We just raised a $30M Series A: Read our story
Marlon Sealey
I.T. Co-ordinator at National Lotteries Control Board
Real User
Top 20
Allows us to manage VLANs and to review and determine what traffic we want to allow or deny

Pros and Cons

  • "Two of the functionalities we use most are the traffic monitoring and the full panel dashboard. Those are two things that are very useful for us... In addition, it provides us with layered security. It allows us to determine what types of access, to which networks, we want to allow or deny."
  • "I would like to have a little more control over access points and the ability to see the bandwidth that is passing through a specific access point. We are not able to see that. We can see what traffic is passing through the Firebox itself, but we can't identify if it is coming from a particular access point or not."

What is our primary use case?

We use them for perimeter security and also to manage virtual LANs.

How has it helped my organization?

The main benefit for us is the ability to manage the VLANs. It allows us to monitor types of traffic and to actually review and determine what traffic we want to allow and deny. It also allows us to modify the categories of restrictions that need to be applied.

It has also simplified some of the processes that we have. For example, we were having some issues in identifying where most of our bandwidth was being used up, which devices and which users, and what they were using the bandwidth to do. Were they watching videos or were they looking at some other bandwidth-intensive site or application? We have been able to determine user behavior on the network.

We are quite happy with the Firebox. It really helps us with the ease of managing firewalls at other locations. It has really helped us save time by not having to go to other locations. We have devices at two smaller offices, where we don't have IT staff. It has allowed us to remotely manage and update the firewalls at those locations. It's saving us at least four hours a week.

I don't think it has helped improve productivity in terms of efficiency, but it has enabled us to improve the security of the network. We don't have to worry as much about where the users are going. And if a user was blocked, it will let us know why they were blocked, what category of trip was being blocked, or what policy it was blocked under. Even if our staff is going to a legitimate site, but the site is under a wrong category, it allows us to put that site on our exemption list to allow it.

It has also really helped us with our management and to monitor internet usage. Our department is just three people and it has made it very easy for us to manage.

What is most valuable?

  • Two of the functionalities we use most are the traffic monitoring and the full panel dashboard. Those are two things that are very useful for us.
  • It's very easy to use. The interface does not present a challenge for the user. It is a great device for small businesses with up to 500 users. It allows easy management of all devices from one central device and updates are very easy as well.
  • The performance is also very good. The throughput is excellent. I've not had any issues with that so far.
  • The reporting and management features are excellent. They're easy to navigate and very intuitive, and reports are easy to read.
  • In addition, it provides us with layered security. It allows us to determine what types of access, to which networks, we want to allow or deny.
  • We also like the site-to-site VPN that allows us to connect to and securely access devices at other locations.

What needs improvement?

I would like to have a little more control over access points and the ability to see the bandwidth that is passing through a specific access point. We are not able to see that. We can see what traffic is passing through the Firebox itself, but we can't identify if it is coming from a particular access point or not.

For how long have I used the solution?

We have used WatchGuard Firebox for seven years.

What do I think about the stability of the solution?

The Firebox is very stable. We have not had a failure over the seven years we've used them.

What do I think about the scalability of the solution?

In terms of scalability, we would need to add another device to the M300 that we have right now. I know there are models of Firebox that you can actually add hardware to, to get them scaled up and for additional portals. But the one that we have, in terms of subscription, is very scalable in terms of features, and it integrates with WatchGuard's central interface where it can update our firmware as the updates come out.

What we want to do is put in some more redundancy in our network access. We want to have a second Firebox at each location. We have two ISPs at each location, so instead of both ISPs going to one Firebox, we want to split the ISPs between the two Fireboxes and have load balancing through the internet on firewalls.

We have 100 employees at our head office, and we have 10 employees at our sub-offices. In terms of devices, we probably have about 150 devices, including printers and computers at our head office, and about 12 devices at each of our sub-offices.

How are customer service and technical support?

We used the technical support once, when we had some issues with employees trying to access legitimate sites. That is when we learned about setting exemptions for certain sites. A company might be a travel site, for instance, but due to the amount of advertising they do, it might be flagged as an advertising site. To resolve that issue, when it's a legitimate site that does a lot of advertising, you can go to support for help in figuring that out, and also for help in putting necessary exemptions in place. 

The support was very professional. They were very patient, and they explained the issues and the solutions fully.

Which solution did I use previously and why did I switch?

