What needs improvement with WatchGuard Firebox?

The solution's pricing could be improved.

The distribution and channel strategy, particularly in regions like Pakistan and Afghanistan, may hinder their visibility and adoption. Due to their lack of investment in marketing, channel development, and certifications, WatchGuard faces challenges in gaining visibility and market share, especially in regions like Pakistan. Unlike competitors such as Cisco and Fortinet, who offer extensive training and certifications for their partners, WatchGuard's limited focus in this area hinders their ability to attract technical talent and expand their customer base. To address this issue and improve its presence in the market, WatchGuard could consider offering free or low-cost certification programs to educate potential partners and customers on their technology. By empowering individuals with the necessary skills and knowledge, WatchGuard can create a network of brand ambassadors who can advocate for their solutions and drive adoption.

In WatchGuard Firebox, the antivirus and malware detection systems are areas with shortcomings that require improvement since they are the most important elements of a cybersecurity tool. In the future releases of WatchGuard Firebox, I want to see more frequent updates.

WatchGuard has several limitations, particularly concerning throughput and performance, and management, firmware updates, and customer support need improvement. The level of support from WatchGuard is not as good as what we get from Cisco and other vendors. The response time is high even in times of priority issues. Moreover, the solution doesn’t have deep filtering. This limitation affects packet analysis, traffic analysis, and traffic monitoring, particularly regarding troubleshooting. On the other hand, Fortinet Firewall offers a deep level of troubleshooting and packet filtering. This allows us to obtain detailed information in scenarios like drops or disruptions to understand where the issue occurred, whether with the customer or on our end. WatchGuard cannot perform packet captures for multiple IPs simultaneously, restricting us from achieving them individually. Due to these limitations, we are considering migrating to Fortinet.

When working with WatchGuard, specifically in configuring Panda Security on the portal for the first time, it was challenging for me. Creating the partner center and setting up the account in Panda Security was not straightforward. Although working with the Panda Security part itself is easy, I faced difficulties in creating the partner center. So, maybe this could be an area of improvement. Another area of improvement is the license. The price could be cheaper.

The performance of the solution's processor needs to be faster than other vendors. Also, it is time-consuming to configure it whenever multiple policies are involved. This area needs improvement as well.

Although this solution is better than others on the market, I'd like to see improvement in the visibility of network traffic. It feels that the web interface is missing some parts, particularly access and configuration.

Visibility with an app that could extract or connect the data without entering Firefox directly would be an improvement. I am looking for tools that can improve mobile security because our Firebox router mainly focuses on physical perimeter security. While we can use VPN to connect laptops to the network, mobile phones, and tablets can only rely on wireless networks, which don't provide direct endpoint security. Therefore, I believe there is a need for additional measures to connect mobile devices securely to the Firebox router. The price has room for improvement.

The VPN aspect of the WatchGuard Firebox is an area that could potentially benefit from improvement. We encountered difficulties while attempting to integrate Windows 11 laptops into the system, which resulted in unreliable connections. After some research, we discovered that this was primarily due to compatibility issues with Windows 11 and required a patch. However, it was still a challenge as it seemed that even when we tried to keep the laptops on Windows 10, they still exhibited the same issues as Windows 11 machines. Despite WatchGuard attributing the problem to Microsoft, we were eventually able to find a solution and all the machines are now functioning seamlessly. The solution comes with a web interface that facilitates configurations, but it doesn't have the same level of functionality as the installed client or system manager. The web UI could be further improved. In a future release, the detection of ransomware would be helpful. Ransomware is our biggest fear.

The user interface for WatchGuard Firebox has room for improvement. Right now, it's a bit complex to work with and could be easier. I like Fortigate better because its user interface is nicer and easier to work with than WatchGuard Firebox, so improving the user interface would be great.

The area where I think this product can be improved is the user interface and the reporting. It can be quite difficult to find the correct logs and to actually find out what is going on. The digging can be time-consuming.

I would like to see more training become available for us. I would like to see the port conflicts improved.

