WatchGuard Firebox Reviews

It's our perimeter firewall.

We used to have Cisco and Cisco was pretty cumbersome. I actually still use Cisco, but I like WatchGuard for the features it has.

It provides us with Layer 2 and Layer 3 security.

If it didn't work we wouldn't be able to get to the internet and that would be a terrible thing.

All of its features are valuable, although we don't use the antivirus. We do use the web filter.

It's also the ease of configuration that I like. In terms of usability, it just works. And the throughput is 100 Mbps. It's fine.

There are a couple of things I wished that it would do, but I can't think of those off the top of my head.

I have been using WatchGuard Firebox for about 15 years.

It works and just keeps on working.

The scalability is fine.

Their technical support is good. Honestly, I haven't had to call them in five or six years.

We used Cisco previously. Cisco didn't have the features that I needed, like the proxies. A Cisco box would probably do that now, but back then they wouldn't. So we switched to WatchGuard.

The initial setup is straightforward. You just read the manual and follow the directions. It didn't take very long to set up. It was about an hour to have it configured and set up.

I have deployed Firebox to distributed locations. You just plug in the numbers, the IP addresses. That's all you do. It's pretty simple.

We have seen return on our investment. It just works. I may have to reboot it once every two or three years.

The pricing of WatchGuard was pretty comparable to Cisco, but I actually haven't looked at a new Cisco box in quite some time, so I can't say how they compare now.

I would advise that you go with whatever you're more comfortable with. If you're more comfortable with Cisco, then go with Cisco.

Firebox doesn't really save us time because whether you're going to configure a Cisco or you're going to configure a WatchGuard, you still have to configure something, no matter what it is. It is a little easier to configure WatchGuard though.

It takes just one person in our organization to deploy and support it, and that's me. Overall, our environment has about 300 users.

We use it to prevent any unnecessary stuff from getting into our network. It's for the usual security features. We do utilize the VPN and there are quite a few people on the VPN right now.

It gives our business layered security. Attack vectors it secures for us include denial of service attacks, people spoofing our network, as well as preventing malware from getting in — the typical attack vectors. We're satisfied with it overall.

Also, there was a phishing scheme going around a while back. WatchGuard caught it and we were able to mitigate it. That was very good. It keeps us from not having to worry about our network being under attack. It keeps us secure.

It saves us on the order of three hours a month. The solution just works.

• The set up of the VPN is pretty straightforward. Being able to build VPNs on the fly for certain users, if need be, is also valuable.
• The traffic monitoring is very nice.
• I also like the ease of blocking certain websites from getting in or users from getting to stuff they don't need to be at.

We're satisfied with the performance, as well as its reporting and management features.

The usability could be better, but it is definitely manageable. If we have to go to a backup internet connection, that could be a little bit easier. Other than that, I really don't have any complaints about it.

I've been using WatchGuard for three years. That's how long I have been with the company. The company has been using it upwards of 10 years, I believe.

It's very stable.

It's scalable. We are probably going to be doing another area for some of the outer branches and the WatchGuards will be part of that. I can't say how soon it's going to happen, but there have been discussions about it.

I have no complaints about WatchGuard's technical support. If you have a question, they answer it.

As far as I know, WatchGuard is the only one that our company has used. We like the product enough. We're buying another appliance because our support ran out on one of our boxes. We're continuing to buy WatchGuard stuff because it does what we need it to do, it's priced reasonably well, and we like the support and usability.

We have deployed this product to distributed locations. We have a couple of branch offices and we've set them up in all of our locations. We set it up, we configure it to our network settings, we put in all of the information we need, and we go from there. We usually take a configuration from an existing and apply it. It's straightforward. The documentation goes step-by-step on how to set it up. The last time I did one it took about an hour.

In terms of maintenance of WatchGuard there are three people in our department. Whoever sees a problem or hears about an issue takes care of it. Two of us are system analysts and the third is our director of information technology.

It keeps our network secure and that's a good enough return for me.

I feel that the pricing is fair for all of the security you get. That's one of the reasons we went with, and continue to go with, WatchGuard.

Go ahead and implement it and don't think twice about it.

We're not using the cloud visibility feature at this time. Maybe we will in the future.

