WatchGuard Firebox Reviews

In regards to price and technology, it's a great solution.

I like that this product has very few issues.

The only downside is that it is missing an API, that you can use to easily collect information from it. Also, everything is proprietary with the WatchGuard software and that is a bit of an issue.

The API connection would be a very big improvement to get information from the system or to actually configure it with its own dashboard, for example.

Providing additional features would give it a more up-to-date management interface. They have only just entered the cloud since last year which puts them behind compared to other competitors, such as Fortinet, who has the advantage over that, but they have a disadvantage where they have several zero-day attacks on their devices.

I have been using WatchGuard for six or seven years.

Stability is the most valuable feature of this solution.

It's a very scalable solution, but we are not using it in a very large environment.

We use this solution because they have a very good support team. They are very knowledgeable about ways of implementing this solution in our industry.

Technical support is good.

The initial setup was straightforward.

It's fair pricing, but it could always be reduced.

I would suggest comparing the features of the competitors based on data consumption because that's where Firebox is winning.

Overall, we are quite happy with the Firebox solution and we have not seen any issues so far. This is why we are using it.

I would rate this solution an eight out of ten.

We have got WatchGuard Firewalls. So, we use their EDR, which is a part of the security package that they provide us.

We use this solution for additional protection and response. We use it in combination with the antivirus that we provide to our clients. We have the latest version of this solution.

The protection that it provides from ransomware is valuable. The awareness that it has is also valuable. 

It didn't have a central console earlier, but now it has a central console, which is pretty good.

It can have a couple of false positives, but after you add them to your allow list, it works fine.

It could have better Mac support. I am pretty sure it doesn't have much support for Mac. It can be installed on a Mac, but it is not that good.

I have been using this solution for probably about a year.

It is stable.

Its scalability is really good. You can scale up or scale down depending on the number of users. 

We have over 200 clients of this solution. We have plans to increase its usage. We'll be deploying it for other clients to whom we provide our services.

They provide very good support. I am definitely satisfied with their support.

It is straightforward. It doesn't take long.

We evaluated a couple of other options such as SentinelOne and Palo Alto EDR Edition. We went with this solution because it is inbuilt with the network security routers that they provide. It is like an all-in-one sort of bundle system, and that's why we chose it.

I would rate WatchGuard Threat Detection and Response a nine out of ten. It is pretty good, and I am satisfied with it.

The solution is lacking a professional website, they should be updated more often.

I have used the solution for five years. 

We found no bugs with the operation of the solution. 

There are no problems with the technical support. If a problem occurs it gets resolved immediately with our technical support partners.

The initial setup is simple and understandable.

I find the solution to be very affordable.

My advice for people that wants to implement the solution is that it is very good, you get value for money, and you will be well protected. Additionally, you should make sure the implementation is done correctly and the configuration is well defined.

I rate WatchGuard Firebox a nine out of ten. 

We use it to meet our compliance.

It is something that we need for compliance, and it has been useful. Their support staff is also amazing.

They need to stop the VLAN limitation. They have a VLAN limitation on the size of their boxes. It is the worst thing ever. They basically sell their boxes by the size and the number of VLANs it can handle, which is a real issue. You spend a couple of thousand dollars for a firewall, and you can only do 30 VLANs, which is extremely silly, as a matter of fact.

It would be really great to have something for easier mass rule changes. It also needs a drag-and-drop function so that you don't have to constantly duplicate firewall rules. It would be nice to have such a feature because you got one WatchGuard, and you want to mirror its config and change a couple of things in another one and move some things around. It is not as easy as you would necessarily think.

It is kind of expensive, and its pricing can be a little better for sure.

I have been using this solution for a couple of months.

Its stability is good.

It is not very scalable. If you need more than 30 VLANs, you got to upgrade to the next biggest box. You have to change the hardware box and swap the boxes.

Their tech support is great.

We used a different solution. We switched because the other company was unethical. They did some unethical things that we weren't too happy with.

It is easy. The GUIs of WatchGuard System Manager and WatchGuard are different. You have to know where to go and look in both places to set them up.

We have four admins in my company for its deployment.

It is kind of expensive. I buy it on the appliance. I always buy three-year total security.

I would recommend this solution. I would rate WatchGuard Data Loss Prevention an eight out of ten.

We primarily use the solution to protect our hardware.

The pricing of the solution is okay. It's not the most expensive option.

This product may do well outside of the Chinese market.

This isn't very popular in China. It doesn't offer the best protection and it's incompatible with a lot of China's websites. It makes a lot of mistakes when it is detecting items as it's not recognizing items correctly.

It has the functional WebBlocker and the server is not local. Sometimes the performance is bad we'll get pop-ups saying "the server is not available". I'm not sure if users outside of China have such an issue, or if it's just due to the fact that we have a unique web experience in the country. The solution just doesn't fit well here.  

The performance could be a bit better.

I've been working with the solution for almost ten years. We have three generations of WatchGuard under our belt.

We've had issues with unstable network connections. It's hard to say if this was caused by a bug or an internal issue. It seems to depend on the network environment if it is stable or not. There just seems to be some limitations.

The scalability seems to have some limitations. We've had issues with performance, and that might affect scalability. I'm not sure.

IN China, the company doesn't really have any presence and so there isn't really technical support we can connect with. There is only an agent that is present, and they haven't been too helpful in the past.

I don't recall how the initial setup was. I can't recall if it was difficult or straightforward.

The pricing is likely similar to Cisco's Firewall. It's not the cheapest option. It has a moderate price tag.

I'm not sure if I would recommend the product. My experiences are based on what we've seen in terms of response to our network environment. Maybe other companies have a good international network and maybe they would have not this issue. It's hard to say. In any case, we've had issues.

