WatchGuard Firebox Review

They are great, functional and useful devices.


What is our primary use case?

Production business use at multiple interconnected locations.

How has it helped my organization?

It is one of the layers of our security and it definitely does protect us from many attack vectors. Between the antivirus scanning, the blocking, and DNSWatch, it is protecting us from a number of attack vectors. It is also provides useful diagnostic tools for identifying and troubleshooting issues. A recent example was when a few LOB network devices were having issues which was affecting operations. ZazaThe ability to search the realtime and historical logs helped me to navigate, zone in, and identify the ultimate issue. It ended up not being the firewall, but fast access to the logs helped me determine and prove that to be the case.

Because of the way it's organized and the user-friendliness of the device, it does make my job managing the firewall profiles and security a lot easier. There's nothing you have to do through the command line. Being able to definitively know what the configuration is, visually, being able to edit it offline without affecting production have all been big time-savers for me. When I had to do two firewalls which had similar configurations it saved me at least 20 hours of setup work. Templates allowed me to create and define a bunch of objects once and use them in both places.

Overall, per month, Firebox will save me four to five hours, depending on if there's something I have to investigate.

What is most valuable?

The Application Control and web blocker have been very valuable because they let me control the outgoing traffic of my users and keep them off of both productivity wasters and sources of vulnerabilities in my environment. 

I like the High Availability feature because it allows a firewall to fail while keeping the environment up and running.

In terms of its usability, it's very straightforward to use, once you understand the way they look at a firewall and the design choices they made.

The throughput the solution provides is excellent. I have not had any performance-related issues with any of the fireboxes I've used.

I like their management features a lot. Their System Manager server as well the System Manager software make managing them, and tracking changes, very easy and complete. In terms of the reporting, I am just starting to look at the reports in Dimension and they look pretty well-organized and useful.

What needs improvement?

The product could have some more predefined service protocols in the list, which don't have to manually be defined. But that's very low hanging fruit.

The documentation for the System Manager/Dimension configuration, could be a little bit clearer. The use case where you have multiple sites with multiple firewalls, and one site that has the System Manager server and the Dimension server, wasn't really well defined. It took me a little bit of digging to get that to actually work.

For how long have I used the solution?

I have been using WatchGuard Fireboxes for about six to seven years.

What do I think about the stability of the solution?

It's pretty rock-solid. I've never had to reboot one because it was acting in an unstable manner and have some that I ran through their entire usable lives without issue.

What do I think about the scalability of the solution?

The scalability is good, assuming you buy the right model. They make it easy to trade up to a bigger model without having a big, financial impact, giving you a discount to trade up. 

How are customer service and technical support?

The times I've used technical support it was excellent.

If you previously used a different solution, which one did you use and why did you switch?

I moved from FortiGate. The reasons i switched include price - WatchGuard is a lot more cost-effective than FortiGate - and complexity. FortiGate is very complicated, had little documentation which relied heavily on cookbooks, and a lot of command-line required to get some common things to work. WatchGuard is very well-documented and everything fits within their configuration. Nothing that I've encountered has to be done through the command line. And when your subscription expires on the WatchGuard, it will still pass traffic, if you configure it to. FortiGate will only allow one connection out. 

How was the initial setup?

The initial set up was very straightforward. You take it out of the box, you plug it in, you download the software, and it starts working. That's what I consider to be the initial set up, and that was very easy and very fast.

The deployment took me a total of about 40 hours for two sites, two firewalls, and with an incredibly complicated configuration. The complexity was a product of the environment, not the firewall.

I utilized the template feature to make everything that could be the same, the same across both sites, which are connected locations.

What about the implementation team?

In-house.

What was our ROI?


What's my experience with pricing, setup cost, and licensing?

They are well priced for the market and offer discounts for competitor trades and model upgrades which are definitely worth taking advantage of.

Which other solutions did I evaluate?

FortiGate and WatchGuard were the only two I've evaluated recently.

What other advice do I have?

I would definitely recommend using WatchGuard.

I would also recommend taking one of the courses that goes through all the features of the device and the way it is organized. Every firewall vendor looks at things differently. If you don't understand the way WatchGuard is structured, you may make a strategic mistake in setting it up and you'll have to tear some of it down and redo which is true of any firewall. Leanr and use the tools Watchguard  provides.

I used to do everything in WatchGuard through their Web UI but I now use the System Manager software because it is very valuable. It provides a lot of features that I had not realized I was missing. The System Manager Server is able to store previous versions of the configuration, and to force people to enter comments regarding what they changed when they save one. Being able to compare the configurations side-by-side, and have it tell you the differences are great tools that you should know about if you're going to start implementing a WatchGuard.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest
Sign Up with Email