WatchGuard Firebox Reviews

We use it to prevent any unnecessary stuff from getting into our network. It's for the usual security features. We do utilize the VPN and there are quite a few people on the VPN right now.

It gives our business layered security. Attack vectors it secures for us include denial of service attacks, people spoofing our network, as well as preventing malware from getting in — the typical attack vectors. We're satisfied with it overall.

Also, there was a phishing scheme going around a while back. WatchGuard caught it and we were able to mitigate it. That was very good. It keeps us from not having to worry about our network being under attack. It keeps us secure.

It saves us on the order of three hours a month. The solution just works.

• The set up of the VPN is pretty straightforward. Being able to build VPNs on the fly for certain users, if need be, is also valuable.
• The traffic monitoring is very nice.
• I also like the ease of blocking certain websites from getting in or users from getting to stuff they don't need to be at.

We're satisfied with the performance, as well as its reporting and management features.

The usability could be better, but it is definitely manageable. If we have to go to a backup internet connection, that could be a little bit easier. Other than that, I really don't have any complaints about it.

I've been using WatchGuard for three years. That's how long I have been with the company. The company has been using it upwards of 10 years, I believe.

It's very stable.

It's scalable. We are probably going to be doing another area for some of the outer branches and the WatchGuards will be part of that. I can't say how soon it's going to happen, but there have been discussions about it.

I have no complaints about WatchGuard's technical support. If you have a question, they answer it.

As far as I know, WatchGuard is the only one that our company has used. We like the product enough. We're buying another appliance because our support ran out on one of our boxes. We're continuing to buy WatchGuard stuff because it does what we need it to do, it's priced reasonably well, and we like the support and usability.

We have deployed this product to distributed locations. We have a couple of branch offices and we've set them up in all of our locations. We set it up, we configure it to our network settings, we put in all of the information we need, and we go from there. We usually take a configuration from an existing and apply it. It's straightforward. The documentation goes step-by-step on how to set it up. The last time I did one it took about an hour.

In terms of maintenance of WatchGuard there are three people in our department. Whoever sees a problem or hears about an issue takes care of it. Two of us are system analysts and the third is our director of information technology.

It keeps our network secure and that's a good enough return for me.

I feel that the pricing is fair for all of the security you get. That's one of the reasons we went with, and continue to go with, WatchGuard.

Go ahead and implement it and don't think twice about it.

We're not using the cloud visibility feature at this time. Maybe we will in the future.

There are 75 users of our environment, in total. They range from mechanics to accountants to our COO and CEO. Everybody in the organization uses it.

One of the most valuable features is that when we send emails and it gives a warning, you can configure those email addresses so that they can only send outside the email.

WatchGuard Data Loss Prevention could be improved if they would add a pocket-size, meaning limitations on the data size, where for example an email address can only send 25MB for a month.

In terms of additional tools, I would like to see more graphical reporting tools, with graphs, etc., that are very easy to comprehend. This is especially important if you are reporting to top management so they will fully understand what is happening in the firewall. You don't need to use technical terms or definitions, just show them the graph. That would be good.

I have been working with WatchGuard Data Loss Prevention for one year.

It is stable, though there is a problem with the RAM - it's eating up resources. The RAM utilization sometimes reaches up to 80% - 95%, and what we do is just restart the firewall. Maybe WatchGuard could get it higher.

The scalability is fine for small and medium enterprises, 10Gbps is fine and smooth. 

We have 800 employees using it. But for maintenance and monitoring, we only have one IT personnel. It is easy to maintain as long as you have the knowledge and capability.

After five years we will upgrade and I hope that there will be a higher model for WatchGuard. If not we will be looking into other high-performance firewalls, like Stormshield, where you have 20Gbps throughput.

The technical support here in our country is different vendors or resellers of the firewall WatchGuard. So you just have to choose the most reliable vendor for technical support.

We are a group of companies. One company said that their support, their vendor, is good in technical support, but we also have another company saying that their vendor supporting WatchGuard is not that reliable. So it's a 50/50.

We have used the antivirus and also the Data Loss Prevention for USB. But I don't think the antivirus can manipulate your emails, so in terms of a DLP with regards to emails, we have firewalls.

We chose firewall brands based on a group of concepts and brand proposals. We analyzed the best functionalities, not only for Data Loss Prevention but also for the firewall functionalities. I got WatchGuard because of its cost and functionality.

Initial setup is straightforward. They make the integrations simple and easy to understand. 

It is fast, only a day or two.

My advice for anyone is to get adequate knowledge. Whatever firewall brand you are going to use, you have to train one IT person for maintenance and support. Sometimes, or oftentimes, you don't want to have to rely on the vendor or the technical support, but to rely on your own IT by making them knowledgeable and capable of maintaining and monitoring the firewalls. Then you're good to go!

On a scale from 1 to 10 where 1 is the worst and 10 is the best, I would rate WatchGuard Data Loss Prevention an eight.

We primarily use the solution for our protection. We're currently concerned about our security and phishing scams, and we've employed this solution to help protect us.

The solution is very easy to use. 

It's very simple to find the information we need.

WatchGuard offers something called DNSWatchGo. It also is a cybersecurity offering. It can be added to Threat Detection and Response to make both stronger.

