If you were talking to someone whose organization is considering WatchGuard Firebox, what would you say?
How would you rate it and why? Any other tips or advice?
My advice would be go for it. We've not had any problem with it. We've been very pleased, especially with the newer WatchGuard we've put in place. It's very responsive. It works great. It may have a little bit of a curve on learning it, but once you learn it, it's hard to say you'd want to go back to something else. It took me a little bit to get used to WatchGuard. I was familiar with SonicWall before I moved into this role. But now that I've used it for almost seven years, I've gotten to know it pretty well and it works great. Once you get used to what I would call the idiosyncrasies of WatchGuard, as opposed to the SonicWall, it's pretty easy to configure. Using the WatchGuard web UI also makes it a lot easier to configure. It provides us with somewhat layered security. It is the firewall between us and the outside world. With our subscription we do have the Gateway AV, so it does watch for things of that nature. We have certain policies in place that help with the layered part of it. But it's just one of many layers. We have other things in place to help, but it's definitely something I wouldn't want to do without.
I would advise that you go with whatever you're more comfortable with. If you're more comfortable with Cisco, then go with Cisco. Firebox doesn't really save us time because whether you're going to configure a Cisco or you're going to configure a WatchGuard, you still have to configure something, no matter what it is. It is a little easier to configure WatchGuard though. It takes just one person in our organization to deploy and support it, and that's me. Overall, our environment has about 300 users.
Go ahead and implement it and don't think twice about it. We're not using the cloud visibility feature at this time. Maybe we will in the future. There are 75 users of our environment, in total. They range from mechanics to accountants to our COO and CEO. Everybody in the organization uses it.
Invest in some Professional Services. Although you can absolutely pull it out of the box and deploy it — and we've done that before — it's always good to have somebody that you can ask about best practices and run a few scenarios by them. We ended up purchasing four Professional Services from our local reseller. It was good. Although they didn't really provide any answers, they were there to say, "Oh no, you're doing the right thing." It was more reassurance than anything. But I would definitely recommend springing for some Professional Services. That will make the whole process go a lot easier. A small subset of my staff, maybe three or four people, is involved in deploying and maintaining the solution. They're all IT administrators.
I'd give it a 10 (out of 10). I haven't had any issues. The few issues that we have had, such as not knowing where to go, they have been answered quickly. I am going to give it a 10 because of its easy to use. If we have a question, it's easy to get an answer. Also, it's very simple. For most of everything that we do, we have been able to do them pretty easily. We are very happy. If we were to ever look at something else, I would look for something that has ease of use, simplicity, and ease of setup. That is what I like about this. Everything is pretty straightforward and easy to find. The interface being easy to use and find has been very helpful. We don't use a lot of the logs. Generally, we don't need to. If we do need to go look at something or pull something up, the information is there in HostWatch or the logs. I have been happy with it. We're not using the cloud.
Educate yourself. Read documentation and watch videos online. Since the administrators are going to use it, they should educate themselves on WatchGuard. Keep a cheap, old box for training. I train my administrators on an older box and I give them a network to train on. We have been attacked with ransomware in the past, and it was kind of disappointing because, when I talked to Cisco support they said that they recommended purchasing end-point protection with a ransomware interceptor, so we ended up getting Sophos. So alongside the WatchGuard, we have Sophos' ransomware interceptor and end-point protection. We use them, on top of the WatchGuard, as a secondary line of defense. It has been smooth sailing as far as the product itself is concerned. That's why we keep renewing it. We either renew it or we upgrade to the newest version if they have a special. We also use it for Hot Standby. It's been good.
It's just me who is responsible for deployment and maintenance of the solution.
There are updates pretty regularly. There haven't been any big changes over the past few years. They've kept working, rather than taking steps backward or making things harder.
It's used extensively. Do I plan to increase usage? If I can get better reporting, perhaps. But it's fully deployed and static at this point. I would rate WatchGuard a seven out of ten. A perfect ten would come from lower costs for small installations for the service licensing, and improved reporting. And maybe some better awareness of what it's capable of doing. It's hard to figure out what I could do. That's a big thing. It's hard to figure out what is possible. What am I not taking advantage of? I've tried to work with people on that, and that's the biggest thing.
Make sure you buy the device that fits your environment. Don't try to do too much with too little. You can buy one of the edge devices, and you could technically run a large network on it, but it's not going to work as smoothly. Your firewall is your primary point of security from outside intrusion so you want to do it right. Be very meticulous about your configuration. Straight-up, walking-to-the-console usability of the solution is not very user-friendly. It's not very intuitive. However, compared to other firewalls, it's very user-friendly. So it's more user-friendly than most, but it's just not something anybody could walk up to and use. If I had to walk someone through it remotely, it wouldn't be very easy for them to do. Each upgrade of the device, and I've had about five of them — five main devices — has allowed an increase in bandwidth and performance. They tend to work fairly consistently, but as speeds have gotten faster, you've got to upgrade the device to keep up with it. They seem to be doing an adequate job at that. I have used the solution's Cloud Visibility feature. I wasn't really blown away. I thought, "Okay, that's neat." I haven't really dug into it deeply. I don't really think about it in the context of detecting and reacting to threats or other issues in our network. I like to be aware of threats, but threats in networking terms are always not practical. For a company like ours, we know there are going to be internet probes out there, and they're going to hit our network. The WatchGuard identifies them and locks them down. There's nothing I can do about it. It's more along the lines of, "For your information, there was an attempted attacked last night." What I'd rather have is internal threat assessment. I want to know: "This machine started doing something last night it wasn't supposed to do. It was sending out emails at two in the morning. It shouldn't be doing that." Since it's sitting here watching the network, I'm more concerned with internal threats, and people doing things they shouldn't be doing, than I'm worried about the external threats. I probably should be equally concerned about them but I've never found a really good solution on that. I have some customized things that I've done that try to send me alerts if certain behavior patterns are detected. I'm scanning through the logs, and if certain keywords pop up, then I'm alerted. That's been somewhat helpful, but most of the time I get more false positives than I get actual. We have web filtering, so I'm looking to see if anyone is going to pornographic or hacker or peer-to-peer sites. I get alerts from that and it logs those. But most of the time, I'll get hundreds of alerts on sites for a user, and I'll go over and find that the user was looking for fonts and one of the ads happened to be on a server that caused a trigger. It was a complete false positive but I don't know how to filter all that out. So the alert becomes useless. That may be an industry problem. I would rate WatchGuard at eight out ten. There is a need for improvements in the reporting. There needs to be more granular, built-in filtering in the reporting, so that you can drill it down to exactly the information you want. The second thing would be the cost-plan of renewals. They can have a security plan and they can have a renewal plan. But if you lapse and they charge a penalty on top of that, to me that's really unacceptable. I should be able to let a product lapse if I want to. It may not be a priority. It might be something I have in someone's home and then there's just a new feature I need to add. As I'm going down the road I should just be able to buy that when I want. To put in reinstatement fees is a big negative to me. Granted, they all do it, but they all shouldn't do it.
Leverage the website. They have a good knowledge base out there. If this was a green deployment, make sure that you understand how the policies work for VPN and matting. The throughput is adequate. It certainly handles what I pumped through it, which is about 150MB. I don't know how we would do on a big gigabit network, but for what I do, it works. I haven't seen any slow downs in throughput. I am not using the Cloud Visibility feature.
Read up about it. Understand what each of the settings are doing and use the resources that you have to get the best knowledge before implementing. It's pretty simple to use. It's pretty simple to understand, and there's plenty of documentation. It does a pretty good job of what it is meant to do. We are not using the solution’s Cloud Visibility feature.
Take a look at the needs of your business and how reactive you need to have your firewall solution be. One of the major selling points for our corporate board was: As new threats come up, WatchGuard is constantly taking the information coming in and looking for a solution, then pushing it out. That was one of the major selling points for us. The field that we're in takes security very seriously. We wanted to make sure that we were protecting our client's information. When it came down to it, that was a major selling point for us. There was a bit of a learning curve. Once I was in it for about a week or two, I found it simple and intuitive to use. With the throughput, the only issues that we found were at the very beginning, and that was due to a misconfiguration on my part. There hasn't been a noticeable change in slow down from the throughput the way that some firewall solutions might cause. Now, my end users don't even realize that it is there. We are not using the solution's cloud visibility feature. Right now, we are on the base usage. It's a firewall solution for us and we haven't really had the chance to dig into the advanced features that much. I plan to expand how we use it in the future, as time allows. I'm very happy with it so far. I need some more data points to really firm that up. However, at this time, what I'm basing the eight (out of 10) off of is the ease of use, the ease of setup, and its learning curve. Once you learn how to use the system, it is very well-organized. It does save us so much time. The drawbacks are just sometimes not having the technical information that we need in order to easily make connections with all of our Internet-based clients, but we can put the work in and still get it done.