I don't have a lot of experience with other firewalls. There was a Cisco Certified office that I was exposed to before we moved to the WatchGuard Firebox. It felt like the WatchGuard was a lot easier to use, and easier to set up than the Certified Office device.

The primary reason that we went with Firebox was its cost. It is very economical and it provided us with all the security functions that we were looking for at the time. And the throughput was more than what we required, so it was a very cost-effective device to deploy on our network.

How was the initial setup?

The initial setup of Firebox was straightforward. It was not complex.

For our deployment we configured all three access points at one location, our head office, and tested them in that one environment. Then, at the various offices, it was just a matter of changing the IP address. We had one technician go to one office and another technician go to the other office to install the Fireboxes and connect them to the network. As they were plugged in, they connected and it provided the service that we wanted from day one. We didn't have to do too many reconfigurations. The policies that come with it out-of-the-box provide adequate network protection, and we just had to put in special policies to allow various types of traffic, either both ways or one way, to various ports on the firewall. We didn't have many problems in getting them up and running at each office.

Deployment took one day at each location. Overall, we were able to prepare the Fireboxes and test them in less than a week. We prepared everything at one location, did the testing on the second day, and on the third and fourth days we went to the other two office locations to install them.

What was our ROI?

With the Firebox solutions we have had a lot more accessibility, in the network, to our third-party vendors and suppliers. Prior to that, we did not have a direct connection to those companies, but with the Firebox we were able to configure a DMZ, and that allowed us to apply the granular restrictions that we really wanted. It allowed us to reduce the number of devices that we have on one desk, at certain workstations. Instead of having the supplier's computer and our computer, we were able to use just one computer, and connect to the supplier.

What other advice do I have?

Going with the Firebox is a no-brainer. It provides the necessary security, out-of-the-box, for your configuration of the policies. It's very easy to use and it also gives you a reporting dashboard that can be customized. It makes a lot of sense out of all the data. It's very easy to read. We use a 40-inch display in our office and have it connected to the Firebox so that we can see what's going on on the network. We can look at it and see how the traffic is going through it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
DE
Network Administrator at Niedersächsischer Turner-Bund e.V.
Real User
Top 20
Visually able to see what policies are most in use and which traffic was blocked

Pros and Cons

  • "The solution simplifies my business. Normally, for administration, we are using NetApp System Manager on Window since it's easy to create new policies. In a short amount of time, you can create new policies based on new requirements. For example, in the last few months, many requirements changed due to the coronavirus, adding the use of new services, like Office 365, and eLearning tools, like Zoom."
  • "Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard."

What is our primary use case?

We use it to protect our web stations and service. 

We established a branch office VPN to our branch office. Since last month, we have added Mobile VPN tunnels to our headquarter.

How has it helped my organization?

We have the ability to use it for connecting to our terminal services, then to the Fireboxes, so we can create user-based policies, which are very important at this time. We can control who has access to management servers and machines that are not for general use by users.

We use a normal packet server. We are also using a proxy service and IPS, so all features are possible with these devices. We have seen many attacks from specific IP addresses that were all blocked. Most times, these were IPS traffic port scans. All this traffic is normally blocked from our side.

The solution simplifies my business. Normally, for administration, we are using Watchguard System Manager on Windows since it's easy to create new policies. In a short amount of time, you can create new policies based on new requirements. For example, in the last few months, many requirements changed due to the coronavirus, adding the use of new services, like Office 365, and eLearning tools, like Zoom.

With Firebox, the monitoring is good. On the Dimension servers, I can see where the IP addresses send and receive a lot of the traffic so I can analyze it. I am also able to see where attacks are coming from. It's good to see visually what policies are most in use and which traffic was blocked. Its easy to visualize policies. The dimension server shows which policy is used and the data flow through the firebox.

What is most valuable?

For our requirements, WatchGuard has very good features available in its software.

It is good for administrating devices. It is reliable and easy to use. Most of the time, the results are what I expected.

The performance of the device is good. The time to load web pages has not been slowed down too much. With additional security features, like APT and IPS, WatchGuard Fireboxes need a moment to check the traffic.

For reporting, we use the Dimension server from WatchGuard where we have many options to analyze traffic. It has a good look and feel on all websites that WatchGuard creates. All pages have the same system, so it's easy to use because the interface is uniform throughout the entire solution.