There are 75 users of our environment, in total. They range from mechanics to accountants to our COO and CEO. Everybody in the organization uses it.

One of the most valuable features is that when we send emails and it gives a warning, you can configure those email addresses so that they can only send outside the email.

WatchGuard Data Loss Prevention could be improved if they would add a pocket-size, meaning limitations on the data size, where for example an email address can only send 25MB for a month.

In terms of additional tools, I would like to see more graphical reporting tools, with graphs, etc., that are very easy to comprehend. This is especially important if you are reporting to top management so they will fully understand what is happening in the firewall. You don't need to use technical terms or definitions, just show them the graph. That would be good.

I have been working with WatchGuard Data Loss Prevention for one year.

It is stable, though there is a problem with the RAM - it's eating up resources. The RAM utilization sometimes reaches up to 80% - 95%, and what we do is just restart the firewall. Maybe WatchGuard could get it higher.

The scalability is fine for small and medium enterprises, 10Gbps is fine and smooth. 

We have 800 employees using it. But for maintenance and monitoring, we only have one IT personnel. It is easy to maintain as long as you have the knowledge and capability.

After five years we will upgrade and I hope that there will be a higher model for WatchGuard. If not we will be looking into other high-performance firewalls, like Stormshield, where you have 20Gbps throughput.

The technical support here in our country is different vendors or resellers of the firewall WatchGuard. So you just have to choose the most reliable vendor for technical support.

We are a group of companies. One company said that their support, their vendor, is good in technical support, but we also have another company saying that their vendor supporting WatchGuard is not that reliable. So it's a 50/50.

We have used the antivirus and also the Data Loss Prevention for USB. But I don't think the antivirus can manipulate your emails, so in terms of a DLP with regards to emails, we have firewalls.

We chose firewall brands based on a group of concepts and brand proposals. We analyzed the best functionalities, not only for Data Loss Prevention but also for the firewall functionalities. I got WatchGuard because of its cost and functionality.

Initial setup is straightforward. They make the integrations simple and easy to understand. 

It is fast, only a day or two.

My advice for anyone is to get adequate knowledge. Whatever firewall brand you are going to use, you have to train one IT person for maintenance and support. Sometimes, or oftentimes, you don't want to have to rely on the vendor or the technical support, but to rely on your own IT by making them knowledgeable and capable of maintaining and monitoring the firewalls. Then you're good to go!

On a scale from 1 to 10 where 1 is the worst and 10 is the best, I would rate WatchGuard Data Loss Prevention an eight.

We primarily use the solution for our protection. We're currently concerned about our security and phishing scams, and we've employed this solution to help protect us.

The solution is very easy to use. 

It's very simple to find the information we need.

WatchGuard offers something called DNSWatchGo. It also is a cybersecurity offering. It can be added to Threat Detection and Response to make both stronger.

The solution isn't as efficient as a product like Palo Alto.

The pricing is expensive. Even compared to Palo Alto, it's quite costly.

Palo Alto provides more signature detections than this solution. WatchGuard TDR needs to be able to detect threats a bit better.

The reporting isn't so good. If they worked to improve this aspect of the solution, it would be much stronger.

I've been using the solution for about one year.

The solution is stable. We haven't experienced any bugs or glitches. There haven't been any crashes on it and our clients seem quite happy with it so far.

Technical support has been very good so far. We find them to be quite professional. We're satisfied with the level of service they provide to us and our clients.

The initial setup is easy. It's quite straightforward. There isn't any complexity involved. 

For one PC, deployment only takes about five minutes. It's very fast. However, we have to deploy it onto a few hundred PCs, so in that sense, it's a bit time consuming, simply because of the number of installs.

We used three technicians to handle the deployment of the solution.

We're an IT servicing company. We use our own teams for implementation and deployment of this solution.

We're a WatchGuard Silver Partner.

I'm not sure which version of the solution our organization is currently using.

Our company is quite small, but we service medium-sized organizations and have a large number of clients.

I'd rate the solution seven out of ten.

We have a web server on the optional network. Then, on the trusted side, we just run all our computers out through the Internet. We don't do anything too elaborate with it.

We do have some technicians and some design center salespeople who call in. This is best usage that we get out of the solution.