Do your research. It's not impossible. Do things in a logical order and make sure you understand what you're doing and how you're going to do it. Once you understand it and get everything working the way you want, it does get very easy to use and work with from there. Once you get over the learning curve of how all the pieces work together, it's very easy, very user-friendly, very easy to update, and very easy to make changes and document those changes - all that good stuff. I tend to buy the hardware platform that's like one level above where we think we absolutely have to be at a minimum, so the performance has been adequate or good. I've yet to hit an issue where I feel the device is slowing us down or causing any issues because of the performance of the device, itself. We're usually limited more by our actual bandwidth. It's been great as far as our network and needs go. In terms of the extent to which we're using the product, six months ago when I renewed the second three-year term, the subscriptions had changed quite a bit from when I had my first three-year term. Now, I have a whole list of new subscription services or modules or layers that I have not started implementing. I got a couple of the new ones implemented, to get some of the benefit, when I first got this new device. But there are a few more I want to implement. One of them, is packet inspection, which is difficult because that can really bog down your device. I'd like to have Dimension control to get better reporting. There are a couple of other ones that I have not implemented because they're new for me and I just haven't had the time to work on them. Threat Detection and Response is one I'm interested in which I haven't time to implement yet. It involves me setting up a client in each one of my endpoints and it keeps track of unusual activity there. That's probably where I want to go next. Maybe even the Access Portal could be useful for me, to have a place for vendors or customers go to access things inside our network. We've gotten more features for our money because there's a new security package which wasn't available when I first subscribed, and that included pretty much everything. I had paid separately for APT, Advanced Persistent Threat protection, on my old subscription. To get that now, it was cheaper to bundle it with their total threat package. That included a lot of things like DNSWatch, which I did set up to look for malicious DNS access requests throughout my network. It gave me intelligent antivirus. I believe there's some kind of DLP module, which is one I haven't spent any time on. Network Discovery is another one I haven't spent time on that I need to work on. All of those came as new features with the new hardware and with that new subscription. The Threat Detection Response is definitely something I didn't have access to before. For sure, in this second three-year term, we got a lot more value for the money with what WatchGuard offered us. I would give WatchGuard an eight out of ten. There's a little bit of room for improvement but I'm very happy with WatchGuard. I think it's a good fit for me. I won't often give a ten, just on principle, unless I feel they deserve a 12. That's when I give a ten. I've definitely said positive things about WatchGuard to other people in the industry, people I talk to or know. I'm a promoter of WatchGuard, to be honest. I haven't seen anything I like better, but I haven't had a lot of experience with other devices. I've said good things to people on a regular basis, especially about WatchGuard's education, the emails and videos and other stuff they put out to try and help people, even when it's not related to WatchGuard products.
The functionality of the unit is great. However, you have to be pretty knowledgeable on how to work with its interface. I don't any plans to increase usage. The product is always on and always being used.
If you can understand the way the firewall works, the logic of the firewall, it will serve you really well. It's a very stable, great product. I started with a T10. I ended up needing a more powerful version, so I bought the T30 about two years ago. I've been very happy with it. The usability is difficult but it's a complicated system. It's a professional solution. I wouldn't recommend it to my friends for their homes, but for business, I think it's a fantastic solution. I'm happy with the throughput on the T30. The T10 was definitely lacking. It was definitely slow. I would rate it a nine out of ten. The way to make it a ten would be to make it easier to use for a novice.