We are using some of the cloud visibility features. What we use on that cloud is DNSWatch, which checks the DNS records for that site. It is a good feature that stops attacks before they come into the network. For most of our clients, we also run DNSWatchGO, which is for external users, and does a good job with threat detection and response. It is a tool that works with a special client on our workstations. 

What needs improvement?

Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard.

I'm missing a tool by default, where you can find unused policies. This is possible when a) you adminstrate the firebox with dimension, or b) you connect it to Watchguard's cloud.

For how long have I used the solution?

We have been using this solution for a long time (for more than a decade).

What do I think about the stability of the solution?

The stability is very good. I normally only do a reboot of a Firebox when I upgrade the boxes with new software, so they run sometimes two or three months without a reboot.

What do I think about the scalability of the solution?

It is scalable to many environments. With all our locations, we found this solution works.

For the moment, we have around 80 users total at all our locations. The traffic at our headquarters per day is 300 gigabytes.

Our number of Fireboxes has been constant over the last few years, as we don't have new locations. We are a sports organization, so we are not expanding.

How are customer service and technical support?

WatchGuard's support is very good. Over the years, there have been only one or two tickets that were not solved.

When you start as a new customer, you should start with a bit of support from your dealer so you have some training on the boxes and how to manage them.

Which solution did I use previously and why did I switch?

Before using WatchGuard, we had a Linux server with iptables. We switched to Firebox because it is much easier to administrate. It has real boxes with a graphical interface, instead of command line administration.

How was the initial setup?

It is relatively easy to set up a new box. In my experience, you have a basic rule set. When you start with a new box, you can quickly make it work, but you always need to specify the services that you need on the boxes. You need some time to create the right policies and services on the box. This is the process for all Fireboxes that you buy.

When you have a small branch office with a small number of policies, you can make them active in production in one or two hours. With complex requirements at your headquarters where you have several networks with servers, web servers, and mail servers which can be accessed from the outside, the configuration will need more time because the number of policies is much higher.

What about the implementation team?

The implenetation was done by the vendor. For us the solution was ok. At this point my knowledge about firewall was not on the level I have today.

What was our ROI?

It saves me three or four a month worth of time because it stops malware. I don't need spend time removing malware from the client.

What's my experience with pricing, setup cost, and licensing?

I think the larger firewall packages are much better because a normal firewall is not enough for these times. You need IPS, APT, and all the security features of a firewall that you can buy.

Which other solutions did I evaluate?

We evaluated some other solutions.

What other advice do I have?

Administration of Fireboxes is only a small part of my job. I have been the network administrator since 1997. While the solution does make less work, I still need a little time to monitor all solutions. 

I would rate this solution as a nine (out of 10).

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about WatchGuard Firebox. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
541,708 professionals have used our research since 2012.
TS
Computer Programmer at Crestwood Inc
Real User
Top 20
We are able to limit where users can go, what they can do, and what they can access

Pros and Cons

  • "The solution has increased productivity with our outside salespeople being able to connect into their computers and use those remotely."
  • "The few issues that we have had, such as not knowing where to go, they have been answered quickly."

What is our primary use case?

We have a web server on the optional network. Then, on the trusted side, we just run all our computers out through the Internet. We don't do anything too elaborate with it.

How has it helped my organization?

We do have some technicians and some design center salespeople who call in. This is best usage that we get out of the solution.

We don't host our website internally anymore. We used to host our website and it did help with that, getting everything set up. We have just recently removed that and gone to a third-party. But, that was something which was very useful, setting up our internal website and NATting IPs.

The solution has increased productivity with our outside salespeople being able to connect into their computers and use those remotely.

We are able to limit where users can go, what they can do, and what they can access, so they are not wasting time doing things that they shouldn't be doing. It does help to save time, e.g., limiting Facebook. 

What is most valuable?

We are able to segment our FTP website off on the optional, setting up the rules specifically. There are certain outside IPS coming into our computers where we have different machines out there setup where technicians can remote in, etc. Being able to set those up to specific IPS, not just allowing full access, is probably our main use for setup.

The usability is good. I like it. I don't have any issues. Most everything that we have tried to set up for what we use it for is pretty straightforward and easy to use.

For how long have I used the solution?

We have probably had it for the last 10 years. I have been here the entire time.

What do I think about the stability of the solution?

The stability is very good. We haven't had any issues with ports or anything else. Everything has been very good as far as the stability and issues.

