We just raised a $30M Series A: Read our story
DE
Network Administrator at Niedersächsischer Turner-Bund e.V.
Real User
Top 20
Visually able to see what policies are most in use and which traffic was blocked

Pros and Cons

  • "The solution simplifies my business. Normally, for administration, we are using NetApp System Manager on Window since it's easy to create new policies. In a short amount of time, you can create new policies based on new requirements. For example, in the last few months, many requirements changed due to the coronavirus, adding the use of new services, like Office 365, and eLearning tools, like Zoom."
  • "Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard."

What is our primary use case?

We use it to protect our web stations and service. 

We established a branch office VPN to our branch office. Since last month, we have added Mobile VPN tunnels to our headquarter.

How has it helped my organization?

We have the ability to use it for connecting to our terminal services, then to the Fireboxes, so we can create user-based policies, which are very important at this time. We can control who has access to management servers and machines that are not for general use by users.

We use a normal packet server. We are also using a proxy service and IPS, so all features are possible with these devices. We have seen many attacks from specific IP addresses that were all blocked. Most times, these were IPS traffic port scans. All this traffic is normally blocked from our side.

The solution simplifies my business. Normally, for administration, we are using Watchguard System Manager on Windows since it's easy to create new policies. In a short amount of time, you can create new policies based on new requirements. For example, in the last few months, many requirements changed due to the coronavirus, adding the use of new services, like Office 365, and eLearning tools, like Zoom.

With Firebox, the monitoring is good. On the Dimension servers, I can see where the IP addresses send and receive a lot of the traffic so I can analyze it. I am also able to see where attacks are coming from. It's good to see visually what policies are most in use and which traffic was blocked. Its easy to visualize policies. The dimension server shows which policy is used and the data flow through the firebox.

What is most valuable?

For our requirements, WatchGuard has very good features available in its software.

It is good for administrating devices. It is reliable and easy to use. Most of the time, the results are what I expected.

The performance of the device is good. The time to load web pages has not been slowed down too much. With additional security features, like APT and IPS, WatchGuard Fireboxes need a moment to check the traffic.

For reporting, we use the Dimension server from WatchGuard where we have many options to analyze traffic. It has a good look and feel on all websites that WatchGuard creates. All pages have the same system, so it's easy to use because the interface is uniform throughout the entire solution.

We are using some of the cloud visibility features. What we use on that cloud is DNSWatch, which checks the DNS records for that site. It is a good feature that stops attacks before they come into the network. For most of our clients, we also run DNSWatchGO, which is for external users, and does a good job with threat detection and response. It is a tool that works with a special client on our workstations. 

What needs improvement?

Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard.

I'm missing a tool by default, where you can find unused policies. This is possible when a) you adminstrate the firebox with dimension, or b) you connect it to Watchguard's cloud.

For how long have I used the solution?

We have been using this solution for a long time (for more than a decade).

What do I think about the stability of the solution?

The stability is very good. I normally only do a reboot of a Firebox when I upgrade the boxes with new software, so they run sometimes two or three months without a reboot.

What do I think about the scalability of the solution?

It is scalable to many environments. With all our locations, we found this solution works.

For the moment, we have around 80 users total at all our locations. The traffic at our headquarters per day is 300 gigabytes.

Our number of Fireboxes has been constant over the last few years, as we don't have new locations. We are a sports organization, so we are not expanding.

How are customer service and technical support?

WatchGuard's support is very good. Over the years, there have been only one or two tickets that were not solved.

When you start as a new customer, you should start with a bit of support from your dealer so you have some training on the boxes and how to manage them.

Which solution did I use previously and why did I switch?

Before using WatchGuard, we had a Linux server with iptables. We switched to Firebox because it is much easier to administrate. It has real boxes with a graphical interface, instead of command line administration.

How was the initial setup?

It is relatively easy to set up a new box. In my experience, you have a basic rule set. When you start with a new box, you can quickly make it work, but you always need to specify the services that you need on the boxes. You need some time to create the right policies and services on the box. This is the process for all Fireboxes that you buy.

When you have a small branch office with a small number of policies, you can make them active in production in one or two hours. With complex requirements at your headquarters where you have several networks with servers, web servers, and mail servers which can be accessed from the outside, the configuration will need more time because the number of policies is much higher.

What about the implementation team?

