to social media, but the service department may not need to, and it might not be allowed because it can lead to wasted time.
We have approximately fifty users.
How are customer service and technical support?
The technical support for this solution is prompt and very, very friendly.
The only issue that we have had is when a strange error happens that requires third-level support, we have to contact Seattle in the US from here in Germany. With the time difference, it means that it takes twenty-four hours to get a solution. That is just when we call. When we email, there is no problem with time difference because they have twenty-four-hour support that is not dependent on Seattle. It comes from India or Asia or somewhere else.
Which solution did I use previously and why did I switch?
Prior to this solution, we used SonicWall, which was owned by Dell at the time. We switched to this solution because the configuration is more intuitive for the users. You can choose the GUI, or instead, as we prefer, you can use the WatchGuard client. With the client, you can do things like making an evaluation.
How was the initial setup?
The initial setup of this solution is not complex because you can only choose certain options or categories. You have to mark the whole category, for example, business communication like Skype, Cisco Tandberg, or Microsoft Teams, or have it choose on its own. After the category has been chosen you mark the options that are allowed. You specify what is blocked and the traffic management options such as reserved or guaranteed bandwidth. At this point, it is only checkboxes and a start button.
It is very easy, but you have to tune it because sometimes things are blocked and they should not be.
Our deployment took approximately one hour and three people were involved.
What about the implementation team?
Own our team handled the deployment and configuration.
You need to have one technical specialist to enter the configuration, but you also have to involve the departments. Each department manager can specify which categories are allowed, which are blocked, and perhaps the level of bandwidth that is required for each category in their department.
One person is required to maintain this solution, although there should also be a spare.
What other advice do I have?
I would suggest that for mid-size companies of say one hundred users, you should choose different configurations. For example, Application Control group one, group two, group three. It could be a management group with more bandwidth and has fewer restrictions. Then ordinary users have more restrictions so you can give them a different configuration. You can specify the levels of restrictions, and in what categories. I feel this is something that is very important.
The only dynamic is increasing categories. If a department calls and says that they cannot access a particular webiste then the admin will check the logs to see why not. It will show the category, and the admin will have the choice to allow the whole category or just a single website. Social media might be a category where we do not allow sites like Facebook, but we do allow LinkedIn. In this case, the Social Media category is blocked but there is an exception checkbox for LinkedIn.
My advice for anybody researching this type of solution is to compare this with other products. The manageability in WatchGuard is very easy. I know other solutions and they are more complex and there is no traffic management capability included.
The biggest lesson that I have learned from using this solution is that things are dynamic. The internet is constantly growing, along with the categories. Startups like Zoom have a VoIP, so you would have to manage this application. The configuration is not static. It is dynamic, like everywhere in IT. You cannot just install it and leave it.
I would rate this solution a nine out of ten.