The performance and throughput that the solution provides is good. We haven't had any issues as far as when we have connections and things going on. So, it's very good.

What do I think about the scalability of the solution?

The stability is good as far as our use. I feel like we do have room. We have extra ports on it. We can set them up if we need to, but we don't need to use them. However, I feel we have room to expand and grow, if needed.

We have probably 75 users setup. Mostly, they are authenticating through to get out to the Internet. We do have some protections on it: virus stuff and different websites that users can and can't get to. We have groups setup for that. That is our main use from the inside with most of our users going out. Then, we have five or six users who remote into computers and other things.

There are not necessarily plans on expanding anything at the moment. We are pretty much set where we are. Usage is not too heavy, as it's mostly users getting in and out with us restricting what they can get to.

How are customer service and technical support?

I have only had to call once or twice for anything in any of the time that we have had the solution. Most of the time, if I do have a question or something, I can hop onto the forum and there is an answer, then away we go. As far as my experience with the forum and just a few calls, it has been very good. We haven't had anything that has hung us up for a long time.

Which solution did I use previously and why did I switch?

WatchGuard was pretty much our first solution like this. We did not use anything else before it.

How was the initial setup?

The initial setup was straightforward. It walked through everything as far as the configuration. Everything that we needed was right there. So, I didn't have to search for anything. It was easy set up.

We went from a different version to this version. Even from that to this version, it was probably up and running within an hour.

What about the implementation team?

I usually set it up.

We didn't consult anyone. We didn't really have an implementation strategy per se. We just set it up (like the old one), then went through and looked at some of the new features and things we might want to use.

I maintain it and and set up whatever needs to be set up. The other IT guys can come in and do stuff if I'm not here. Generally, it doesn't take too much time to get anything set up that we need.

What was our ROI?

It saves us a couple hours a week.

What's my experience with pricing, setup cost, and licensing?

We don't have any other costs other than the licensing stuff.

Which other solutions did I evaluate?

We did look around at a few different things. We just kind of settled on WatchGuard. It seemed to have the features that we needed, so we went in that direction.

What other advice do I have?

I'd give it a 10 (out of 10). I haven't had any issues. The few issues that we have had, such as not knowing where to go, they have been answered quickly. I am going to give it a 10 because of its easy to use. If we have a question, it's easy to get an answer. Also, it's very simple. For most of everything that we do, we have been able to do them pretty easily. We are very happy.

If we were to ever look at something else, I would look for something that has ease of use, simplicity, and ease of setup. That is what I like about this. Everything is pretty straightforward and easy to find. The interface being easy to use and find has been very helpful.

We don't use a lot of the logs. Generally, we don't need to. If we do need to go look at something or pull something up, the information is there in HostWatch or the logs. I have been happy with it.

We're not using the cloud.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Alexey Shcherbatyi
Network Administrator at Abona Deutschland GmbH
Real User
Top 10
Identifies attacks on our services and precisely directs us to the problem, saving us significant time

Pros and Cons

  • "After conducting several tests I found the antivirus is working very well. Additionally, they have a very interesting feature, DNS WatchGuard, which is checking DNS requests for phishing, among other things, and it has caught a lot of unwanted attempts and attacks."
  • "I haven’t dug deeply into the reporting features yet or if they are working well. However, I have generated several reports and there was too much unnecessary information, in comparison with the reporting features in the Sophos firewall. Sophos' reporting is more readable and easier to configure."

What is our primary use case?

We are using WatchGuard Firebox for defense of our internal infrastructure.

How has it helped my organization?

I wouldn't say that Firebox has improved the way our organization functions, but rather that it protects our organization.

The solution identifies attacks on our services and, as a result, directs our attention precisely to the cause of the problem. As we are not actively watching the traffic ourselves and we completely rely on Firebox to alert us instead, the solution saves us about 30 hours per week.

What is most valuable?

The most valuable features are WatchGuard’s antivirus, traffic protection, and ease of configuration. I also appreciate their traffic analytics. 

After conducting several tests I found the antivirus is working very well. Additionally, they have a very interesting feature, DNS WatchGuard, which is checking DNS requests for phishing, among other things, and it has caught a lot of unwanted attempts and attacks.

Regarding the management features, the interface is user-friendly, and the instructions are well documented. There is a fast learning curve and everything is intuitive and understandable.

It also provides us with layered security. Firebox protects our traffic, as we have numerous Web Services that are external and which are a priority for us to defend. We don't use the rest as much.