The implenetation was done by the vendor. For us the solution was ok. At this point my knowledge about firewall was not on the level I have today.

What was our ROI?

It saves me three or four a month worth of time because it stops malware. I don't need spend time removing malware from the client.

What's my experience with pricing, setup cost, and licensing?

I think the larger firewall packages are much better because a normal firewall is not enough for these times. You need IPS, APT, and all the security features of a firewall that you can buy.

Which other solutions did I evaluate?

We evaluated some other solutions.

What other advice do I have?

Administration of Fireboxes is only a small part of my job. I have been the network administrator since 1997. While the solution does make less work, I still need a little time to monitor all solutions. 

I would rate this solution as a nine (out of 10).

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
TS
Computer Programmer at Crestwood Inc
Real User
We are able to limit where users can go, what they can do, and what they can access

Pros and Cons

  • "The solution has increased productivity with our outside salespeople being able to connect into their computers and use those remotely."
  • "The few issues that we have had, such as not knowing where to go, they have been answered quickly."

What is our primary use case?

We have a web server on the optional network. Then, on the trusted side, we just run all our computers out through the Internet. We don't do anything too elaborate with it.

How has it helped my organization?

We do have some technicians and some design center salespeople who call in. This is best usage that we get out of the solution.

We don't host our website internally anymore. We used to host our website and it did help with that, getting everything set up. We have just recently removed that and gone to a third-party. But, that was something which was very useful, setting up our internal website and NATting IPs.

The solution has increased productivity with our outside salespeople being able to connect into their computers and use those remotely.

We are able to limit where users can go, what they can do, and what they can access, so they are not wasting time doing things that they shouldn't be doing. It does help to save time, e.g., limiting Facebook. 

What is most valuable?

We are able to segment our FTP website off on the optional, setting up the rules specifically. There are certain outside IPS coming into our computers where we have different machines out there setup where technicians can remote in, etc. Being able to set those up to specific IPS, not just allowing full access, is probably our main use for setup.

The usability is good. I like it. I don't have any issues. Most everything that we have tried to set up for what we use it for is pretty straightforward and easy to use.

For how long have I used the solution?

We have probably had it for the last 10 years. I have been here the entire time.

What do I think about the stability of the solution?

The stability is very good. We haven't had any issues with ports or anything else. Everything has been very good as far as the stability and issues.

The performance and throughput that the solution provides is good. We haven't had any issues as far as when we have connections and things going on. So, it's very good.

What do I think about the scalability of the solution?

The stability is good as far as our use. I feel like we do have room. We have extra ports on it. We can set them up if we need to, but we don't need to use them. However, I feel we have room to expand and grow, if needed.

We have probably 75 users setup. Mostly, they are authenticating through to get out to the Internet. We do have some protections on it: virus stuff and different websites that users can and can't get to. We have groups setup for that. That is our main use from the inside with most of our users going out. Then, we have five or six users who remote into computers and other things.

There are not necessarily plans on expanding anything at the moment. We are pretty much set where we are. Usage is not too heavy, as it's mostly users getting in and out with us restricting what they can get to.

How are customer service and technical support?

I have only had to call once or twice for anything in any of the time that we have had the solution. Most of the time, if I do have a question or something, I can hop onto the forum and there is an answer, then away we go. As far as my experience with the forum and just a few calls, it has been very good. We haven't had anything that has hung us up for a long time.

Which solution did I use previously and why did I switch?

WatchGuard was pretty much our first solution like this. We did not use anything else before it.

How was the initial setup?

The initial setup was straightforward. It walked through everything as far as the configuration. Everything that we needed was right there. So, I didn't have to search for anything. It was easy set up.

We went from a different version to this version. Even from that to this version, it was probably up and running within an hour.

What about the implementation team?

I usually set it up.

We didn't consult anyone. We didn't really have an implementation strategy per se. We just set it up (like the old one), then went through and looked at some of the new features and things we might want to use.

I maintain it and and set up whatever needs to be set up. The other IT guys can come in and do stuff if I'm not here. Generally, it doesn't take too much time to get anything set up that we need.

What was our ROI?

It saves us a couple hours a week.

What's my experience with pricing, setup cost, and licensing?

We don't have any other costs other than the licensing stuff.

Which other solutions did I evaluate?

We did look around at a few different things. We just kind of settled on WatchGuard. It seemed to have the features that we needed, so we went in that direction.

