WatchGuard XTM [EOL] Review

Helps me create firewall policies for networks and services.

What is most valuable?

The proxy based policy in Policy Manager is the best feature. It helps me:

  • Create many different firewall policies for different networks and services
  • In tracking problems in the policy rule in the traffic monitor of Firebox System Manager

How has it helped my organization?

With this product, I can easily block group websites with its WebBlocker based on predefined categories such as: Social Network, Sex Material, and Video Streaming

We can also use Application Control to block some applications based on pre-defined categories such as: P2P, Social Network, Streaming Media, and Games.

What needs improvement?

1. It is difficult to configure WatchGuard with your internet settings.

Actually, a normal internet setting/configuration is easy. However, I had a problem with multi WAN and multi LAN. I have a few different LAN subnet and two WAN.

What I want to do is to route traffic from LAN1 through WAN1 and use WAN2 as failover. And for LAN2, it would route through WAN2 and use WAN1 as failover. So all traffic from LAN1 supposed to go through WAN1 only unless WAN1 is down, then it will go WAN2.

However, I still could see some packet from LAN1 go through WAN2 at the same times. I checked the Traffic Monitoring in WatchGuard and I figured it out that is because of default “Outgoings” policy. Unfortunately, I could not disable default “Outgoings” policy and if I do “all clients could not access the internet even if I created another Outgoing Policy to replace the default one”.

I used to ask my Vendor to help with this problem, but they could not do it.

2. I would like to see more granularity on each IP bandwidth that is used. I want to check which IP consume internet Bandwidth the most, but it is not convenient to check the total bandwidth that one IP is consuming. I need to go to “Traffic Management” to see which group IP that used most of the bandwidth, and then I go to “Hostwatch” to check bandwidth of each IP and sum the consumed bandwidth by myself.

3. It cannot block Internet Download Manager nor the Torrent application “BitComet” Internet Download Manager and BitComet are two applications that I cannot block in “Application Control”. I used to ask my vendor for help, but they still could not do it. Other application (Messenger, other peer-to-peer application, social network, VOIP .. etc), WatchGuard can block them.

For how long have I used the solution?

I have been using it for eleven months.

What was my experience with deployment of the solution?

There were no big issues with deployment except the problem of multiple WANs and multiple subnets from the LAN.

What do I think about the stability of the solution?

No stability issues were encountered. The device is working smoothly for me.

How are customer service and technical support?

Customer Service:

The customer service from my vendor was very good. I would give them a rating of 9/10.

Technical Support:

I would give technical support a rating of 7.5/10 for two reasons:

  • The vendor technician, on the first occasion, checked the device remotely and configured something, but saved the running configuration without backing up the previous configuration first.
  • Singapore technical support tried to remotely fix the problem where the application control could not block the Torrent application “BitComet”. After one hour of testing was complete, he later sent an email to my vendor to alert them that the current WatchGuard cannot block “BitComet” and that we are waiting for a new version. At that time, he should have tested it at his office first before he asked to check my device remotely.

Which solution did I use previously and why did I switch?

The company has just opened and WatchGuard was the first solution.

How was the initial setup?

It’s not complex. The configuration is UI based. For experienced network administrators who understand network and firewall concepts, it is easy.

What about the implementation team?

The device is implemented through a vendor team. I would give them a rating 7/10 because they did not check and verify the configuration clearly before they left our office. I later found that their configuration was not yet working well and they had to return to configure it again.

What was our ROI?

For the current network demand, I think the product is worth buying. It is not too expensive and it has almost all the features that I need.

What's my experience with pricing, setup cost, and licensing?

I think it is best to consult with the vendor for pricing and licensing.

Which other solutions did I evaluate?

Previously, I wanted to use Juniper as my firewall. However, after consulting with the vendor and reviewing the product ranking and features, we finally chose WatchGuard for our solution.

We chose it based on “medium price with high quality and security that its features can use.” So we chose it for the frontend firewall and we have another for the backend firewall.

What other advice do I have?

If your company needs a medium priced firewall appliance with WebBlocker, Application Control, VPN, and SpamBlocker, then you should try WatchGuard.

However, it is not recommended to use an e-banking server or another import server for the DMZ zone on WatchGuard.

You have a firewall, but you need a very good IPS appliance in addition to these servers. WatchGuard has IPS, but it is not very good yet.

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More WatchGuard XTM [EOL] reviews from users
Find out what your peers are saying about WatchGuard, Fortinet, Netgate and others in Firewalls. Updated: July 2021.
521,690 professionals have used our research since 2012.
Add a Comment
ITCS user