WatchGuard Firebox Review

VPN and proxy features enable us to connect all our branches to headquarters with excellent throughput


What is our primary use case?

Our primary use case is VPN connectivity between 50 locations and our headquarters.

How has it helped my organization?

It saves us a lot of money over MPLS connections, about $125,000 per year.

WatchGuard provides us with one of our layers of security. The HTTPS proxy is where a lot of things get trapped.

What is most valuable?

The most valuable are the VPN and proxy features. We have all the sites we have to connect and that's how we do it.

I've been using it for so long so I'm pretty used to it. But I think it's fairly simple to use and understand. It helps if you're an IT expert. There isn't much of a learning curve if someone has an understanding of connectivity and firewalling. If they don't, there is certainly a learning curve.

The throughput is excellent. It's only limited to our bandwidth. We haven't had any trouble with throughput. The throughput of the firewall, in all cases, seems to be better than the bandwidth available. It's not the bottleneck.

I don't use the reporting features a whole lot, but Dimension is pretty good.

What needs improvement?

It's very hard to get information from their website, for exactly what I need to do. Sometimes I end up having to open a lot of support tickets. It's either too detailed or not. I never have good luck with their online tools. It's a navigational issue which makes it hard to find what I'm looking for and it's just so broad.

In addition, I have had a ticket in for an awful long time regarding a bug that they should address. If you're using a firewall as a DHCP server, it doesn't keep a good record of the leases. I opened a ticket on this about two years ago, and every couple of months I get an email back that it's still under engineering review.

For how long have I used the solution?

I have been using WatchGuard for 15 or 16 years.

What do I think about the stability of the solution?

They're very stable. I've had one firewall fail at 50 locations in the last ten years.

What do I think about the scalability of the solution?

Scalability for me would mean, as we add more branch locations, the firewall here can support all of those VPN connections, and I'm not even scratching the service of what it can hit. It's very scalable.

How are customer service and technical support?

Tech support has been good. It's gotten a lot better the past few years; it's very much improved. Twelve years ago it was the worst. Now, it's very good. They get back to me in a day if it's nothing critical. And I don't ever really have to escalate. They're pretty resourceful and understand their product.

If you previously used a different solution, which one did you use and why did you switch?

Previously, I built a Linux box.

How was the initial setup?

The initial setup is very straightforward. I've done it so many times that I could do it in my sleep. It's pretty simple to run through the GUI and get a quick setup. It's like if you asked me, is it hard to drive a car? I've been driving a car so long I don't know any other options. It takes me maybe an hour to set one up and get it ready to send out. At that point, it's fully configured. It's just plug-and-play when it gets to the location.

I, or one of my IT guys, will often have to be onsite. We'll send one out to a branch, then we'll have to walk the warehouse manager through how to plug things in. Deploying it to distributed locations consists of plugging it into the modem and plugging it into the network, assuming I programmed it correctly.

Deploying it requires just one person. We have three people in the IT group maintaining the entire network, but it's mostly me. It takes me about five hours a week.

What was our ROI?

ROI is very abstract for a security tool. As far as being able to create VPN tunnels versus having it managed by another vendor, as I said, it saves us about $125,000 a year, maybe a little more. Even comparing it so an SDYN solution from an outside vendor, it's a lot less expensive.

What's my experience with pricing, setup cost, and licensing?

We only license our corporate one and the one we have at our DR site, we don't worry about the branches. It doesn't pay for us to license the ones at the branches. What they charge for what they call basic maintenance is extremely high for those little fireboxes. So we don't bother with them.

What other advice do I have?

They're good machines. They're fairly easy to configure and they're stable.

We mostly use the M400 at corporate and at our branch offices we use T35s, T30s, and XTM25s. In terms of additional usage, I'm looking at the management console and, possibly, the drag-and-drop VPNs.

I would rate it at nine out of ten. The documentation makes it a little hard to find what I need sometimes.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email