What other advice do I have?

I'd give it a 10 (out of 10). I haven't had any issues. The few issues that we have had, such as not knowing where to go, they have been answered quickly. I am going to give it a 10 because of its easy to use. If we have a question, it's easy to get an answer. Also, it's very simple. For most of everything that we do, we have been able to do them pretty easily. We are very happy.

If we were to ever look at something else, I would look for something that has ease of use, simplicity, and ease of setup. That is what I like about this. Everything is pretty straightforward and easy to find. The interface being easy to use and find has been very helpful.

We don't use a lot of the logs. Generally, we don't need to. If we do need to go look at something or pull something up, the information is there in HostWatch or the logs. I have been happy with it.

We're not using the cloud.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Learn what your peers think about WatchGuard Firebox. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
554,586 professionals have used our research since 2012.
Alexey Shcherbatyi
Network Administrator at Abona Deutschland GmbH
Real User
Top 20
Identifies attacks on our services and precisely directs us to the problem, saving us significant time

Pros and Cons

  • "After conducting several tests I found the antivirus is working very well. Additionally, they have a very interesting feature, DNS WatchGuard, which is checking DNS requests for phishing, among other things, and it has caught a lot of unwanted attempts and attacks."
  • "I haven’t dug deeply into the reporting features yet or if they are working well. However, I have generated several reports and there was too much unnecessary information, in comparison with the reporting features in the Sophos firewall. Sophos' reporting is more readable and easier to configure."

What is our primary use case?

We are using WatchGuard Firebox for defense of our internal infrastructure.

How has it helped my organization?

I wouldn't say that Firebox has improved the way our organization functions, but rather that it protects our organization.

The solution identifies attacks on our services and, as a result, directs our attention precisely to the cause of the problem. As we are not actively watching the traffic ourselves and we completely rely on Firebox to alert us instead, the solution saves us about 30 hours per week.

What is most valuable?

The most valuable features are WatchGuard’s antivirus, traffic protection, and ease of configuration. I also appreciate their traffic analytics. 

After conducting several tests I found the antivirus is working very well. Additionally, they have a very interesting feature, DNS WatchGuard, which is checking DNS requests for phishing, among other things, and it has caught a lot of unwanted attempts and attacks.

Regarding the management features, the interface is user-friendly, and the instructions are well documented. There is a fast learning curve and everything is intuitive and understandable.

It also provides us with layered security. Firebox protects our traffic, as we have numerous Web Services that are external and which are a priority for us to defend. We don't use the rest as much.

What needs improvement?

I haven’t dug deeply into the reporting features yet or if they are working well. However, I have generated several reports and there was too much unnecessary information, in comparison with the reporting features in the Sophos firewall. Sophos' reporting is more readable and easier to configure. Having said that, reporting features were not very important for us when selecting a solution. What was important were other types of functionality that WatchGuard Firebox was able to meet.

In addition to the reporting features, I would suggest they work on an SSL VPN gateway.

For how long have I used the solution?

We have been working with WatchGuard Firebox for about one year. Initially we got an M200 model and then switched to an M470 in a cluster.

What do I think about the stability of the solution?

In terms of the stability, everything is perfect. We haven’t experienced any issues.

What do I think about the scalability of the solution?

The solution scales intuitively and quickly with any internet, meaning the solution’s protocols support any internet configuration. The connectivity scales in any location.

We could scale it to several companies with up to 100 employees and up to 1 Gb of traffic.

How are customer service and technical support?

I would rate WatchGuard's tech support at the highest mark of five out of five. I was very pleased with them. We were working with them on the software licensing and opened some tickets related to technical issues. In both cases, they resolved the issues promptly and without unnecessary back-and-forth, unlike when working with the support teams of other vendors.

Which solution did I use previously and why did I switch?

Before Firebox we used a Sophos firewall. We switched because the WatchGuard firewall offers a broad set of features and parameters that were lacking in the Sophos firewall. Additionally, the WatchGuard solution was cheaper.

WatchGuard has a comprehensive antivirus system included in the firewall and that was important for us. Sophos’ antivirus features were weak, in comparison.

How was the initial setup?

The initial setup was medium in terms of the difficulty of some aspects, such as initially understanding the logic of their security policies. It took several hours to acquaint myself and to fully understand things. The whole deployment took about three days.

