If you were talking to someone whose organization is considering WatchGuard Application Control, what would you say?
How would you rate it and why? Any other tips or advice?
For what we needed, WatchGuard was fine and generally covered our needs. It is easy to maintain and it is a product that I recommend. That said, there is always room for improvement. I would rate this solution a nine out of ten.
WatchGuard does what it says it does. Definitely use it. If you want to block applications, then definitely use it. I would rate it an eight out of ten. There's going to be newer apps that are probably not going to be blocked straight away, but then they are in time, so it's not really an issue.
I would suggest that for mid-size companies of say one hundred users, you should choose different configurations. For example, Application Control group one, group two, group three. It could be a management group with more bandwidth and has fewer restrictions. Then ordinary users have more restrictions so you can give them a different configuration. You can specify the levels of restrictions, and in what categories. I feel this is something that is very important. The only dynamic is increasing categories. If a department calls and says that they cannot access a particular webiste then the admin will check the logs to see why not. It will show the category, and the admin will have the choice to allow the whole category or just a single website. Social media might be a category where we do not allow sites like Facebook, but we do allow LinkedIn. In this case, the Social Media category is blocked but there is an exception checkbox for LinkedIn. My advice for anybody researching this type of solution is to compare this with other products. The manageability in WatchGuard is very easy. I know other solutions and they are more complex and there is no traffic management capability included. The biggest lesson that I have learned from using this solution is that things are dynamic. The internet is constantly growing, along with the categories. Startups like Zoom have a VoIP, so you would have to manage this application. The configuration is not static. It is dynamic, like everywhere in IT. You cannot just install it and leave it. I would rate this solution a nine out of ten.
We use the on-premises deployment model. It's a great product. I have the capability to have control over multiple devices and play with it before putting it into live mode. For others, I would suggest they just make sure they have at least played with the solution for a few days so they know all the ins and outs of the product before putting it live themselves. I would rate the solution nine out of ten.