I'm pretty happy with it, but vulnerability management could improve a little bit in comparison to other parts, such as Cisco and so on. There could also be better reporting. For example, there should be more out-of-the-box management reports. These two improvements would be nice.

WatchGuard Firebox could improve the speed of updates, such as new features or improvements. However, they are frequently improving the solution in many areas, such as geo-locations, definitions, and web blocking.

Firebox would be improved with integration for endpoint protection solutions.

We've found that sometimes the solution is not easy to understand and we need to bring in some specialist assistance.

There is room for improvement in the threat protection, data packet inspection, and performance of the solution. Generally, it's just a lower-end product. It does the job but doesn't do it very well. Compared to Palo Alto, for example, some of the main differences are zero-day protection, performance, deep packet inspection, and App-ID. I'm not really a fan of WatchGuard. We only use it with one client and we're trying to get them to get rid of it. I prefer to use Palo Alto instead. Industry analysts have voted Palo Alto the number one firewall for the last eight consecutive years, so if you want good protection, it's a no-brainer.

They are working on cloud-based options. However, they do not have the options fully functional in their solution at this time.

An area for improvement is that when we use a web administration link, there is no security.

The vendor needs to address customer concerns and develop more according to requests, instead of prioritizing based on the existing roadmap. This is a great product and offers great protection but they don't hear the customers' needs. They don't make improvements as per the customers' requests. This is especially true in cases where the feature is common among competitors. In the future, I would like to see better integration with Active Directory. It should depend on the user's login. This is a feature in big demand and most competitors do not deal with it the right way. Making this change would make sense with customers.

The reporting could use improvement, because most of the firewalls available in the market come with the reporting built-in, with the memory and the hard disk capacity and all. With WatchGuard, the models we use, none of them support that part.

The solution can improve by adding a feature to tag a MAC address of a computer system in the policy and more IP configuration settings.

The way Secure Sign-On authentication is happening needs to be improved. When the Secure Sign-On portal is turned on, anybody who comes into the campus, whether he or she is a staff member or a guest, has to go past the initial portal. One of the shortcomings is the username. It shouldn't allow permutations or combinations with upper or lower cases. For example, when there is a username abc, it shouldn't allow ABC or Abc. It should not allow the same username, but currently, two separate people can go in. Therefore, its authentication or validation should be improved, and the case sensitiveness should be picked up. If I have restricted someone to two devices, they shouldn't be able to use different combinations of the same username and get into the third or fourth device. It shouldn't allow different combinations of alphabets to be used to log in.

Often, customers don't end up using a lot of the features. They should move more towards integration with other OEMs such as web application firewalls, et cetera. There should be better integration and a way to configure multiple vendors into the same data center in order to offer more flexibility.

The solution is lacking a professional website, they should be updated more often.

I would like to have a little more control over access points and the ability to see the bandwidth that is passing through a specific access point. We are not able to see that. We can see what traffic is passing through the Firebox itself, but we can't identify if it is coming from a particular access point or not.

I don't think I can get a full-blown DNS client from it. I've been trying to have DNS services. It has forwarding, but I don't get the services of a full DNS client. My main difficulty with it is that I can't run a complete service. I need NTP. I need DNS. I need DHCP for my domain, but I only get forwarding. As far as I can tell, I don't get caching and the kinds of reporting and registration needed to host a DNS for a domain. I have to have a separate solution for that. I also struggle with its usability a little bit. I come from an open source background, so I'm accustomed to BIND and DHCP from Linux builds. With their tools I'm struggling to have a web interface. I'm not getting a third-party web interface, so I'm using Webmin, which I have become accustomed to. You have to relearn or find services that you know are there. You have to figure out what they mean by an alias. Setting up a network interface or port-forwarding isn't necessarily using the language that I'm accustomed to. Every time you deal with a new user interface, they structure things differently. Where do you go and how do you maintain it and how do you document it? So I'm frustrated often when I get involved in vertical software where they start to brand or rename things, or they've adopted terminology. An example with WatchGuard is that every time I want to find a log, I have to search forever to find just basic logging. It's in there someplace, consistently. It's just that there isn't a button that says "logging."

