WatchGuard Firebox Review

Enables us to drop a lot of traffic and reduce a lot of load on otherwise poorly performing Internet connection


What is our primary use case?

Our primary use cases are for the firewall and for limited routing for small to medium-sized businesses. 

How has it helped my organization?

I had a client that was saturated with RDP, remote desktop attempts, while using a standard low, consumer-grade firewall. Putting in WatchGuard allowed me to drop a lot of that traffic and reduce a lot of load on their otherwise poorly performing Internet connection.

Reporting PCI and HIPAA compliance reporting, firmware updates, cloud-based firmware updates all make for visibility within the client site much easier. I can provide comprehensive reporting on user activity and user behavior which goes along with user productivity. It has excellent mobile SSL VPN capabilities that have allowed for very rapid deployment of remote workers during our current situation.

As a whole, it has a very low requirement for ongoing interaction. It's very self-sufficient. If properly patched, it has very high reliability. The total cost of ownership once deployed is very low.

It absolutely saves us time. All firewalls can be deployed with a very basic configuration in a reasonable amount of time. The uniform way in which WatchGuard can be managed allows for the deployment of much more comprehensive configurations more quickly. When it comes to troubleshooting and identifying any kind of communication issue, they use a hierarchal policy layout. It allows you to manipulate the order of precedence, simplifying troubleshooting by tenfold. Compared to a competitor, I spend less than 10% of the amount of time on WatchGuard that a similar task would take on a Meraki, a FortiGate, or a SonicWall.

What is most valuable?

The most valuable features are: 

  • The unified threat management bundle
  • Advanced threat detection and response
  • APT Blocker
  • Zero-day threat detection.

With most Internet traffic being encrypted, it is much more difficult for firewalls to detect threats. Some of the advanced features, such as the APT Blocker and the advanced threat protection, use advanced logistics to look for behavioral, nonpattern related threats. And the threat detection and response has the capability of working with the endpoints to do a correlated threat detection.

For most people, they don't think about one workstation having a denied access, but when multiple workstations throughout a network have requests that are denied in a short period of time, one of the only ways you can detect that something nefarious is going on is through a correlated threat detection. And WatchGuard has that capability that integrates at the endpoint level and the firewall together, giving it a much better picture of what's going on in the network.

It is the single easiest firewall to troubleshoot I have ever worked with. It deploys very rapidly in the event that a catastrophic failure requires the box to be replaced. The replacement box can be put in place in a matter of minutes. Every single Firebox, regardless of its size and capability, can run the exact same management OS. Unlike some of the competitors where you have dissimilar behavior and features in the management interface, WatchGuard's uniform across the board from its smallest appliance to its very largest, making it very, very simple to troubleshoot, recover, or transition a customer to a larger appliance.

It absolutely provides us with layered security. It has one of the most robust unified threat bundles available with Gateway AntiVirus, APT Blocker. It does DNS control. It does webpage reputation enabled defense. It effectively screens out a lot of the threats before the user ever has an attempt to get to them.

Externally it does a very good job of identifying the most common threat vectors, as well as different transported links, attachments, and things of that nature because of the endpoint integration. It helps protect from internal and external threats, along with payload type, and zero-day threats.

The cloud visibility feature has improved our ability to detect and react to threats or other issues in our network. It has improved firmware upgrades and maintenance reporting as well as investigating and detecting problems or potential threats.

It has reduced my labor cost to monthly manage a firewall by 60%.

What needs improvement?

The data loss protection works well, but it could be easier to configure. The complexity of data loss protection makes it a more difficult feature to fully leverage. Better integration with third-party, two-factor authentication would be advantageous.

For how long have I used the solution?

I have been using WatchGuard Firebox for fifteen years. 

We mostly use the T series: T30s, T70s, some M3, and 400 series.

What do I think about the stability of the solution?

It is the most stable firewall I work with. The incidence of failure is very low, maybe once every two years.

What do I think about the scalability of the solution?

It's very scalable. Because it has the unified configuration interface and the unified tools, or the common tools that are used from the smallest to the lowest, a ton of time and configuration, and thereby money, is saved during an upgrade, for example. The time to take an upgrade to a new appliance is a fraction of the time it would be with a competitor because of the direct portability of the configuration from the prior firewall.

We have one engineer and one part-time technician to maintain approximately 75 WatchGuards for limited, physical installations and onsite. It is very reasonable for one or two engineers to manage 200 to 300 WatchGuards. It's very reasonable.

We have just a single location in which we do use the T70 box and WatchGuard is in place at 95% of our clientele. We do not replace viable commercial-grade solutions until such time that they are ending their licensing or whatever. We do not replace FortiGates or SonicWalls while they're still viable. However, when the opportunity to replace one arises, it is our first suggestion to the client.

How are customer service and technical support?

I do not or have not had to use technical support very often, but I find it to be excellent. They're very responsive and very knowledgeable. I get engineers from a similar time zone. They're very skilled engineers and very invested in end-user satisfaction. Even though they are 100% channel-driven, they take end-users satisfaction very seriously.

Which solution did I use previously and why did I switch?

The complexity of configuring a Sonic Wall, for example, is much, much greater than that of a WatchGuard. Identical tasks can be completed in a WatchGuard in a fraction of the time as a SonicWall. When comparing similar models, the performance of Meraki is far inferior to the WatchGuard. Its capabilities are inferior to WatchGuard. It's a simple cloud interface. Meraki's simple cloud interface is probably more appropriate for a less experienced engineer. FortiGate lacks some advanced features that WatchGuard has, but my predominant issue with FortiGate is that when all the unified threat management utilities are enabled, performance on FortiGate is inferior. Although it has capabilities, when fully enabled it does not perform as well as WatchGuard.

How was the initial setup?

The initial setup is very straightforward. I'm able to deploy a standard template after activating the device. The activation is very simple and takes just a few minutes. Then a base configuration can be applied once the firmware has been updated and a box can be prepared for initial deployment within 7 to 10 minutes after it boots. 

It took 45 minutes to set up.

In terms of the implementation strategy, I have an implementation baseline of minimum acceptable settings and then it is adjusted based on client needs.

We deploy it to distributed locations in one of two ways. The device can be drop-shipped to the user or the endpoint and a cloud configuration deployment can be pushed to the box. My preferred method is to receive the box, perform a firmware update and a base configuration, and then ship the box.

I would recommend working with a partner for an expert-level deployment. It greatly reduces the time to deploy it. An experienced engineer can then deploy the product very rapidly and can often provide instruction on how best to maintain the product. But otherwise, the deployment is very straightforward.

What was our ROI?

They are very low maintenance, they have a very high rate of my end-user satisfaction. I'm able to provide excellent levels of service to my end-users and my customers. I would say that they have a very high value and a good return on the investment.

What's my experience with pricing, setup cost, and licensing?

Generally speaking, I find the three years of live and total security to be the best option. By going with their total security, you do get the endpoint protection component of the threat detection and response. Typically the trade-in options, depending on your prior firewall, are options that they should request or pursue when dealing with their provider. Those programs are usually available, but they're not always offered by a provider unless you ask.

What other advice do I have?

I would rate WatchGuard Firebox a ten out of ten. 

Which version of this solution are you currently using?

T30s, T70s, M3, and 400 series
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More WatchGuard Firebox reviews from users
...who work at a Manufacturing Company
...who compared it with Juniper NetScreen [EOL]
Learn what your peers think about WatchGuard Firebox. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
521,637 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest