Please share with the community what you think needs improvement with WatchGuard Firebox.
What are its weaknesses? What would you like to see changed in a future version?
I'm not really impressed with the reporting side of it. It may be something I just haven't figured out very well, but it's hard to filter down on reporting of the actual valuable information that you would want. There is a lot of information out there so you have to have some kind of tool capture it and then filter through it. So far, I haven't found the reporting side of the WatchGuard to be that user-friendly. I would definitely like to see better reporting tools from WatchGuard. That would be a very high priority for me. Also, setting up the site-to-site VPN is pretty easy with the WatchGuard, but the client VPN setup is not very friendly. If you have a client-to-device VPN that you need to set up for a mobile user there are different protocols that they will accept but none of them are a plug-and-play type of option.
There are a couple of things I wished that it would do, but I can't think of those off the top of my head.
The usability could be better, but it is definitely manageable. If we have to go to a backup internet connection, that could be a little bit easier. Other than that, I really don't have any complaints about it.
WatchGuard could be a little more robust in reporting. I get requests a lot to figure out people's internet traffic. We want to know what people are doing when they are on the internet. There is still a little bit of fine-tuning that can be done to that process.
Websense is an application that monitors and filters internet traffic. Websense was derived from WatchGuard. But when you go to WatchGuard to actually implement that particular feature, you have to use some type of additional feature and you have to pay for it, unfortunately. I think it should be free or free in the WatchGuard box itself, as an option. It would be nice if they didn't charge us for that. And if they won't offer it for free, they should offer something better. It definitely needs a big improvement because it's very unfriendly. It's called Dimension Basic and there is a reason they call it basic, because it gives you very basic information. Let's say you want to track someone's internet activity or where they've been going. Websense gives you detailed information as far as the source. But this one only gives you very basic information and, on top of that, it's a free version for only a few months and then you have to pay for it. So not only is the version very basic but you still have to pay for it. That, in my opinion, has room for improvement. Everything else that we have, the live security services and network discovery and all the spam blocking, threat protection, and the web blocker, is included.
The reporting is a little on the weak side. I would like to see a better reporting set and easier drill-down options.
There is a slight learning curve. Beyond that, the only issue we've had in the past two or three years had to do with the number of current tunnel connections, and that was just an issue with our size of Firebox. We got a bigger Firebox. The old one was able to handle the load. It was just that we ran into a licensing issue. We had hit our number of concurrent tunnels. We have a lot of tunnels with the phone system. We have tunnels to and from each site for the phones to be able to talk. It was a little bit of a surprise when we came across this situation, but it's present in the documentation. It didn't take us long to figure out that that was the reason we were having an issue. It was just our not having the forethought to make sure that what we had was able to expand to meet our needs.
We would like to see granular notification settings and more advanced filtering in traffic monitoring.
There are some features I'd like to see, although they are not standard in any of the products in this class; for example, better monitoring. I'd like to have better access to workstation monitoring, connection monitoring, and the amount of time an address is being used, to better gauge proper network utilization. If I knew that something was connected to a particular external location for an extended period that seems abnormal, I'd be able to act upon it. It comes down to overall monitoring and reporting for the class of services that I have. The solution's reporting and management features, based on what I have, are fair. I'd like to see an easier way of managing, controlling, and viewing usage at an IP-address-based level.
We have several branch offices. Those things run, you forget about them. My biggest gripe was when I went to update some of my devices, to try to make some speed improvements, not only did I get hit with, "You need to renew your LiveSecurity," but there was this reinstatement fee that they threw in on top of it. That really angered me, to the point that I canceled the entire order. I actually almost replaced some of those devices and I'm looking to replace them because of that type of thing. It's fair to pay for services like filtering, etc., but I don't feel it's fair to pay for updates to a product because they're patching and fixing and updating their product because of bugs. If I want to pay for the next version of something that gives me additional features, that's fair. But to have to pay a reinstatement fee and that sort of thing, I find it to be a very poor and unethical practice. We'd never do that to our customers. The reason I haven't thrown a huge fit is because everybody does it. SonicWall will do it; Cisco. All those guys do that kind of thing. I really don't like that, particularly because you're talking about a device that you paid $300 for, and the reinstatement fees are another $200-plus. I can just buy a brand-new device for that, get a faster unit, and get another year of stuff. Maybe that's what they're trying to encourage me to do. But there are firewall devices out there that I can buy that will do a lot of the stuff that I need to do in the remote offices, without having to purchase a yearly or three-year plan. I keep our main system up to date, but for the small edge units, it's just an unneeded expense. That's my biggest negative and biggest gripe about WatchGuard. In terms of the reporting and management features — and this isn't necessarily a WatchGuard issue, this seems to be more of an industry-wide issue — you get reports, but a lot of times you don't know what you're looking at. You're so overwhelmed with the data. You're getting a lot of stuff that doesn't matter, so it takes time to parse through it, to actually get what you want to know. If it gives me a threat assessment such as, "You received an attack from North Korea," I don't know what that means. I know that an IP address from North Korea hit our server, and they tried a certain attack. Is that something I should take seriously or not? I don't know. But that seems to be true with a lot of the solutions out there. They tend to report everything, and there's not a lot of control over getting rid of the noise. I've had it report threat attacks from devices within my network, from my own PC, in fact. So it's misinterpreting some things, obviously. Reporting is not something I rely very heavily on because of that. I look at it but I don't know what I'm looking at. Instead, I have a monitor that displays various things about my network, and I will have the main screen up just to see things like which host in the network is the busiest. I tend to use the main dashboard to get real-time information.
Sometimes, the writing rules are a little confusing in how am I doing them. I had some trouble with the previous product version (XTM) at the end. When the product aged a bit, there were no redundant power supplies. For what we're doing, it would've been nice to have something to fall back on instead rebuilding and taking it from an old configuration because the older version did die. We were able to take from an older configuration, build a new one quickly, and get it up and running, which didn't take long, but there was some pain around it.
There is always room to get better, which is why I gave the solution a nine out of 10.
The software base, the management piece that goes onto a server, is not as user-friendly as I would like. There are three different pieces that you have to manage, so it's a little bit convoluted, in my opinion. For people who use it all the time, it's great. But I don't use the management interface all the time. Overall, it's powerful enough, so that is something that we can overlook.
We do a lot of work with cloud-based and Internet-based vendors. A lot of times when we are on the phone with them, I find that it is a bit more technical than they are used to when we are trying to set up specific exceptions to the firewall. We ask for the ports that it's going to use or the block of addresses that they're going to be going from. A lot of times the only thing that they have for us is the web address that they want me to whitelist. Unless I'm missing that functionality, it seems like it is looking more for those technical data points, essentially. A lot of times, I'm running into a problem where there's a lack of give and take between WatchGuard and me. We get it figured out eventually, but it would just be nice if there was a way to say, "We just want to whitelist this address."
Reporting is something you've got to set up separately. It's one of those things that you've got to put some time into. One of the options is to set up a local report server, which is what I did. It's not great. It's okay. I've heard their Dimension control reporting virtual machine is supposed to be a lot better, but I haven't had the time our resources to set that up. Some of the stuff is a little complicated to get up and running. Once you do, it becomes very user-friendly and easy to work with, but I find there are some implementation headaches with some of their stuff. I wish I had a contact at WatchGuard because there are a few things I'm not using. I'm not doing packet inspection because I know it's pretty intensive to install certificates on all my computers and have it actually analyze the encrypted traffic. That's something I'd like to do but I'd really like to talk to somebody at WatchGuard about it. Is that recommended with my number of users with my piece of hardware, or is that going to overload everything? I'm not using Dimension control. I'm not using cloud. If I had a sales rep or a support person that I could just check in with, that would help. Maybe they could do yearly account reviews where somebody calls me to say, "What are you using? What are you not using? What would you like more information about?" That sort of thing could go a long way. They do a lot of education, but it's sent out to the masses. They have really good emails they send out which I find very valuable, talking about the industry, security events, and other things to be aware of. But there's not too much personal reaching out that I've seen where they're say, "Hey, how can we help your company use this device better? What do you feel you need from us?" That's my main recommendation: There should be somebody reaching out to check in with us and help us get more out of our device.
The software in it could be a bit more friendly for an amateur user. I look at it and don't understand what half the stuff is. Looking at the interface, it is all mumbo-jumbo to me. It's not a simple interface. You have to be an IT guy to understand it. It is not for your average person to use, then walk away from it. It is much more entailed. It could be a bit more user-friendly, but my IT guy knows what he's doing with it. I just let him do most everything. They need to make it so you have a step-by-step guide which goes through and sets it all up for you. However, they don't have that. You have to know what you're doing with it.