We initially had an implementation strategy, but it was adapted according to the recommendations and specifications of WatchGuard.

In terms of the technical aspects, I am the only who works with this solution in our organization.

Initially, we purchased the Firebox just for us but, as of today, we have deployed it to two or three other companies. The client sent us project specs with necessary internet configurations for each device, as well as the physical locations. We replicated their infrastructure in our test environment, configured each device according to their specs, and shipped the device to them. The client then connected the device with a cable to the ports outlined in our instructions and everything worked the first time.

What about the implementation team?

During the deployment we worked closely with WatchGuard’s tech support team and they were very speedy in their responses to us.

What's my experience with pricing, setup cost, and licensing?

The price of the solution corresponds to the quality and the feature set offered. There are no additional costs to the standard licensing fees.

Which other solutions did I evaluate?

Before selecting WatchGuard Firebox, we evaluated the Cisco FirePOWER firewall and, in comparison, Firebox is much easier to use.

Also, WatchGuard’s solution, in terms of the cost-per-value ratio, is very balanced.

What other advice do I have?

My advice would be to try this product.

As for the throughput, at this point it is hard for us to evaluate it because we don’t have heavy traffic, or at least we do not experience the traffic throughput specified for this model. Our inbound and outbound traffic is 1 Gb and the M470 handles it very well, not even stressing its components.

When it comes to the solution’s Cloud Visibility feature, they need to improve on the reporting. But in terms of the logs, it gives us very good visibility.

Overall, I would rate the solution a strong eight out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
GP
System Analyst at a transportation company
Real User
Top 20
Makes it easy to block websites from getting in and to prevent users from going where they shouldn't

Pros and Cons

  • "The set up of the VPN is pretty straightforward. Being able to build VPNs on the fly for certain users, if need be, is also valuable."
  • "The usability could be better, but it is definitely manageable. If we have to go to a backup internet connection, that could be a little bit easier."

What is our primary use case?

We use it to prevent any unnecessary stuff from getting into our network. It's for the usual security features. We do utilize the VPN and there are quite a few people on the VPN right now.

How has it helped my organization?

It gives our business layered security. Attack vectors it secures for us include denial of service attacks, people spoofing our network, as well as preventing malware from getting in — the typical attack vectors. We're satisfied with it overall.

Also, there was a phishing scheme going around a while back. WatchGuard caught it and we were able to mitigate it. That was very good. It keeps us from not having to worry about our network being under attack. It keeps us secure.

It saves us on the order of three hours a month. The solution just works.

What is most valuable?

  • The set up of the VPN is pretty straightforward. Being able to build VPNs on the fly for certain users, if need be, is also valuable.
  • The traffic monitoring is very nice.
  • I also like the ease of blocking certain websites from getting in or users from getting to stuff they don't need to be at.

We're satisfied with the performance, as well as its reporting and management features.

What needs improvement?

The usability could be better, but it is definitely manageable. If we have to go to a backup internet connection, that could be a little bit easier. Other than that, I really don't have any complaints about it.

For how long have I used the solution?

I've been using WatchGuard for three years. That's how long I have been with the company. The company has been using it upwards of 10 years, I believe.

What do I think about the stability of the solution?

It's very stable.

What do I think about the scalability of the solution?

It's scalable. We are probably going to be doing another area for some of the outer branches and the WatchGuards will be part of that. I can't say how soon it's going to happen, but there have been discussions about it.

How are customer service and technical support?

I have no complaints about WatchGuard's technical support. If you have a question, they answer it.

Which solution did I use previously and why did I switch?

As far as I know, WatchGuard is the only one that our company has used. We like the product enough. We're buying another appliance because our support ran out on one of our boxes. We're continuing to buy WatchGuard stuff because it does what we need it to do, it's priced reasonably well, and we like the support and usability.

How was the initial setup?

We have deployed this product to distributed locations. We have a couple of branch offices and we've set them up in all of our locations. We set it up, we configure it to our network settings, we put in all of the information we need, and we go from there. We usually take a configuration from an existing and apply it. It's straightforward. The documentation goes step-by-step on how to set it up. The last time I did one it took about an hour.

In terms of maintenance of WatchGuard there are three people in our department. Whoever sees a problem or hears about an issue takes care of it. Two of us are system analysts and the third is our director of information technology.

What was our ROI?

It keeps our network secure and that's a good enough return for me.

