WatchGuard Firebox Review

GUI makes setup easy and provides us with graphical, real-time bandwidth usage


What is our primary use case?

Our primary use case is for firewalls.

How has it helped my organization?

We were using Websense before, for website filtering, and we had to configure the device to block and monitor. Then we would go to Cisco to configure the firewall ports and then we used antivirus software to protect that the gateway from viruses. So we were using three or four different security products. WatchGuard integrated into everything in one place, so it's much easier to configure.

It has simplified my job. Before WatchGuard, we needed one person inside and two people outside to set up our network. Now I can do it by myself.

The solution has saved us 30 minutes to an hour every day. In terms of productivity, before WatchGuard we had given up checking the logs because there was so much information. But now, with its graphical interface, it's much easier to get the information that I need: the violations and sever errors are easier to pull out.

What is most valuable?

The most valuable feature is the GUI, especially the real-time bandwidth usage report. Also, its integration with WiFi access points is nice.

The product's usability is very good. We were using Cisco products before, and that was terrible. The difference is in integration. With Cisco we had to go into the command line to configure devices. With WatchGuard we can do everything from the GUI, so it's much easier to set up and to make sure everything is working the way we want.

The throughput of the solution is good. It's also very good at reporting. I can see things graphically so I don't have to read through all the log text files.

The solution provides our business with layered security. In terms of the attack vectors it secures, we have a firewall set up and it gives me reports. It also has an integrated web filtering solution. I can set up a website filter and it's all filtered in one place. I don't have to go to another solution.

What needs improvement?

I don't know if it's just my version, but the WiFi access point integration has just started. It's getting better but if there were more reporting of the devices that are connected to WiFi access points that would be great. Right now I can see the MAC address and bandwidth usage for each device but that's about it. If I could see which sites the devices are visiting and what kind of traffic is generated from each device, that would be great.

For how long have I used the solution?

We have been using Firebox for four or five years.

What do I think about the stability of the solution?

We bought Firebox four or five years ago, and with the first version I had to reboot it every two or three months for no apparent reason. We upgraded last year to the M370 and it's been running, but it is rebooting from time to time. I don't know why.

What do I think about the scalability of the solution?

Since everything is integrated, when there is really high user traffic, especially to the different locations, including email and everything coming in at one time, I see very high CPUs. It may not be as scalable as having three or four different devices running, one for each task.

The bandwidth is good but we only have a 15 meg fibre to this location and I see high CPU usage, so I wonder how far it can go up. It's working well for us but if you are trying to go to 200 or 300 meg of bandwidth you may need to get a bigger WatchGuard.

We don't have any plans to increase usage in the future. It has a hotspot client access which we're somewhat interested in, but we don't have many guests coming into our offices. That's the one area where we might spend some time.

How are customer service and technical support?

Technical support is really good. That's one of the best parts of this product. With Cisco, you have to transfer all over the place, but with WatchGuard there's a ticket system. When you open up a ticket, they are really responsive.

Their response time is within a few hours. If you just log a ticket through the website, you get a response back within one to two hours. But if you call up, they respond really fast. And it's a real tech guy responding back. You go through all your details and you get answers right away.

At times I have made an additional feature request and even I have forgotten that I requested it, but they keep following up. I have to say, "It's okay now, forget it."

If you previously used a different solution, which one did you use and why did you switch?

We were using Cisco Professional Services whenever we had to tweak our IP forms or QoS and those advanced types of changes. The outside consultants were costing us money. With WatchGuard we can do the setup by ourselves. We tried it and found we could do it.

How was the initial setup?

The initial setup was very straightforward. The graphic interface gives you bandwidth control, traffic control, and a graphics screen, unlike the Cisco products where you have to go into the command line. There, you are typing commands but it's really hard to tell if it's working or not. With WatchGuard, it gives you the response right back and you see results right away. So, it's much easier to configure.

Our deployment took about three days. To get it up and running it took about one hour. The rest of the time was to tweak our firewalls, open up this port, open up that site.

Regarding our implementation strategy, we have ten remote locations. We started with one branch as a test bed, set up a template there, and applied it to the corporate site here. When we applied it to the corporate site it took a little while, about three days. But once the corporate template was done, the other sites were quick. We set up the device, and it shipped it out and, in ten to 15 minutes, it was up and running.

What about the implementation team?

We purchased the solution from a local distributor, Jensen IT, and they had a support line. We called up two or three times. Our experience with them was very reasonable.

What was our ROI?

From a pure cost standpoint, we cut our fees in half by moving to WatchGuard. And in terms of time, we are spending one-third or even one-fifth of the time we were spending on Cisco devices. Those are substantial savings.

What's my experience with pricing, setup cost, and licensing?

The price is so small that I don't pay attention to it anymore. I think we pay a few thousand dollars for two to three years, so about $100 per month. That's for all of our users.

There is an additional cost if we want to go with a deeper licensing model, but we just pay for antivirus, IPS, and main product support.

Which other solutions did I evaluate?

At the time we made the switch to WatchGuard we were also using two or three different solutions to manage security and our internet connection. We were using Symantec Gateway for antivirus protection, Websense for web filtering, Symantec IPS reporting, and Cisco.

The integration of all of those with our system was cumbersome and there were maintenance fees and license fees being paid to four or five companies. All licensing terms were different and it was really cumbersome to manage. With WatchGuard, everything is really in one place.

However, for one of our new locations we started using Meraki, which has cloud capabilities so I can remotely manage the setup of the firewall for remote offices. For ease-of-setup, Meraki is a little bit easier. If you want an easy solution in terms of setup, Meraki might be a better solution. But there is a lack of depth of setup on the Meraki, while WatchGuard is a real firewall solution. In the new office, we only have a five people, so the WatchGuard features may be a little bit too much that size of office.

Firebox has a very small model for personal use, a home-use product, but we did not test it out. That might be a good fit, but the value for a very small office may be a little bit of overkill.

What other advice do I have?

If you have a small IT staff and want an easy-to-set-up solution, I would one hundred percent recommend WatchGuard. If you have a very serious, big IT department and a big business, you might want to test out the throughput and the stability.

In each of our ten remote offices, we have about ten to 15 people using it. At our corporate office we have 70 to 80 people. We require two people for deployment and one person for maintenance of the solution, including me, the IT manager and, our systems administrator.

I would rate the solution at nine out of the. It's just missing that stability point.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest
Sign Up with Email