I would like to see more simplified management of the firewall. It's something that I've had to bring in outside support for - for setting up the firewall - because I don't fully understand it yet. I've been learning it. Some of that is my fault, but it's a complicated system to use. I don't know if it can be simplified much, because of the nature of what it's doing. But it's very complicated.
We use WatchGuard to manage our failover for internet. If a primary internet goes down, it does a failover to the secondary the internet. However, what it doesn't do so well is that if the primary internet has a lot of latency but it's not completely down, it doesn't do a failover to the backup in a timely manner.
One of the things that is always valuable is workshops. It's really hard to get away and do webinars, but what I would like is a selection of webinars. I see WatchGuard comes forward with a webinar where they're going to introduce this or that. I'd like to see a lot more of those and a lot shorter. On lynda.com I can just point to a video to show me something I need to know how to do; for example, how to merge contacts in Outlook. But it is a ten-minute video. I would like to see more of that kind of learning. I'm sure WatchGuard has got all these videos, has got the webinars and the training sessions. But when I need to know something, I need to be able to get to it quickly. I want an indexed learning system very close to what lynda.com might use. I also want to be able to put questions forward either in a "frequently-asked-questions" forum or by sending them up to the support team for quick reply. I want to be able to go to a portal and put in my problem and have WatchGuard bounce back to me with, "Well, this is how we can do it," or "We don't have a solution for that." And then I can go to other vendors to look for a solution. The more targeted learning system I can have, the better. If I have to schedule a webinar that might take 30 minutes, there's a good chance I'll miss it. I sign up for webinars and it happens that I'm not available because I've got other fires going. The learning has to be there almost at my whim: "I've got a fire burning, I've got to figure out how to put it out. I need a ten-minute video to show me." Those learning sessions have to be available and easily found, when I need them. I have so little control over my schedule on a daily basis, and I'm sure I'm like many others. One other shortcoming is that there is no backup for it. We really haven't figured out how we might solve that problem. We may want to put a duplicate in. With Cisco, it's not uncommon to have dual firewalls with something our size. That way, if one were to fail, we've always got the other. With WatchGuard, we just have the one box. If that were to fail, we'd probably be really hurting.
It's very hard to get information from their website, for exactly what I need to do. Sometimes I end up having to open a lot of support tickets. It's either too detailed or not. I never have good luck with their online tools. It's a navigational issue which makes it hard to find what I'm looking for and it's just so broad. In addition, I have had a ticket in for an awful long time regarding a bug that they should address. If you're using a firewall as a DHCP server, it doesn't keep a good record of the leases. I opened a ticket on this about two years ago, and every couple of months I get an email back that it's still under engineering review.
The product could have some more predefined service protocols in the list, which don't have to manually be defined. But that's very low hanging fruit. The documentation for the System Manager/Dimension configuration, could be a little bit clearer. The use case where you have multiple sites with multiple firewalls, and one site that has the System Manager server and the Dimension server, wasn't really well defined. It took me a little bit of digging to get that to actually work.
It would be wonderful if the WatchGuard team develops nice products for threat intelligence. They have a subscription service called DNSWatch, but this needs to be improved.
This solution needs the option to add an external hard drive. The competitors have this. With WatchGuard, you have to get another server, set it up, and then point it to WatchGuard. That is where the logs will be stored. Some find this tedious because they have to get another server, although I find it advantageous because there is no hard drive needed. It removes another point of failure. In any case, if the customer wants an external hard drive then it would give them the option. I saw a feature in Cisco that was a historical trajectory of the files, or sets, moving in the network. I would like to see them include this feature in the next release of the TDR.
I don't know if it's just my version, but the WiFi access point integration has just started. It's getting better but if there were more reporting of the devices that are connected to WiFi access points that would be great. Right now I can see the MAC address and bandwidth usage for each device but that's about it. If I could see which sites the devices are visiting and what kind of traffic is generated from each device, that would be great.
I don't think that WatchGuard would need to improve on their product. They have some of the least expensive appliances and software out there. They are extremely easy to use, the GUI is great through the web and on the desktop. That's why I feel WatchGuard has outdone themselves on their security products. Hands down, it's one of the best firewalls I have ever worked with.
The set-up and additional feature screens are old in design and very granular. You have to know what you are doing.