What's my experience with pricing, setup cost, and licensing?

I feel that the pricing is fair for all of the security you get. That's one of the reasons we went with, and continue to go with, WatchGuard.

What other advice do I have?

Go ahead and implement it and don't think twice about it.

We're not using the cloud visibility feature at this time. Maybe we will in the future.

There are 75 users of our environment, in total. They range from mechanics to accountants to our COO and CEO. Everybody in the organization uses it.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Mohamed Y Ahmed
Technical & Pre-Sales Manager at GateLock
Reseller
Top 5Leaderboard
Easy to configure with good packet filtering templates and good traffic management features

Pros and Cons

  • "The security that is used for defending from the attacks is very good."
  • "I would like to see the devices made more flexible by adding modules to increase the ports that we can use."

What is our primary use case?

I'm deploying the WatchGuard Firebox for many of my clients, and they all stay satisfied with the product. The primary reason as a common request from most of the users is to protect the environment from the outside network attacks. It is popular because of its security layers dependencies and its great performance.

The proxy policy and packet filtering templates make it very clear while I am configuring the Firebox for customers. Also, the variety of actions that are designed per kind of packet payload are dependent on the protocol's payload.

How has it helped my organization?

The Firebox is developing most of my client's infrastructures, starting from internet access and its amazing protocol-oriented proxy policies. It also has a deep understanding of the packets, meanwhile the most powerful HTTPS inspection features.

It is supported by the VPN, either Branch office or mobile users.

In addition to its impressive extraordinary DNS security, it has an access portal, which is a feature for publishing web applications, cloud applications, or even publishing internal RDP and SSH. 

https://www.watchguard.com/wgrd-resource-center/2019-nss-labs-ngfw-group-test

What is most valuable?

The traffic management feature is very flexible and it let you manage varieties of our customer's needs as it is working per policy, for all policies, and per IP address. You can apply it also per application or application category, all in the same proxy policy.

The differences between backup and restore and the configuration file allow us to perform a migration from one box to another in a single click.

The security that is used for defending from the attacks is very good. As an example, for the HTTP packet, you will find botnet protection, Reputation Enabled Defense "RED" and DNSWatch "the DNS security", in addition to the AV gateway. They are all working together to protect internet access.

What needs improvement?

I would like to see the number of management consoles reduced. As it is now, Firebox can be configured using the web UI, WatchGuard System Manager, Dimension server, and from the cloud. This should be done without affecting the way we deal with the configuration file, as it's one of the strongest points in making its implementation smooth and easy.

I would like to see the devices made more flexible by adding modules to increase the ports that we can use. As it's started from T80, the last edition of tabletop appliances, it should also be applied to all M series appliances.

Which solution did I use previously and why did I switch?

As I work as a services provider, I have used many different solutions. I find WatchGuard Firebox provides very good value. as you find in the following points "Not everything":-

1. Configuration migration between boxes.

2. More flexible while applying traffic management.

3. Best performance.

4. Security layers and its dependencies.

5. Protocol oriented.

6. Rapid deploy feature that it let you make a total configuration remotely for a box on its default factory mode.

7. total protection for inbound and outbound traffic by applying the policies with a deep understanding of the traffic. 

8. The DNS security and how it stops the malicious DNS requests on the scale of network security and its endpoint for mobile users to apply the same while they are outside the environment.

9. SD-WAN feature and how it deals with lines quality by its Jitter, loss, and latency.

10. The exception for sites, ports, and IPs, it has a huge variety and you can do it at many levels. Before the policies starting already in the default threat protection, Or in the global settings but after the policies starting to scan then you can avoid all of that per policy per protection type which is meaning that you can expect something from geolocation or WebBlocker or APT Blocker, etc...

11. there are some other features in the box Access Portal, Application Control, APT Blocker, Botnet Detection, Data Loss Prevention (DLP), Gateway AntiVirus, DNSWatch, Geolocation, IntelligentAV, Intrusion Prevention Service (IPS), Reputation Enabled Defense (RED), spamBlocker, Threat Detection and Response, and WebBlocker.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: We are a distributor for the vendor in Egypt
DV
Manager
Reseller
A user-friendly, stable, and scalable solution that runs for a long time and can be deployed remotely

Pros and Cons

  • "The ease of use is most valuable. You can quickly train someone who hasn't seen a firewall in life. You can get people up to speed, and in a few months, they are able to manage this product very easily. It is a very user-friendly, scalable, and stable product. Its price is also spot-on."
  • "Its documentation could be improved. Sometimes, you need to search a bit longer to find what you are looking for."