What needs improvement?

I haven’t dug deeply into the reporting features yet or if they are working well. However, I have generated several reports and there was too much unnecessary information, in comparison with the reporting features in the Sophos firewall. Sophos' reporting is more readable and easier to configure. Having said that, reporting features were not very important for us when selecting a solution. What was important were other types of functionality that WatchGuard Firebox was able to meet.

In addition to the reporting features, I would suggest they work on an SSL VPN gateway.

For how long have I used the solution?

We have been working with WatchGuard Firebox for about one year. Initially we got an M200 model and then switched to an M470 in a cluster.

What do I think about the stability of the solution?

In terms of the stability, everything is perfect. We haven’t experienced any issues.

What do I think about the scalability of the solution?

The solution scales intuitively and quickly with any internet, meaning the solution’s protocols support any internet configuration. The connectivity scales in any location.

We could scale it to several companies with up to 100 employees and up to 1 Gb of traffic.

How are customer service and technical support?

I would rate WatchGuard's tech support at the highest mark of five out of five. I was very pleased with them. We were working with them on the software licensing and opened some tickets related to technical issues. In both cases, they resolved the issues promptly and without unnecessary back-and-forth, unlike when working with the support teams of other vendors.

Which solution did I use previously and why did I switch?

Before Firebox we used a Sophos firewall. We switched because the WatchGuard firewall offers a broad set of features and parameters that were lacking in the Sophos firewall. Additionally, the WatchGuard solution was cheaper.

WatchGuard has a comprehensive antivirus system included in the firewall and that was important for us. Sophos’ antivirus features were weak, in comparison.

How was the initial setup?

The initial setup was medium in terms of the difficulty of some aspects, such as initially understanding the logic of their security policies. It took several hours to acquaint myself and to fully understand things. The whole deployment took about three days.

We initially had an implementation strategy, but it was adapted according to the recommendations and specifications of WatchGuard.

In terms of the technical aspects, I am the only who works with this solution in our organization.

Initially, we purchased the Firebox just for us but, as of today, we have deployed it to two or three other companies. The client sent us project specs with necessary internet configurations for each device, as well as the physical locations. We replicated their infrastructure in our test environment, configured each device according to their specs, and shipped the device to them. The client then connected the device with a cable to the ports outlined in our instructions and everything worked the first time.

What about the implementation team?

During the deployment we worked closely with WatchGuard’s tech support team and they were very speedy in their responses to us.

What's my experience with pricing, setup cost, and licensing?

The price of the solution corresponds to the quality and the feature set offered. There are no additional costs to the standard licensing fees.

Which other solutions did I evaluate?

Before selecting WatchGuard Firebox, we evaluated the Cisco FirePOWER firewall and, in comparison, Firebox is much easier to use.

Also, WatchGuard’s solution, in terms of the cost-per-value ratio, is very balanced.

What other advice do I have?

My advice would be to try this product.

As for the throughput, at this point it is hard for us to evaluate it because we don’t have heavy traffic, or at least we do not experience the traffic throughput specified for this model. Our inbound and outbound traffic is 1 Gb and the M470 handles it very well, not even stressing its components.

When it comes to the solution’s Cloud Visibility feature, they need to improve on the reporting. But in terms of the logs, it gives us very good visibility.

Overall, I would rate the solution a strong eight out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AllenHillstrom
IT Manager at a tech services company with 1-10 employees
Real User
Top 10
Makes it easier to set up new policies, new devices, and tunnels to the devices

Pros and Cons

  • "It's very easy to use, especially compared to similar products. A lot more users use the WatchGuard appliance now than use the SonicWall appliance because of the ease of usability."
  • "There is a slight learning curve."

What is our primary use case?

We use it both for VPN tunnels and as a firewall.

Our company runs group homes. There are 140 or so sites and employees are traveling to those sites on a daily basis. They use the VPN tunnels going back to the main office to access the file servers. We also have about 12 remote locations connected by WatchGuards on both ends to create a VPN tunnel, with SD-WAN to allow traffic to go between those two sites, both for the file servers and for the phone system.

How has it helped my organization?

It gives us a higher sense of security. There is an easier workflow as well.

I estimate that 50 percent more users use the WatchGuard VPN than use the SonicWall VPN tunnels. Those users are able to work on documents out of the site or increase their workflow and do work while they're onsite instead of doing it later. It saves us a couple of hours per person per week.