I would like to see the number of management consoles reduced. As it is now, Firebox can be configured using the web UI, WatchGuard System Manager, Dimension server, and from the cloud. This should be done without affecting the way we deal with the configuration file, as it's one of the strongest points in making its implementation smooth and easy. I would like to see the devices made more flexible by adding modules to increase the ports that we can use. As it's started from T80, the last edition of tabletop appliances, it should also be applied to all M series appliances.

I haven’t dug deeply into the reporting features yet or if they are working well. However, I have generated several reports and there was too much unnecessary information, in comparison with the reporting features in the Sophos firewall. Sophos' reporting is more readable and easier to configure. Having said that, reporting features were not very important for us when selecting a solution. What was important were other types of functionality that WatchGuard Firebox was able to meet. In addition to the reporting features, I would suggest they work on an SSL VPN gateway.

The pricing could be improved. It is definitely one of the more expensive products, though you can't really compare it to Ubiquiti or SonicWall.

The reporting features are not as flexible as I thought before I bought it. You can retrieve some simple statistics from the centralized reporting server. But let's say I want to look at the volume of internet access among our staff. There are no out-of-the-box reports or stats or any unit of measurement that show internet access for particular staff. There is no report that shows how long they're on or the volume of traffic, especially in a particular period. It's not necessary that it have very modern BI analytics, but at this point I'm a little bit disappointed with the reporting. One of the purposes of implementing the firewall was to do more application control and reduce the risk involved in employees accessing the internet. We want to measure and know how much time of our staff spends accessing and browsing and using internet resources.

The data loss protection works well, but it could be easier to configure. The complexity of data loss protection makes it a more difficult feature to fully leverage. Better integration with third-party, two-factor authentication would be advantageous.

Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard. I'm missing a tool by default, where you can find unused policies. This is possible when a) you adminstrate the firebox with dimension, or b) you connect it to Watchguard's cloud.

I would like to see more tutorials on setting up the Firebox.

If they could make the traffic monitoring easier that would be great. I don't use it that frequently, but I would like to see some improvements in the ease of use of that component, so it makes more sense. I know it's a technical component so there's going to be some difficulty trying to make that easier. Also, if they could provide more examples in their documentation, that would help. Sometimes they will say, "Hey, go in and set this up," and it would be so much easier to do it if they put in a couple of examples and showed me. Imagine instructions on how to change a tire and the steps you go through. Give me some pictures or some examples of how you change the tire. Where do you put the jack so it doesn't tear up the fender on your car? I'm a person who loves looking at examples cause I can look at things and see how they applied them and then learn from them. Even if they put in some snapshots and said, "Here's how this should look after you put this information in," that would help. It would be confirmation that this is accurate and this is going to work. Finally, when we did the split tunneling, as it turned out, that was an all-or-nothing, global setting. As soon as I did that it impacted everybody. What I was hoping to do was to set that up so that I could do a pilot group and, once it was working, I could turn it on for everybody. We needed to get it going and it was all-or-nothing. We did that on a weekend and it ate up my weekend time.

There is room for improvement on the education side, regarding what does what, rather than just throwing it at a person and assuming they know everything about it. A lot of times, you have to call WatchGuard support to get the solution that will work, rather than their just having it published so that you can fix the problem on your own.

I'm not really impressed with the reporting side of it. It may be something I just haven't figured out very well, but it's hard to filter down on reporting of the actual valuable information that you would want. There is a lot of information out there so you have to have some kind of tool capture it and then filter through it. So far, I haven't found the reporting side of the WatchGuard to be that user-friendly. I would definitely like to see better reporting tools from WatchGuard. That would be a very high priority for me. Also, setting up the site-to-site VPN is pretty easy with the WatchGuard, but the client VPN setup is not very friendly. If you have a client-to-device VPN that you need to set up for a mobile user there are different protocols that they will accept but none of them are a plug-and-play type of option.

There are a couple of things I wished that it would do, but I can't think of those off the top of my head.

