WatchGuard Firebox Overview
What is WatchGuard Firebox?
WatchGuard's approach to network security focuses on bringing best-in-class, enterprise-grade security to any organization, regardless of size or technical expertise. Ideal for SMBs and distributed enterprise organizations, our award-winning Unified Threat Management (UTM) appliances are designed from the ground up to focus on ease of deployment, use, and ongoing management, in addition to providing the strongest security possible.
WatchGuard Firebox Buyer's Guide
Download the WatchGuard Firebox Buyer's Guide including reviews and more. Updated: May 2021
WatchGuard Firebox Customers
Ellips, Diecutstickers.com, Clarke Energy, NCR, Wrest Park, Homeslice Pizza, Fortessa Tableware Solutions, The Phoenix Residence
WatchGuard Firebox Video
What users are saying about WatchGuard Firebox pricing:
- "We had a trade-in offer at the end of our first three-year term. As a result, we pretty much got a free device by buying the three-year subscription. It was around $3,000 for the three-years."
- "I buy a three-year renewal on the main device, which is usually around $3,000 to $4,000. They usually upgrade the device when I do it. You get a big discount when you do three years."
- "I spent $600 or $800 on this product and I'm paying a couple of hundred dollars a year in a subscription service to keep the lights on, on it... It works out to $100 or $200 a year if you buy several years at once. It's fair."
- "I usually tell people that it's really affordable as well, particularly compared to Cisco."
- "The pricing of WatchGuard is probably a little higher than the SonicWall, but it makes up for it in dependability. It's worth it to me, especially since it's not much higher. For just a little bit higher price you get the dependability of the firewall with the WatchGuard brand."
- "The cost was somewhere in the vicinity of $2,000 to $3,000 for each one..."
- Highest Rating
- Lowest Rating
- Review Length
Showingreviews based on the current filters.
IT Manager at a engineering company
Aug 6, 2019
Geolocation allows us to lock down certain policies to only U.S. IPs
What is our primary use case?It's our primary firewall. It's also our UTM device, so we have multiple security layers enabled on it. We're using an M270 firewall with version 12.5.
Pros and Cons
- "One of my favorite features is the Geolocation service, where you can actually block specific activity or IP addresses registered to certain countries. For example, I don't want any web traffic from Russia or North Korea. I may even lock down certain policies down to 'I only want U.S. IP addresses.' I find that very useful."
- "They've done a lot of work with their SD-WAN, which we do use, to have our old internet service with our new internet service. If anything goes down on a particular interface, I can have different rules applied. Most of my users don't even know when our primary internet goes down anymore... I don't have to be here to do anything to switch it to our backup internet or to switch it back."
- "Reporting is something you've got to set up separately. It's one of those things that you've got to put some time into. One of the options is to set up a local report server, which is what I did. It's not great. It's okay... Some of the stuff is a little complicated to get up and running. Once you do, it becomes very user-friendly and easy to work with, but I find there are some implementation headaches with some of their stuff."
What other advice do I have?Do your research. It's not impossible. Do things in a logical order and make sure you understand what you're doing and how you're going to do it. Once you understand it and get everything working the way you want, it does get very easy to use and work with from there. Once you get over the learning curve of how all the pieces work together, it's very easy, very user-friendly, very easy to update, and very easy to make changes and document those changes - all that good stuff. I tend to buy the hardware platform that's like one level above where we think we absolutely have to be at a minimum, so…
IT Manager at WTS Media (Wholesale Tape & Supply)
Oct 20, 2019
Setup, and setting up the routing — normally very complicated processes — are intuitive
What is our primary use case?It's our main firewall. We have over 120 hosts that flow through it.
Pros and Cons
- "[A] valuable feature would be the branch office. We have five offices throughout the United States, and it coordinates the connections of those offices."
- "In terms of the reporting and management features — and this isn't necessarily a WatchGuard issue, this seems to be more of an industry-wide issue — you get reports, but a lot of times you don't know what you're looking at. You're so overwhelmed with the data. You're getting a lot of stuff that doesn't matter, so it takes time to parse through it, to actually get what you want to know."