What is most valuable?

Once it's set up, we don't have to touch it that much.

We enjoy its usability very much. It's very easy to use, especially compared to similar products. A lot more users use the WatchGuard appliance now than use the SonicWall appliance because of the ease of usability.

As long as you're using the correct model, since different models have different numbers of allowed tunnels, the throughput is enough.

In terms of management features, we have a Dimension Server set up. It's nice to be able to see where people have gone to and when they have gone there. Overall, the solution makes it easier to manage on my side. Setting up new policies, new devices, and setting up tunnels to the current devices, is easier.

The firewall secures the external perimeter.

What needs improvement?

There is a slight learning curve.

Beyond that, the only issue we've had in the past two or three years had to do with the number of current tunnel connections, and that was just an issue with our size of Firebox. We got a bigger Firebox. The old one was able to handle the load. It was just that we ran into a licensing issue. We had hit our number of concurrent tunnels. We have a lot of tunnels with the phone system. We have tunnels to and from each site for the phones to be able to talk. It was a little bit of a surprise when we came across this situation, but it's present in the documentation.

It didn't take us long to figure out that that was the reason we were having an issue. It was just our not having the forethought to make sure that what we had was able to expand to meet our needs.

For how long have I used the solution?

We've been using WatchGuard Firebox for about eight years.

What do I think about the stability of the solution?

Stability is excellent. We've had no issues with the firewall going down because of the Firebox.

What do I think about the scalability of the solution?

We haven't run into a scalability issue yet. There are over 1,000 employees including several hundred office staff. There are 20-some sites that we have connected. We had to step up to a 470 for the current VPN connections, but as long as we're on the right size Firebox, everything goes pretty well.

Whenever there's a new office site coming up, we typically add a new Firebox. We're looking at putting more Fireboxes in all of the group homes, so that's probably going to be 115 more deployments in the coming years. We plan on continuing to use it, but I don't see any issues with expanding.

How are customer service and technical support?

We don't work directly with Cisco tech support. We work with a third-party company to handle support that we can't figure out.

Which solution did I use previously and why did I switch?

We used SonicWall Next or Dell. 

How was the initial setup?

The setup is pretty straightforward. It takes 15 to 20 minutes per box. We have to set up current tunnels and get a static IP address at the sites where we're putting the boxes. It requires one person for deployment and there is very little maintenance needed.

Deploying it to distributed locations is a matter of setting the Firebox up. If it's a replacement Firebox, we set it up with the same policies and ship it to the location. They can take it, unplug the old wires from the old box, put the new wires in, turn it on, and it's up and going.

Which other solutions did I evaluate?

There were other options. We took a look at Dell but this was the best one at the time. The usability and setup of the WatchGuard were better. Also, the maintenance was very minimal. It's almost nothing.

The other solutions had their features that were nice, but there wasn't anything that really drew us or made it stand out from WatchGuard. We're pretty happy with WatchGuard right now.

What other advice do I have?

There are updates pretty regularly. There haven't been any big changes over the past few years. They've kept working, rather than taking steps backward or making things harder.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
GP
System Analyst at a transportation company
Real User
Top 20
Makes it easy to block websites from getting in and to prevent users from going where they shouldn't

Pros and Cons

  • "The set up of the VPN is pretty straightforward. Being able to build VPNs on the fly for certain users, if need be, is also valuable."
  • "The usability could be better, but it is definitely manageable. If we have to go to a backup internet connection, that could be a little bit easier."

What is our primary use case?

We use it to prevent any unnecessary stuff from getting into our network. It's for the usual security features. We do utilize the VPN and there are quite a few people on the VPN right now.

How has it helped my organization?

It gives our business layered security. Attack vectors it secures for us include denial of service attacks, people spoofing our network, as well as preventing malware from getting in — the typical attack vectors. We're satisfied with it overall.

Also, there was a phishing scheme going around a while back. WatchGuard caught it and we were able to mitigate it. That was very good. It keeps us from not having to worry about our network being under attack. It keeps us secure.

It saves us on the order of three hours a month. The solution just works.

What is most valuable?

  • The set up of the VPN is pretty straightforward. Being able to build VPNs on the fly for certain users, if need be, is also valuable.
  • The traffic monitoring is very nice.
  • I also like the ease of blocking certain websites from getting in or users from getting to stuff they don't need to be at.