The usability could be better, but it is definitely manageable. If we have to go to a backup internet connection, that could be a little bit easier. Other than that, I really don't have any complaints about it.

WatchGuard could be a little more robust in reporting. I get requests a lot to figure out people's internet traffic. We want to know what people are doing when they are on the internet. There is still a little bit of fine-tuning that can be done to that process.

Websense is an application that monitors and filters internet traffic. Websense was derived from WatchGuard. But when you go to WatchGuard to actually implement that particular feature, you have to use some type of additional feature and you have to pay for it, unfortunately. I think it should be free or free in the WatchGuard box itself, as an option. It would be nice if they didn't charge us for that. And if they won't offer it for free, they should offer something better. It definitely needs a big improvement because it's very unfriendly. It's called Dimension Basic and there is a reason they call it basic, because it gives you very basic information. Let's say you want to track someone's internet activity or where they've been going. Websense gives you detailed information as far as the source. But this one only gives you very basic information and, on top of that, it's a free version for only a few months and then you have to pay for it. So not only is the version very basic but you still have to pay for it. That, in my opinion, has room for improvement. Everything else that we have, the live security services and network discovery and all the spam blocking, threat protection, and the web blocker, is included.

The reporting is a little on the weak side. I would like to see a better reporting set and easier drill-down options.

There is a slight learning curve. Beyond that, the only issue we've had in the past two or three years had to do with the number of current tunnel connections, and that was just an issue with our size of Firebox. We got a bigger Firebox. The old one was able to handle the load. It was just that we ran into a licensing issue. We had hit our number of concurrent tunnels. We have a lot of tunnels with the phone system. We have tunnels to and from each site for the phones to be able to talk. It was a little bit of a surprise when we came across this situation, but it's present in the documentation. It didn't take us long to figure out that that was the reason we were having an issue. It was just our not having the forethought to make sure that what we had was able to expand to meet our needs.

We would like to see granular notification settings and more advanced filtering in traffic monitoring.

There are some features I'd like to see, although they are not standard in any of the products in this class; for example, better monitoring. I'd like to have better access to workstation monitoring, connection monitoring, and the amount of time an address is being used, to better gauge proper network utilization. If I knew that something was connected to a particular external location for an extended period that seems abnormal, I'd be able to act upon it. It comes down to overall monitoring and reporting for the class of services that I have. The solution's reporting and management features, based on what I have, are fair. I'd like to see an easier way of managing, controlling, and viewing usage at an IP-address-based level.

We have several branch offices. Those things run, you forget about them. My biggest gripe was when I went to update some of my devices, to try to make some speed improvements, not only did I get hit with, "You need to renew your LiveSecurity," but there was this reinstatement fee that they threw in on top of it. That really angered me, to the point that I canceled the entire order. I actually almost replaced some of those devices and I'm looking to replace them because of that type of thing. It's fair to pay for services like filtering, etc., but I don't feel it's fair to pay for updates to a product because they're patching and fixing and updating their product because of bugs. If I want to pay for the next version of something that gives me additional features, that's fair. But to have to pay a reinstatement fee and that sort of thing, I find it to be a very poor and unethical practice. We'd never do that to our customers. The reason I haven't thrown a huge fit is because everybody does it. SonicWall will do it; Cisco. All those guys do that kind of thing. I really don't like that, particularly because you're talking about a device that you paid $300 for, and the reinstatement fees are another $200-plus. I can just buy a brand-new device for that, get a faster unit, and get another year of stuff. Maybe that's what they're trying to encourage me to do. But there are firewall devices out there that I can buy that will do a lot of the stuff that I need to do in the remote offices, without having to purchase a yearly or three-year plan. I keep our main system up to date, but for the small edge units, it's just an unneeded expense. That's my biggest negative and biggest gripe about WatchGuard. In terms of the reporting and management features — and this isn't necessarily a WatchGuard issue, this seems to be more of an industry-wide issue — you get reports, but a lot of times you don't know what you're looking at. You're so overwhelmed with the data. You're getting a lot of stuff that doesn't matter, so it takes time to parse through it, to actually get what you want to know. If it gives me a threat assessment such as, "You received an attack from North Korea," I don't know what that means. I know that an IP address from North Korea hit our server, and they tried a certain attack. Is that something I should take seriously or not? I don't know. But that seems to be true with a lot of the solutions out there. They tend to report everything, and there's not a lot of control over getting rid of the noise. I've had it report threat attacks from devices within my network, from my own PC, in fact. So it's misinterpreting some things, obviously. Reporting is not something I rely very heavily on because of that. I look at it but I don't know what I'm looking at. Instead, I have a monitor that displays various things about my network, and I will have the main screen up just to see things like which host in the network is the busiest. I tend to use the main dashboard to get real-time information.

Sometimes, the writing rules are a little confusing in how am I doing them. I had some trouble with the previous product version (XTM) at the end. When the product aged a bit, there were no redundant power supplies. For what we're doing, it would've been nice to have something to fall back on instead rebuilding and taking it from an old configuration because the older version did die. We were able to take from an older configuration, build a new one quickly, and get it up and running, which didn't take long, but there was some pain around it.

The software base, the management piece that goes onto a server, is not as user-friendly as I would like. There are three different pieces that you have to manage, so it's a little bit convoluted, in my opinion. For people who use it all the time, it's great. But I don't use the management interface all the time. Overall, it's powerful enough, so that is something that we can overlook.

There is always room to get better, which is why I gave the solution a nine out of 10.

Reporting is something you've got to set up separately. It's one of those things that you've got to put some time into. One of the options is to set up a local report server, which is what I did. It's not great. It's okay. I've heard their Dimension control reporting virtual machine is supposed to be a lot better, but I haven't had the time our resources to set that up. Some of the stuff is a little complicated to get up and running. Once you do, it becomes very user-friendly and easy to work with, but I find there are some implementation headaches with some of their stuff. I wish I had a contact at WatchGuard because there are a few things I'm not using. I'm not doing packet inspection because I know it's pretty intensive to install certificates on all my computers and have it actually analyze the encrypted traffic. That's something I'd like to do but I'd really like to talk to somebody at WatchGuard about it. Is that recommended with my number of users with my piece of hardware, or is that going to overload everything? I'm not using Dimension control. I'm not using cloud. If I had a sales rep or a support person that I could just check in with, that would help. Maybe they could do yearly account reviews where somebody calls me to say, "What are you using? What are you not using? What would you like more information about?" That sort of thing could go a long way. They do a lot of education, but it's sent out to the masses. They have really good emails they send out which I find very valuable, talking about the industry, security events, and other things to be aware of. But there's not too much personal reaching out that I've seen where they're say, "Hey, how can we help your company use this device better? What do you feel you need from us?" That's my main recommendation: There should be somebody reaching out to check in with us and help us get more out of our device.

We do a lot of work with cloud-based and Internet-based vendors. A lot of times when we are on the phone with them, I find that it is a bit more technical than they are used to when we are trying to set up specific exceptions to the firewall. We ask for the ports that it's going to use or the block of addresses that they're going to be going from. A lot of times the only thing that they have for us is the web address that they want me to whitelist. Unless I'm missing that functionality, it seems like it is looking more for those technical data points, essentially. A lot of times, I'm running into a problem where there's a lack of give and take between WatchGuard and me. We get it figured out eventually, but it would just be nice if there was a way to say, "We just want to whitelist this address."

The software in it could be a bit more friendly for an amateur user. I look at it and don't understand what half the stuff is. Looking at the interface, it is all mumbo-jumbo to me. It's not a simple interface. You have to be an IT guy to understand it. It is not for your average person to use, then walk away from it. It is much more entailed. It could be a bit more user-friendly, but my IT guy knows what he's doing with it. I just let him do most everything. They need to make it so you have a step-by-step guide which goes through and sets it all up for you. However, they don't have that. You have to know what you're doing with it.

I would like to see more simplified management of the firewall. It's something that I've had to bring in outside support for - for setting up the firewall - because I don't fully understand it yet. I've been learning it. Some of that is my fault, but it's a complicated system to use. I don't know if it can be simplified much, because of the nature of what it's doing. But it's very complicated.

We use WatchGuard to manage our failover for internet. If a primary internet goes down, it does a failover to the secondary the internet. However, what it doesn't do so well is that if the primary internet has a lot of latency but it's not completely down, it doesn't do a failover to the backup in a timely manner.

One of the things that is always valuable is workshops. It's really hard to get away and do webinars, but what I would like is a selection of webinars. I see WatchGuard comes forward with a webinar where they're going to introduce this or that. I'd like to see a lot more of those and a lot shorter. On lynda.com I can just point to a video to show me something I need to know how to do; for example, how to merge contacts in Outlook. But it is a ten-minute video. I would like to see more of that kind of learning. I'm sure WatchGuard has got all these videos, has got the webinars and the training sessions. But when I need to know something, I need to be able to get to it quickly. I want an indexed learning system very close to what lynda.com might use. I also want to be able to put questions forward either in a "frequently-asked-questions" forum or by sending them up to the support team for quick reply. I want to be able to go to a portal and put in my problem and have WatchGuard bounce back to me with, "Well, this is how we can do it," or "We don't have a solution for that." And then I can go to other vendors to look for a solution. The more targeted learning system I can have, the better. If I have to schedule a webinar that might take 30 minutes, there's a good chance I'll miss it. I sign up for webinars and it happens that I'm not available because I've got other fires going. The learning has to be there almost at my whim: "I've got a fire burning, I've got to figure out how to put it out. I need a ten-minute video to show me." Those learning sessions have to be available and easily found, when I need them. I have so little control over my schedule on a daily basis, and I'm sure I'm like many others. One other shortcoming is that there is no backup for it. We really haven't figured out how we might solve that problem. We may want to put a duplicate in. With Cisco, it's not uncommon to have dual firewalls with something our size. That way, if one were to fail, we've always got the other. With WatchGuard, we just have the one box. If that were to fail, we'd probably be really hurting.

It's very hard to get information from their website, for exactly what I need to do. Sometimes I end up having to open a lot of support tickets. It's either too detailed or not. I never have good luck with their online tools. It's a navigational issue which makes it hard to find what I'm looking for and it's just so broad. In addition, I have had a ticket in for an awful long time regarding a bug that they should address. If you're using a firewall as a DHCP server, it doesn't keep a good record of the leases. I opened a ticket on this about two years ago, and every couple of months I get an email back that it's still under engineering review.

The product could have some more predefined service protocols in the list, which don't have to manually be defined. But that's very low hanging fruit. The documentation for the System Manager/Dimension configuration, could be a little bit clearer. The use case where you have multiple sites with multiple firewalls, and one site that has the System Manager server and the Dimension server, wasn't really well defined. It took me a little bit of digging to get that to actually work.

It would be wonderful if the WatchGuard team develops nice products for threat intelligence. They have a subscription service called DNSWatch, but this needs to be improved.

This solution needs the option to add an external hard drive. The competitors have this. With WatchGuard, you have to get another server, set it up, and then point it to WatchGuard. That is where the logs will be stored. Some find this tedious because they have to get another server, although I find it advantageous because there is no hard drive needed. It removes another point of failure. In any case, if the customer wants an external hard drive then it would give them the option. I saw a feature in Cisco that was a historical trajectory of the files, or sets, moving in the network. I would like to see them include this feature in the next release of the TDR.

I don't know if it's just my version, but the WiFi access point integration has just started. It's getting better but if there were more reporting of the devices that are connected to WiFi access points that would be great. Right now I can see the MAC address and bandwidth usage for each device but that's about it. If I could see which sites the devices are visiting and what kind of traffic is generated from each device, that would be great.

I don't think that WatchGuard would need to improve on their product. They have some of the least expensive appliances and software out there. They are extremely easy to use, the GUI is great through the web and on the desktop. That's why I feel WatchGuard has outdone themselves on their security products. Hands down, it's one of the best firewalls I have ever worked with.

The set-up and additional feature screens are old in design and very granular. You have to know what you are doing.