WatchGuard Gateway AntiVirus Review

Very stable and effective on non-encrypted traffic, but doesn't offer endpoint protection


What is most valuable?

The solution is very powerful.

It is the most effective on non-encrypted traffic and it is able to determine some threats through deep packet inspection. 

There is a basic deep packet inspection within the antivirus that is able to be run against proxy filtering and certain policies. It's pretty standard in the industry. 

What needs improvement?

The solution isn't what I would consider feature-rich.

Due to the fact that the high volume of traffic that is currently encrypted, I find that the antivirus is less effective every year. That's not just WatchGuard, however. It's the biggest area in need of improvement right now is as a whole in the industry. It has the same weaknesses other firewalls have, and that's its inability to dissect encrypted traffic. It is capable of doing it, however, it requires some specialty configuration that often interferes with Azure, Amazon cloud services, or things of that nature.

It would be useful if we could be able to get a report as to why the solution is doing one action but stopping another. You can configure it as part of the firewall to decrypt that traffic, effectively making it a middle man, however, in doing so, you often disrupt Microsoft Office 365 and Amazon Web Services. The capability is there. It is just not considered a recommended best practice.

While the ability to determine threats in non-encrypted traffic is a good part of a solution, it is not an adequate standalone. It does not have an endpoint component.

The feature I'm most interested in is additional endpoint protection, however, they recently purchased Panda. That would go in line with the EDR product. As a managed service provider, I'm always looking to simplify and clean my stack, so I can provide my customers with the best possible service with the least complexity. It's nice to know that they're actively working towards that already. 

Also, I should note that most of the features I want are currently already in beta.

For how long have I used the solution?

I have 18 years of experience with the WatchGuard brand, and 13 years directly with their threat detection and response products. I've put in more than 30 pieces of WatchGuard hardware, firewalls, access points, etc., in the last 60 days.

I've been using WatchGuard's Gateway AntiVirus specifically for 15 years now.

What do I think about the stability of the solution?

The solution has remained very stable. It has never resulted in a service-related ticket being required or anything along those lines. Users can rely on it as it doesn't crash and there aren't bugs or glitches that affect its functionality.

What do I think about the scalability of the solution?

The solution is very scalable as part of a whole solution. One of the best features is that it's capable of having file exceptions based on the MD5 hash.

As a consultant, I have many of the systems out in production and they are in environments ranging from five to 10 users, up to several hundred.

How are customer service and technical support?

The technical support has been amazing. We're very satisfied with their level of support.

How was the initial setup?

The initial setup was very, very easy. It was not complex at all.

What's my experience with pricing, setup cost, and licensing?

Discussing licensing is tricky. It is not available as a standalone purchase. It is part of a whole, so I can't divide out the costs in an effective way.

What other advice do I have?

We're a service provider and have been for a number of years. I'm a consultant.

The solution is part of the firewall and the UTM. It's never really handled as a separate entity, though it is licensed. It's part of their unified threat bundle.

I've used almost all of the current GUI interfaces. The antivirus has changed the backend engine a couple of times over the years. The current revision, I believe, is Bitdefender driven, but I'm not exactly 100% sure.

I'd advise other organizations, when setting up the solution, to configure all proxies and policies prior to doing the subscription service setup. 

If the policies are pre-configured and your proxies are set up prior to activating the security antivirus or the Gateway AntiVirus, 90% of the configuration is done for you. You only find yourself manually doing it if you are building rules after the fact.

As an antivirus and standalone product, I would rate the solution seven out of ten. The main reason is, as a gateway appliance, it does not have the capability to perform the same function as an endpoint antivirus. It is not a substitute for endpoint antivirus.

**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Add a Comment
Guest