We're satisfied with the performance, as well as its reporting and management features.

What needs improvement?

The usability could be better, but it is definitely manageable. If we have to go to a backup internet connection, that could be a little bit easier. Other than that, I really don't have any complaints about it.

For how long have I used the solution?

I've been using WatchGuard for three years. That's how long I have been with the company. The company has been using it upwards of 10 years, I believe.

What do I think about the stability of the solution?

It's very stable.

What do I think about the scalability of the solution?

It's scalable. We are probably going to be doing another area for some of the outer branches and the WatchGuards will be part of that. I can't say how soon it's going to happen, but there have been discussions about it.

How are customer service and technical support?

I have no complaints about WatchGuard's technical support. If you have a question, they answer it.

Which solution did I use previously and why did I switch?

As far as I know, WatchGuard is the only one that our company has used. We like the product enough. We're buying another appliance because our support ran out on one of our boxes. We're continuing to buy WatchGuard stuff because it does what we need it to do, it's priced reasonably well, and we like the support and usability.

How was the initial setup?

We have deployed this product to distributed locations. We have a couple of branch offices and we've set them up in all of our locations. We set it up, we configure it to our network settings, we put in all of the information we need, and we go from there. We usually take a configuration from an existing and apply it. It's straightforward. The documentation goes step-by-step on how to set it up. The last time I did one it took about an hour.

In terms of maintenance of WatchGuard there are three people in our department. Whoever sees a problem or hears about an issue takes care of it. Two of us are system analysts and the third is our director of information technology.

What was our ROI?

It keeps our network secure and that's a good enough return for me.

What's my experience with pricing, setup cost, and licensing?

I feel that the pricing is fair for all of the security you get. That's one of the reasons we went with, and continue to go with, WatchGuard.

What other advice do I have?

Go ahead and implement it and don't think twice about it.

We're not using the cloud visibility feature at this time. Maybe we will in the future.

There are 75 users of our environment, in total. They range from mechanics to accountants to our COO and CEO. Everybody in the organization uses it.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Mohamed Y Ahmed
Technical & Pre-Sales Manager at GateLock
Reseller
Top 5Leaderboard
Easy to configure with good packet filtering templates and good traffic management features

Pros and Cons

  • "The security that is used for defending from the attacks is very good."
  • "I would like to see the devices made more flexible by adding modules to increase the ports that we can use."

What is our primary use case?

I'm deploying the WatchGuard Firebox for many of my clients, and they all stay satisfied with the product. The primary reason as a common request from most of the users is to protect the environment from the outside network attacks. It is popular because of its security layers dependencies and its great performance.

The proxy policy and packet filtering templates make it very clear while I am configuring the Firebox for customers. Also, the variety of actions that are designed per kind of packet payload are dependent on the protocol's payload.

How has it helped my organization?

The Firebox is developing most of my client's infrastructures, starting from internet access and its amazing protocol-oriented proxy policies. It also has a deep understanding of the packets, meanwhile the most powerful HTTPS inspection features.

It is supported by the VPN, either Branch office or mobile users.

In addition to its impressive extraordinary DNS security, it has an access portal, which is a feature for publishing web applications, cloud applications, or even publishing internal RDP and SSH. 

https://www.watchguard.com/wgrd-resource-center/2019-nss-labs-ngfw-group-test

What is most valuable?

The traffic management feature is very flexible and it let you manage varieties of our customer's needs as it is working per policy, for all policies, and per IP address. You can apply it also per application or application category, all in the same proxy policy.

The differences between backup and restore and the configuration file allow us to perform a migration from one box to another in a single click.

The security that is used for defending from the attacks is very good. As an example, for the HTTP packet, you will find botnet protection, Reputation Enabled Defense "RED" and DNSWatch "the DNS security", in addition to the AV gateway. They are all working together to protect internet access.

What needs improvement?

I would like to see the number of management consoles reduced. As it is now, Firebox can be configured using the web UI, WatchGuard System Manager, Dimension server, and from the cloud. This should be done without affecting the way we deal with the configuration file, as it's one of the strongest points in making its implementation smooth and easy.

I would like to see the devices made more flexible by adding modules to increase the ports that we can use. As it's started from T80, the last edition of tabletop appliances, it should also be applied to all M series appliances.

Which solution did I use previously and why did I switch?