What other advice do I have?Make sure you buy the device that fits your environment. Don't try to do too much with too little. You can buy one of the edge devices, and you could technically run a large network on it, but it's not going to work as smoothly. Your firewall is your primary point of security from outside intrusion so you want to do it right. Be very meticulous about your configuration. Straight-up, walking-to-the-console usability of the solution is not very user-friendly. It's not very intuitive. However, compared to other firewalls, it's very user-friendly. So it's more user-friendly than most, but it's…
Learn what your peers think about WatchGuard Firebox. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
509,641 professionals have used our research since 2012.
Owner at a construction company with 51-200 employees
Real UserTop 5
Jan 14, 2021
Competent, basic front-end; the ports that I have assigned appear to be unattainable to outsiders
What is our primary use case?It's a perimeter device and I use it as a DNS server for my domain, but I'm not the typical user for this type of device. I'm a hobbyist when it comes to this type of product and I use it in a small office environment.
Pros and Cons
- "The ports that I have assigned appear to be unattainable to outside 'mal-actors,' unless they have an address registered on the internet that this thing is expecting. That's a layer of security."
- "I don't think I can get a full-blown DNS client from it. I've been trying to have DNS services. It has forwarding, but I don't get the services of a full DNS client. My main difficulty with it is that I can't run a complete service. I need NTP. I need DNS. I need DHCP for my domain, but I only get forwarding. As far as I can tell, I don't get caching and the kinds of reporting and registration needed to host a DNS for a domain. I have to have a separate solution for that."
What other advice do I have?Use it. It's very unlikely that a perimeter device is going to be cracked unless you leave something really crazy open. Most consumers are going to have some sort of perimeter device involved with their internet delivery and they're going to have some sort of a reasonably clean plug, with some port forwarding for their outbound connections coming into their network. And then if they're geeks, they're going to set up a pfSense virtual machine or get a little ARM processor. I wanted to have a physical device at the network that I could just glare at. But you can set up a perimeter device with…
Manager IT at a hospitality company with 501-1,000 employees
Apr 5, 2020
Automated reports, generated regularly, enable me to see metrics showing what the box is doing
What is our primary use case?WatchGuard Firebox is our edge firewall. Currently, we are using the M470 and we have used many models in the past.
Pros and Cons
- "WatchGuard has a very easy VPN and branch office VPN setup, so we use those pretty extensively."
- "Regarding the reporting, I was in the Dimension server earlier today. It's very powerful. I like it. And the management features are easy to use. I like the fact that I can open up the System Manager client or I can just do it through the web if I'm making a quick change."
- "Once you start getting into proxy actions and setting up: "Okay, cool. Once this rule gets triggered, what actions have to happen?" I do know a few people who use WatchGuard and they still have to get assistance when they look at that. So I would file that as a con for WatchGuard. Proxy actions can be a little bit complicated."
What other advice do I have?Invest in some Professional Services. Although you can absolutely pull it out of the box and deploy it — and we've done that before — it's always good to have somebody that you can ask about best practices and run a few scenarios by them. We ended up purchasing four Professional Services from our local reseller. It was good. Although they didn't really provide any answers, they were there to say, "Oh no, you're doing the right thing." It was more reassurance than anything. But I would definitely recommend springing for some Professional Services. That will make the whole process go a lot…
IT Specialist at Art Students League
Jul 30, 2019
Easily understood and managed and it's simple to do network diagnostics
What is our primary use case?We really don't use the firewall too much, we use it more as a VPN. We've got several different networks that we're joining through WatchGuard.
Pros and Cons
- "It's pretty simple to understand when you want to do any diagnostics on your network. If you want to go in and see what packages are having trouble getting through, what's being held, stalled, etc., it's very easy to use in that way."
- "One other shortcoming is that there is no backup for it. We really haven't figured out how we might solve that problem. We may want to put a duplicate in... With WatchGuard, we just have the one box. If that were to fail, we'd probably be really hurting."