What is our primary use case?

We are using it for firewalling and providing wireless network connectivity for access points. It is a standard product for our infrastructure. 

How has it helped my organization?

We can implement it very easily. There are some standards that we can explain to our colleagues. It is easy to maintain the same type of installation at various customer locations. It is easy to pass on the information to our team about how to implement it in the same way.

What is most valuable?

The ease of use is most valuable. You can quickly train someone who hasn't seen a firewall in life. You can get people up to speed, and in a few months, they are able to manage this product very easily. It is a very user-friendly, scalable, and stable product. Its price is also spot-on.

What needs improvement?

Its documentation could be improved. Sometimes, you need to search a bit longer to find what you are looking for.

For how long have I used the solution?

I have been using this solution since 2014.

What do I think about the stability of the solution?

It is a very stable product. Usually, we have several years of uptime on WatchGuard Fireboxes. They can run for very long without any issues.

What do I think about the scalability of the solution?

It is very scalable. We have several customers with several sites, and we can easily extend the network by using Fireboxes at several sites with site-to-site tunnels. If you use the WatchGuard system management software, you can even drag two Fireboxes together, and they automatically make their own tunnel. You don't even have to perform any additional tasks. It is very user-friendly in terms of scalability.

How are customer service and technical support?

We get good support. It can take a bit longer only in the case of a specific problem that even they are not aware of, but that's the case with many of their competitors. In general, their support is very good.

How was the initial setup?

It is fairly easy to deploy. You can also deploy it remotely. It provides a very easy and out-of-the-box experience.

What's my experience with pricing, setup cost, and licensing?

It has a very good price. It is not the most expensive one, and it is also not the cheapest one. It is just spot-on in terms of price.

Which other solutions did I evaluate?

We evaluated Fortinet and Cisco. We chose WatchGuard because we wanted our engineers to be able to learn and work with the product in a very short amount of time.

When comparing Fortinet and WatchGuard, in the past, Fortinet was before WatchGuard in providing the features for directly resolving DNS names and hostnames and making additions to the rules. A few months later, WatchGuard also implemented these features. Nowadays, it goes both ways.

What other advice do I have?

I would advise others to definitely take the WatchGuard Essential Security training course, which is a four-day or three-day course. It really gives a broad overview of the product. You get a good, basic, and overall feeling of the product. You can take it in groups. We normally go with four to five engineers of our company. Most of the time, after that course, you can implement the basic product and even scale it out to many more locations without requiring additional training.

I would rate WatchGuard Firebox a nine out of ten. I am pretty satisfied with this solution.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Flag as inappropriate
SM
Global Head ICT (CITP & MIE) at The Aga Khan Academies
Real User
Top 5
Helpful for policy-based usage and monitoring our mail services, very stable, and fast support

Pros and Cons

  • "Policy VPN, site-to-site VPN, traffic monitoring, anti-spam filters, and all other advanced features are valuable."
  • "The way Secure Sign-On authentication is happening needs to be improved. When the Secure Sign-On portal is turned on, anybody who comes into the campus, whether he or she is a staff member or a guest, has to go past the initial portal. One of the shortcomings is the username. It shouldn't allow permutations or combinations with upper or lower cases. For example, when there is a username abc, it shouldn't allow ABC or Abc. It should not allow the same username, but currently, two separate people can go in. Therefore, its authentication or validation should be improved, and the case sensitiveness should be picked up. If I have restricted someone to two devices, they shouldn't be able to use different combinations of the same username and get into the third or fourth device. It shouldn't allow different combinations of alphabets to be used to log in."

What is our primary use case?

We run education organizations. We have students and staff working on campus. We wanted to be protected within the campus as well as outside the campus.

I am using WatchGuard Firebox XTM 850, and I have its latest version.

How has it helped my organization?

In terms of users within the campus, the policy-based usage helps us where we allow something during the daytime, something after school hours, and something during the night. In terms of outside the campus, it helps us in monitoring our mail services. All our deployments are protected from external users.

What is most valuable?

Policy VPN, site-to-site VPN, traffic monitoring, anti-spam filters, and all other advanced features are valuable.