As I work as a services provider, I have used many different solutions. I find WatchGuard Firebox provides very good value. as you find in the following points "Not everything":-

1. Configuration migration between boxes.

2. More flexible while applying traffic management.

3. Best performance.

4. Security layers and its dependencies.

5. Protocol oriented.

6. Rapid deploy feature that it let you make a total configuration remotely for a box on its default factory mode.

7. total protection for inbound and outbound traffic by applying the policies with a deep understanding of the traffic. 

8. The DNS security and how it stops the malicious DNS requests on the scale of network security and its endpoint for mobile users to apply the same while they are outside the environment.

9. SD-WAN feature and how it deals with lines quality by its Jitter, loss, and latency.

10. The exception for sites, ports, and IPs, it has a huge variety and you can do it at many levels. Before the policies starting already in the default threat protection, Or in the global settings but after the policies starting to scan then you can avoid all of that per policy per protection type which is meaning that you can expect something from geolocation or WebBlocker or APT Blocker, etc...

11. there are some other features in the box Access Portal, Application Control, APT Blocker, Botnet Detection, Data Loss Prevention (DLP), Gateway AntiVirus, DNSWatch, Geolocation, IntelligentAV, Intrusion Prevention Service (IPS), Reputation Enabled Defense (RED), spamBlocker, Threat Detection and Response, and WebBlocker.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: We are a distributor for the vendor in Egypt
DV
Manager
Reseller
A user-friendly, stable, and scalable solution that runs for a long time and can be deployed remotely

Pros and Cons

  • "The ease of use is most valuable. You can quickly train someone who hasn't seen a firewall in life. You can get people up to speed, and in a few months, they are able to manage this product very easily. It is a very user-friendly, scalable, and stable product. Its price is also spot-on."
  • "Its documentation could be improved. Sometimes, you need to search a bit longer to find what you are looking for."

What is our primary use case?

We are using it for firewalling and providing wireless network connectivity for access points. It is a standard product for our infrastructure. 

How has it helped my organization?

We can implement it very easily. There are some standards that we can explain to our colleagues. It is easy to maintain the same type of installation at various customer locations. It is easy to pass on the information to our team about how to implement it in the same way.

What is most valuable?

The ease of use is most valuable. You can quickly train someone who hasn't seen a firewall in life. You can get people up to speed, and in a few months, they are able to manage this product very easily. It is a very user-friendly, scalable, and stable product. Its price is also spot-on.

What needs improvement?

Its documentation could be improved. Sometimes, you need to search a bit longer to find what you are looking for.

For how long have I used the solution?

I have been using this solution since 2014.

What do I think about the stability of the solution?

It is a very stable product. Usually, we have several years of uptime on WatchGuard Fireboxes. They can run for very long without any issues.

What do I think about the scalability of the solution?

It is very scalable. We have several customers with several sites, and we can easily extend the network by using Fireboxes at several sites with site-to-site tunnels. If you use the WatchGuard system management software, you can even drag two Fireboxes together, and they automatically make their own tunnel. You don't even have to perform any additional tasks. It is very user-friendly in terms of scalability.

How are customer service and technical support?

We get good support. It can take a bit longer only in the case of a specific problem that even they are not aware of, but that's the case with many of their competitors. In general, their support is very good.

How was the initial setup?

It is fairly easy to deploy. You can also deploy it remotely. It provides a very easy and out-of-the-box experience.

What's my experience with pricing, setup cost, and licensing?

It has a very good price. It is not the most expensive one, and it is also not the cheapest one. It is just spot-on in terms of price.

Which other solutions did I evaluate?

We evaluated Fortinet and Cisco. We chose WatchGuard because we wanted our engineers to be able to learn and work with the product in a very short amount of time.

When comparing Fortinet and WatchGuard, in the past, Fortinet was before WatchGuard in providing the features for directly resolving DNS names and hostnames and making additions to the rules. A few months later, WatchGuard also implemented these features. Nowadays, it goes both ways.

What other advice do I have?

I would advise others to definitely take the WatchGuard Essential Security training course, which is a four-day or three-day course. It really gives a broad overview of the product. You get a good, basic, and overall feeling of the product. You can take it in groups. We normally go with four to five engineers of our company. Most of the time, after that course, you can implement the basic product and even scale it out to many more locations without requiring additional training.

I would rate WatchGuard Firebox a nine out of ten. I am pretty satisfied with this solution.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Flag as inappropriate