What other advice do I have?I wouldn't hesitate to implement this solution. Particularly if you're down to an IT staff of one, this is a really good solution. If you're that small and your IT staff is very limited, then you're probably lacking the onsite expertise to move to a more expensive solution anyway. I would strongly recommend it. We've got three people who sign in to WatchGuard, me and two others. Beyond that, everybody else is just an end-user. I'm the only full-time IT person we have on staff. We do have a vendor that we use for a lot of our engineering solutions and design. They spend about 12 hours a week on…
Director of Information Technology at a retailer with 201-500 employees
Jun 16, 2020
Allows me to schedule rebooting of the wireless accent points on a regular basis, making it set-and-forget
What is our primary use case?We have multiple sites. We're in the wine business. Our corporate office is where we have accounting and marketing. Our executives are based there as is IT, HR, and payroll. That's where we have the big M200. We have five wineries that we support. Each of the wineries has a WatchGuard on it and we connect them with the business office VPN. We share files across our VPN and we also authenticate our users. Not all of our sites have file servers so we use the business office VPN to get them authenticated onto their machines. We also use that to go out and work on their machines if they have… more »
Pros and Cons
- "Among the most valuable features is the ease of use — love the interface — of both the web interface and of the WatchGuard System Manager."
- "If they could make the traffic monitoring easier that would be great. I don't use it that frequently, but I would like to see some improvements in the ease of use of that component, so it makes more sense. I know it's a technical component so there's going to be some difficulty trying to make that easier."
What other advice do I have?Take a good hard look at it. The interface is pretty easy to work with. The devices are consistently good. It has a lot of features and the boxes are hard-working. They just work. I recommend WatchGuard to people when I'm at industry trade shows when anybody asks me. I think it does provide me with layered security, but I don't spend a lot of time looking into that. It's just part of my total solution package. The value that I get out of it is consistent management. It's a good product. Whatever kind of additional security they provide to me is just a bonus.
IT Director at a healthcare company with 1-10 employees
Apr 13, 2020
I don't have to worry about malicious attacks or vulnerabilities in our facility
What is our primary use case?We're a hospital and we use it for developing our incoming and outgoing policies, and we also use it for VPN.
Pros and Cons
- "The policy monitoring and allowing different traffic flows are the most useful features for us; regulating which traffic comes in and out."
- "I'm not really impressed with the reporting side of it. It may be something I just haven't figured out very well, but it's hard to filter down on reporting of the actual valuable information that you would want. There is a lot of information out there so you have to have some kind of tool capture it and then filter through. So far, I haven't found the reporting side of the WatchGuard to be that user-friendly."
What other advice do I have?My advice would be go for it. We've not had any problem with it. We've been very pleased, especially with the newer WatchGuard we've put in place. It's very responsive. It works great. It may have a little bit of a curve on learning it, but once you learn it, it's hard to say you'd want to go back to something else. It took me a little bit to get used to WatchGuard. I was familiar with SonicWall before I moved into this role. But now that I've used it for almost seven years, I've gotten to know it pretty well and it works great. Once you get used to what I would call the idiosyncrasies of…
Network Administrator at a retailer
Dec 5, 2019
Provides us with more secure site-to-site VPN, remote access ACLs, and client-to-VPN
What is our primary use case?We have four locations and at every one of them we use WatchGuard. We use them as firewalls and for UTM. They provide protection in terms of detection and prevention. And we also use them for site-to-site VPN, as well as for direct connect, VPN to AWS, and to AWS using VLAN tagging.
Pros and Cons
- "It's hard to pick one feature over another. But if I had to pick one, the UTM would be the most valuable because of the notification. I get notified via email if there is any type of threat detection or alert, telling me something is wrong."
- "Websense is an application that monitors and filters internet traffic. Websense was derived from WatchGuard. But when you go to WatchGuard to actually implement that particular feature, you have to use some type of additional feature and you have to pay for it, unfortunately. I think it should be free or free in the WatchGuard box itself, as an option. It would be nice if they didn't charge us for that."
What other advice do I have?Educate yourself. Read documentation and watch videos online. Since the administrators are going to use it, they should educate themselves on WatchGuard. Keep a cheap, old box for training. I train my administrators on an older box and I give them a network to train on. We have been attacked with ransomware in the past, and it was kind of disappointing because, when I talked to Cisco support they said that they recommended purchasing end-point protection with a ransomware interceptor, so we ended up getting Sophos. So alongside the WatchGuard, we have Sophos' ransomware interceptor and…
See 30 more WatchGuard Firebox Reviews
Product CategoriesUnified Threat Management (UTM)
Download our free WatchGuard Firebox Report and get advice and tips from experienced pros sharing their opinions.