We don't host our website internally anymore. We used to host our website and it did help with that, getting everything set up. We have just recently removed that and gone to a third-party. But, that was something which was very useful, setting up our internal website and NATting IPs.

The solution has increased productivity with our outside salespeople being able to connect into their computers and use those remotely.

We are able to limit where users can go, what they can do, and what they can access, so they are not wasting time doing things that they shouldn't be doing. It does help to save time, e.g., limiting Facebook. 

We are able to segment our FTP website off on the optional, setting up the rules specifically. There are certain outside IPS coming into our computers where we have different machines out there setup where technicians can remote in, etc. Being able to set those up to specific IPS, not just allowing full access, is probably our main use for setup.

The usability is good. I like it. I don't have any issues. Most everything that we have tried to set up for what we use it for is pretty straightforward and easy to use.

We have probably had it for the last 10 years. I have been here the entire time.

The stability is very good. We haven't had any issues with ports or anything else. Everything has been very good as far as the stability and issues.

The performance and throughput that the solution provides is good. We haven't had any issues as far as when we have connections and things going on. So, it's very good.

The stability is good as far as our use. I feel like we do have room. We have extra ports on it. We can set them up if we need to, but we don't need to use them. However, I feel we have room to expand and grow, if needed.

We have probably 75 users setup. Mostly, they are authenticating through to get out to the Internet. We do have some protections on it: virus stuff and different websites that users can and can't get to. We have groups setup for that. That is our main use from the inside with most of our users going out. Then, we have five or six users who remote into computers and other things.

There are not necessarily plans on expanding anything at the moment. We are pretty much set where we are. Usage is not too heavy, as it's mostly users getting in and out with us restricting what they can get to.

I have only had to call once or twice for anything in any of the time that we have had the solution. Most of the time, if I do have a question or something, I can hop onto the forum and there is an answer, then away we go. As far as my experience with the forum and just a few calls, it has been very good. We haven't had anything that has hung us up for a long time.

WatchGuard was pretty much our first solution like this. We did not use anything else before it.

The initial setup was straightforward. It walked through everything as far as the configuration. Everything that we needed was right there. So, I didn't have to search for anything. It was easy set up.

We went from a different version to this version. Even from that to this version, it was probably up and running within an hour.

I usually set it up.

We didn't consult anyone. We didn't really have an implementation strategy per se. We just set it up (like the old one), then went through and looked at some of the new features and things we might want to use.

I maintain it and and set up whatever needs to be set up. The other IT guys can come in and do stuff if I'm not here. Generally, it doesn't take too much time to get anything set up that we need.

It saves us a couple hours a week.

We don't have any other costs other than the licensing stuff.

We did look around at a few different things. We just kind of settled on WatchGuard. It seemed to have the features that we needed, so we went in that direction.

I'd give it a 10 (out of 10). I haven't had any issues. The few issues that we have had, such as not knowing where to go, they have been answered quickly. I am going to give it a 10 because of its easy to use. If we have a question, it's easy to get an answer. Also, it's very simple. For most of everything that we do, we have been able to do them pretty easily. We are very happy.

If we were to ever look at something else, I would look for something that has ease of use, simplicity, and ease of setup. That is what I like about this. Everything is pretty straightforward and easy to find. The interface being easy to use and find has been very helpful.

We don't use a lot of the logs. Generally, we don't need to. If we do need to go look at something or pull something up, the information is there in HostWatch or the logs. I have been happy with it.

We're not using the cloud.

It's our primary edge firewall at the home office. We have two M470s running Active-Passive. We have about 100 users in total here. Everything runs through the firewall, so the users run the gamut from analysts to accountants to executives.

It protects us from viruses and intrusions.

It has also saved me time, about an hour per month.

The most valuable feature is the ease of use of the interface. The usability is good. It's a firewall, it does its job and it does it well.

The throughput also seems to be good. I don't have any issues with throughput.

The management features are good.

The reporting is a little on the weak side. I would like to see a better reporting set and easier drill-down options.

I've been with the company for a year and they were already on WatchGuard when I got here.

The stability is good. It runs well.

I haven't had reason to scale it. It's the edge firewall and it's used extensively. We're a pretty small environment with a couple of hundred devices.

We pay yearly.

It's just me who is responsible for deployment and maintenance of the solution.