It's worth it, depending on your current network environment. If you are in the same situation we were in, it's really a no-brainer going from the MPLS network to self-managing it with simple broadband internet. It works great. To be honest, you'd be crazy not to do it. The advantages of WatchGuard over MPLS are that it's cheaper and you have more control because it's self-managed. The only con is that it does require a little bit of maintenance that you wouldn't otherwise have to do, but it's minimal. In terms of distributed locations, we have a firewall at all of our locations. Once we got it set up we'd visit a branch, install it, test it, and implement it. As for maintenance, it requires just one person, a network administrator. We manage it ourselves and there's not a whole lot to it.
I wouldn't hesitate to implement this solution. Particularly if you're down to an IT staff of one, this is a really good solution. If you're that small and your IT staff is very limited, then you're probably lacking the onsite expertise to move to a more expensive solution anyway. I would strongly recommend it. We've got three people who sign in to WatchGuard, me and two others. Beyond that, everybody else is just an end-user. I'm the only full-time IT person we have on staff. We do have a vendor that we use for a lot of our engineering solutions and design. They spend about 12 hours a week on our network. As for increasing our usage of it, I don't know what all its capabilities are. I deal with problems all the time and I have to come up with solutions for them. I don't foresee any expanded use of WatchGuard. However, it may be that it can solve some of my problems much more simply than some of the other solutions I'm thinking about. But I don't really know how it could at this point, so I'm not seeing us using more of it than we are now. I would give WatchGuard a ten out of ten. It's simple, easily managed, and it has good tech support compared to other products out there. Because it is a full-functioning firewall, it does everything with full support. You're not buying a cheaper quality of firewall at all. It's full quality, fully functional and has good support.
They're good machines. They're fairly easy to configure and they're stable. We mostly use the M400 at corporate and at our branch offices we use T35s, T30s, and XTM25s. In terms of additional usage, I'm looking at the management console and, possibly, the drag-and-drop VPNs. I would rate it at nine out of ten. The documentation makes it a little hard to find what I need sometimes.
I would definitely recommend using WatchGuard. I would also recommend taking one of the courses that goes through all the features of the device and the way it is organized. Every firewall vendor looks at things differently. If you don't understand the way WatchGuard is structured, you may make a strategic mistake in setting it up and you'll have to tear some of it down and redo which is true of any firewall. Leanr and use the tools Watchguard provides. I used to do everything in WatchGuard through their Web UI but I now use the System Manager software because it is very valuable. It provides a lot of features that I had not realized I was missing. The System Manager Server is able to store previous versions of the configuration, and to force people to enter comments regarding what they changed when they save one. Being able to compare the configurations side-by-side, and have it tell you the differences are great tools that you should know about if you're going to start implementing a WatchGuard.
Give Firebox a good, strong look. Give it a test run and I'm sure you'll be happy with it. We've always had it. Our opinion of it is that it flat-out works and we're very satisfied with it. I'm sure there are better ones out there for somebody who has more time to manage it. But if you're looking for something so that you don't need a dedicated staff to manage it, I'd say this is a pretty good one. I give it a nine out of ten.
It is a very reliable and very easy solution. I think it is the best solution in the world, judging by its price and quality. I would rate this solution a ten out of ten.
Based on the reactions from people who I have implemented this solution for, some of them find it difficult to use before they get used to the interface. At the same time, if they later move to another product then they say that WatchGuard is simpler. I keep hearing that WatchGuard is quite marginal because it is not listed as a leader in the Gartner Magic Quadrant. It is listed under Visionary. For a firewall product, I do think that it's a leader. It doesn't cost a lot compared to Cisco, Palo Alto, or others. I think that WatchGuard is good enough. I would rate this product eight and a half out of ten.
If you have a small IT staff and want an easy-to-set-up solution, I would one hundred percent recommend WatchGuard. If you have a very serious, big IT department and a big business, you might want to test out the throughput and the stability. In each of our ten remote offices, we have about ten to 15 people using it. At our corporate office we have 70 to 80 people. We require two people for deployment and one person for maintenance of the solution, including me, the IT manager and, our systems administrator. I would rate the solution at nine out of the. It's just missing that stability point.
If you want a robust firewall that has a great price point, this is the best way to go.
When considering a solution like this: > not only putting data security at the top of my list > user convenience as the second consideration. If there's anything extra that I have my users do, I have to really look seriously at those trade-offs.