Overall, I would rate the solution at a seven out of ten. Maybe they shouldn't be in the Chinese market.

We use WatchGuard Intrusion Prevention Service to secure our servers. It's usually deployed to protect the whole network and the service.

It works right out of the box. You just have to enable it and you can start working. I have worked with other firewalls as well. With other solutions, you have to do a lot of tweaking. WatchGuard is pretty simple to use and easy to pick up.

It's pretty simple. It's very user friendly. I don't really see a way to simplify it further.

I have been using this solution for more than four years.

It's definitely stable. Sometimes there are some issues, but they usually get fixed with the updates — it automatically updates.

In terms of scalability, the interface and everything remains the same. If you go for a very small device or even a very large device, the user fee and the user experience is the same. So, obviously, you should go for a large device. At any time, if you are willing to upgrade, if you want to scale up, then you can just buy a new device and deploy it. The best thing is that you can just migrate the same configuration from a small device to a larger employee's device.

Regarding technical support, they could use more engineers. There is less support from engineers and they give you less time. There is always room for improvement regarding the support.

The initial setup is very straightforward. It can be deployed within three to four hours.

The price of WatchGuard Intrusion Prevention Service is pretty reasonable compared to similar solutions. The pricing is pretty competitive.

On a scale from one to ten, I would give this solution a rating of seven. If they made it more stable and improved customer support, I would give them a higher rating.

It is mostly for small to medium-sized businesses. Usually, large organizations have different requirements and they look for different kinds of products. 

Our company routinely deals with credit card numbers in transactions and we use WatchGuard to protect our clients' information. 

The most valuable feature is the protection that it offers.

The analytics are important because if there is an abnormality then it provides that information to us.

The ease of detecting where an issue is should be improved. It would be helpful if when an issue is detected, the system can send us an SMS message to our phones. This would allow us to immediately respond.

I have been working with WatchGuard since 2015, although we only implemented the Threat Detection and Response earlier this year.

Technical support is good. Our level one support in the country is near our office and when we have an issue they immediately respond.

We have had no issues with deployment because it can be pushed to the client.

The pricing is competitive.

When we implement a new product such as this, we start with a PoC. We ask our vendor to provide a demonstration and then we use it in our environment. This allows us to test each of our scenarios. My advice to others is to follow this approach whenever they want to use a product. Do the testing before they buy it.

Every product has it's weaknesses. Just because it benefits one company, doesn't mean that it benefits another. This is why testing is important.

I would rate this solution an eight out of ten.

The solution is very powerful.

It is the most effective on non-encrypted traffic and it is able to determine some threats through deep packet inspection. 

There is a basic deep packet inspection within the antivirus that is able to be run against proxy filtering and certain policies. It's pretty standard in the industry. 

The solution isn't what I would consider feature-rich.

Due to the fact that the high volume of traffic that is currently encrypted, I find that the antivirus is less effective every year. That's not just WatchGuard, however. It's the biggest area in need of improvement right now is as a whole in the industry. It has the same weaknesses other firewalls have, and that's its inability to dissect encrypted traffic. It is capable of doing it, however, it requires some specialty configuration that often interferes with Azure, Amazon cloud services, or things of that nature.

It would be useful if we could be able to get a report as to why the solution is doing one action but stopping another. You can configure it as part of the firewall to decrypt that traffic, effectively making it a middle man, however, in doing so, you often disrupt Microsoft Office 365 and Amazon Web Services. The capability is there. It is just not considered a recommended best practice.

While the ability to determine threats in non-encrypted traffic is a good part of a solution, it is not an adequate standalone. It does not have an endpoint component.

The feature I'm most interested in is additional endpoint protection, however, they recently purchased Panda. That would go in line with the EDR product. As a managed service provider, I'm always looking to simplify and clean my stack, so I can provide my customers with the best possible service with the least complexity. It's nice to know that they're actively working towards that already. 

Also, I should note that most of the features I want are currently already in beta.

I have 18 years of experience with the WatchGuard brand, and 13 years directly with their threat detection and response products. I've put in more than 30 pieces of WatchGuard hardware, firewalls, access points, etc., in the last 60 days.

I've been using WatchGuard's Gateway AntiVirus specifically for 15 years now.

The solution has remained very stable. It has never resulted in a service-related ticket being required or anything along those lines. Users can rely on it as it doesn't crash and there aren't bugs or glitches that affect its functionality.

The solution is very scalable as part of a whole solution. One of the best features is that it's capable of having file exceptions based on the MD5 hash.

As a consultant, I have many of the systems out in production and they are in environments ranging from five to 10 users, up to several hundred.

The technical support has been amazing. We're very satisfied with their level of support.

The initial setup was very, very easy. It was not complex at all.

Discussing licensing is tricky. It is not available as a standalone purchase. It is part of a whole, so I can't divide out the costs in an effective way.

We're a service provider and have been for a number of years. I'm a consultant.

The solution is part of the firewall and the UTM. It's never really handled as a separate entity, though it is licensed. It's part of their unified threat bundle.

I've used almost all of the current GUI interfaces. The antivirus has changed the backend engine a couple of times over the years. The current revision, I believe, is Bitdefender driven, but I'm not exactly 100% sure.

I'd advise other organizations, when setting up the solution, to configure all proxies and policies prior to doing the subscription service setup. 

If the policies are pre-configured and your proxies are set up prior to activating the security antivirus or the Gateway AntiVirus, 90% of the configuration is done for you. You only find yourself manually doing it if you are building rules after the fact.

As an antivirus and standalone product, I would rate the solution seven out of ten. The main reason is, as a gateway appliance, it does not have the capability to perform the same function as an endpoint antivirus. It is not a substitute for endpoint antivirus.