We use this solution as an edge firewall and layer-3 routing internally.

This solution has provided ease and speed of rules. It has unparalleled troubleshooting with excellent reporting.

The most valuable features of this solution are live logging, rule setup and maintenance, and VPN creation.

We would like to see granular notification settings and more advanced filtering in traffic monitoring.

There is not a product that compares to this one.

Our primary use case for this solution is traffic management.

When the system recognizes that we are using something like VoIP, Skype, or Cisco Video Conference, then one can adjust the bandwidth. For example, we have it set so that VoIP has a limit of 120Kbps (Kilobits per second).

The most valuable feature of this solution is traffic management.

We like the diversity of categories for blocking and allowing traffic.

This solution is very easy to manage.

There is no message displayed for the user on the desktop informing them that access to a web page has been blocked by Application Control. Because of this, the administrator has to check the logs to find out. It would be better if the user could call the administrator and explain that the page has been blocked by Application Control, and give the details, like the category and the reason, at that time. In the Web Blocker module, you can define a message that is sent to the user on their browser.

This solution is very, very stable. We have never had a hardware failure, but the solution does require maintenance. You have to tune it because as more applications are developed and enhanced, there are new categories or applications that you have to allow or to block.

We use this solution on a daily basis.

This solution is scalable but within the limits already set by WatchGuard. You can edit categories but you cannot add a new category by yourself. Rather, it is a feature request. I would say that the main categories that are available at the moment are enough, but if something is missing then you cannot add it.

Every department is using this application, and each of them has a different configuration. For example, the sales department configuration is different from the management department, which is different from the service department. The Marketing department has to have access to social media, but the service department may not need to, and it might not be allowed because it can lead to wasted time.

We have approximately fifty users.

The technical support for this solution is prompt and very, very friendly.

The only issue that we have had is when a strange error happens that requires third-level support, we have to contact Seattle in the US from here in Germany. With the time difference, it means that it takes twenty-four hours to get a solution. That is just when we call. When we email, there is no problem with time difference because they have twenty-four-hour support that is not dependent on Seattle. It comes from India or Asia or somewhere else.

Prior to this solution, we used SonicWall, which was owned by Dell at the time. We switched to this solution because the configuration is more intuitive for the users. You can choose the GUI, or instead, as we prefer, you can use the WatchGuard client. With the client, you can do things like making an evaluation.

The initial setup of this solution is not complex because you can only choose certain options or categories. You have to mark the whole category, for example, business communication like Skype, Cisco Tandberg, or Microsoft Teams, or have it choose on its own. After the category has been chosen you mark the options that are allowed. You specify what is blocked and the traffic management options such as reserved or guaranteed bandwidth. At this point, it is only checkboxes and a start button.

It is very easy, but you have to tune it because sometimes things are blocked and they should not be.

Our deployment took approximately one hour and three people were involved.

Own our team handled the deployment and configuration.

You need to have one technical specialist to enter the configuration, but you also have to involve the departments. Each department manager can specify which categories are allowed, which are blocked, and perhaps the level of bandwidth that is required for each category in their department.

One person is required to maintain this solution, although there should also be a spare.

I would suggest that for mid-size companies of say one hundred users, you should choose different configurations. For example, Application Control group one, group two, group three. It could be a management group with more bandwidth and has fewer restrictions. Then ordinary users have more restrictions so you can give them a different configuration. You can specify the levels of restrictions, and in what categories. I feel this is something that is very important.

The only dynamic is increasing categories. If a department calls and says that they cannot access a particular webiste then the admin will check the logs to see why not. It will show the category, and the admin will have the choice to allow the whole category or just a single website. Social media might be a category where we do not allow sites like Facebook, but we do allow LinkedIn. In this case, the Social Media category is blocked but there is an exception checkbox for LinkedIn.

My advice for anybody researching this type of solution is to compare this with other products. The manageability in WatchGuard is very easy. I know other solutions and they are more complex and there is no traffic management capability included.

The biggest lesson that I have learned from using this solution is that things are dynamic. The internet is constantly growing, along with the categories. Startups like Zoom have a VoIP, so you would have to manage this application. The configuration is not static. It is dynamic, like everywhere in IT. You cannot just install it and leave it.

I would rate this solution a nine out of ten.