What needs improvement?

The way Secure Sign-On authentication is happening needs to be improved. When the Secure Sign-On portal is turned on, anybody who comes into the campus, whether he or she is a staff member or a guest, has to go past the initial portal. One of the shortcomings is the username. It shouldn't allow permutations or combinations with upper or lower cases. For example, when there is a username abc, it shouldn't allow ABC or Abc. It should not allow the same username, but currently, two separate people can go in. Therefore, its authentication or validation should be improved, and the case sensitiveness should be picked up. If I have restricted someone to two devices, they shouldn't be able to use different combinations of the same username and get into the third or fourth device. It shouldn't allow different combinations of alphabets to be used to log in. 

For how long have I used the solution?

I have been using WatchGuard solutions for the last ten years.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

It is scalable. We have about 1,200 users at this point in time, but the number of devices exceeds 2,200. There are multiple devices per person in today's world. A staff member is using three or four devices, and students are using at least two, which makes it 2,500 or 3,000 devices.

How are customer service and technical support?

Their technical support is very good. You get a response within 15 minutes to an hour at the max.

Which solution did I use previously and why did I switch?

We had Cisco ASA Firewall. It was a very simple firewall.

How was the initial setup?

Its initial setup is very straightforward. It took 30 minutes.

What about the implementation team?

A consultant from WatchGuard was there. He showed it once, and our people could do it easily. They have deployed it again and again. It is pretty simple. 

You just need one person for its deployment and maintenance. Security personnel is the one who manages it.

What's my experience with pricing, setup cost, and licensing?

They have an annual subscription license. Initially, we had opted for three years. After that, we went for another three years, and after that, we have been doing it yearly. They also have a license for five years.

Which other solutions did I evaluate?

We evaluated SonicWall, Palo Alto, and Cisco, but this was the best.

What other advice do I have?

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
JS
Network Admin at a manufacturing company with 51-200 employees
Real User
Intuitive to configure and provides us with layered security

Pros and Cons

  • "It also provides us with layered security. It has onboard virus scanning features that allow it to scan before something gets to the host. It will also stop a person from going to a site that is known to be bad."
  • "There is room for improvement on the education side, regarding what does what, rather than just throwing it at a person and assuming they know everything about it. A lot of times, you have to call WatchGuard support to get the solution that will work, rather than their just having it published so that you can fix the problem on your own."

What is our primary use case?

It's our external firewall and VPN solution.

How has it helped my organization?

  • It allows us to access the outside world.
  • It keeps us safe from external threats coming in.
  • It allows us to have remote access.

What is most valuable?

The fact that it just works is one of the most valuable features.

It's fairly intuitive when trying to figure out how to try to get things configured the way you need them. It either works or it doesn't, which means if you have a failure you have a chance to get things fixed.

In addition, I have not noticed any throughput issues at all. The device we have will actually operate at faster technologies than we have available to us.

Management of the solution is great and it also provides us with layered security. It has onboard virus scanning features that allow it to scan before something gets to the host. It will also stop a person from going to a site that is known to be bad.

What needs improvement?

There is room for improvement on the education side, regarding what does what, rather than just throwing it at a person and assuming they know everything about it. A lot of times, you have to call WatchGuard support to get the solution that will work, rather than their just having it published so that you can fix the problem on your own.

For how long have I used the solution?

We've been with WatchGuard now for about six years. We've got their XTM firewall.

How are customer service and technical support?

Their support is awesome. I get a solution to my problem within 24 hours, and if they don't have a solution within 24 hours, they usually have a higher-tier tech working with me until the problem is solved.

How was the initial setup?

The setup was fairly straight forward. We were actually dealing with a failure situation when we received the product. So we had WatchGuard support on the lines from the get-go, helping us get started so that we could get the information. It's something that we would not have been able to do had they not helped.

The main firewall was deployed within a day. The satellites were deployed within a week.

We have two home offices that they're distributed to. Typically, I get the device in, I provision it with the workflows and the exceptions they need, and then they plug it.

What other advice do I have?

I can't say whether Firebox has saved me time. It's a firewall and it does its job. So whether it be WatchGuard, SonicWall, or anybody else, if it does its job and I don't have to look at it, I'm happy. I haven't really looked at a lot of the reporting features. I mainly go in there, figure out where people are having troubles, and fix their problems. 

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.