The solution isn't as efficient as a product like Palo Alto.

The pricing is expensive. Even compared to Palo Alto, it's quite costly.

Palo Alto provides more signature detections than this solution. WatchGuard TDR needs to be able to detect threats a bit better.

The reporting isn't so good. If they worked to improve this aspect of the solution, it would be much stronger.

I've been using the solution for about one year.

The solution is stable. We haven't experienced any bugs or glitches. There haven't been any crashes on it and our clients seem quite happy with it so far.

Technical support has been very good so far. We find them to be quite professional. We're satisfied with the level of service they provide to us and our clients.

The initial setup is easy. It's quite straightforward. There isn't any complexity involved. 

For one PC, deployment only takes about five minutes. It's very fast. However, we have to deploy it onto a few hundred PCs, so in that sense, it's a bit time consuming, simply because of the number of installs.

We used three technicians to handle the deployment of the solution.

We're an IT servicing company. We use our own teams for implementation and deployment of this solution.

We're a WatchGuard Silver Partner.

I'm not sure which version of the solution our organization is currently using.

Our company is quite small, but we service medium-sized organizations and have a large number of clients.

I'd rate the solution seven out of ten.

We have four locations and at every one of them we use WatchGuard. We use them as firewalls and for UTM. They provide protection in terms of detection and prevention. And we also use them for site-to-site VPN, as well as for direct connect, VPN to AWS, and to AWS using VLAN tagging.

One of the main ways it has helped is that we use site-to-site VPN a lot, as well as remote access ACLs and client-to-VPN. Prior to WatchGuard, for example, we used to use Remote Desktop, which is not very secure, or RD Web, which is also not very secure. We installed the client VPN on everyone's remote computer and they can access our local area network. That is much better than using the other solutions. It's an improvement for the user and it's less risky for us. It gives us peace of mind that we're using the proper channels to access our network.

It's hard to pick one feature over another. But if I had to pick one, the UTM would be the most valuable because of the notification. I get notified via email if there is any type of threat detection or alert, telling me something is wrong.

For me personally, because I'm Cisco-Certified, it was very easy to take this over. I think it's a lot easier to work with because it's a GUI and not a CLI. I cannot speak for other users or other administrators, but it's pretty simple.

Based on our needs, the throughput is pretty solid. We haven't had any issues as far as the throughput is concerned. This particular box maxes out at 2 GBs and we only have 1 GB so we haven't had any latency.

I manage it using the System Manager, based on the firewall access control that I have. I've been able to manage it and use it without any problems.

Websense is an application that monitors and filters internet traffic. Websense was derived from WatchGuard. But when you go to WatchGuard to actually implement that particular feature, you have to use some type of additional feature and you have to pay for it, unfortunately. I think it should be free or free in the WatchGuard box itself, as an option. It would be nice if they didn't charge us for that.

And if they won't offer it for free, they should offer something better. It definitely needs a big improvement because it's very unfriendly. It's called Dimension Basic and there is a reason they call it basic, because it gives you very basic information. Let's say you want to track someone's internet activity or where they've been going. Websense gives you detailed information as far as the source. But this one only gives you very basic information and, on top of that, it's a free version for only a few months and then you have to pay for it. So not only is the version very basic but you still have to pay for it. That, in my opinion, has room for improvement.

Everything else that we have, the live security services and network discovery and all the spam blocking, threat protection, and the web blocker, is included.

We've been using Firebox for as long as I can remember. I inherited this position close to 13 years ago and they'd been using it before that.

For the most part, everything seems to be working without any issues. That's why we've had it for this long, close to 17 years for the company and, under me, for 13 years. There are more pros than cons.

We haven't had any issues. I always buy an additional box as a Hot Standby. I have never had to use it, and thank God for that. So it's been very stable. We keep them for a maximum of three to four years and then we upgrade to a newer one. For the time that we keep the box active, we don't have any issues.

In terms of scalability, as far other features go, we're stuck with what we have on the physical appliance. For example, we had one that was set to 300 MBs for throughput and when we wanted to upgrade, we couldn't obviously use that same box. It wasn't really scalable. So we had to upgrade to a newer version.

We have four locations and approximately 400 users. We don't have any firm plans to increase usage. The owner of our company just acquired another company and that may make a difference. WatchGuard is the main component that we use. The subscription for all four of the WatchGuards that we currently have ends in 180 days. We're just going to upgrade to the newer version, if it's available. 

There was an incident, back in the day, where I called for support and the guy sort of brushed me off. It was very uncomfortable but it could have been an isolated incident. I don't want to say that all the support engineers are the same. But this particular guy was either drunk or rude.

Other than that, it's been very smooth sailing for us, as far as support goes.

We have always been using Cisco. They decided that WatchGuard would be beneficial to keep because it's GUI and it's a lot easier to work with than other products, especially for junior admins.

I set it up all the time and it's very straightforward. It's very easy to set up and very easy to migrate over to a newer version. It's really simple. I've only done a new deployment once. 

For upgrades, you save the configuration and you upload it to a new file, or you just open a new file and browse to the configuration file that you saved. It usually takes 10 minutes at the most.

But the first deployment, because it was obviously more involved, took a few hours. Setup included the site-to-site VPN, the client VPN, the actual interfaces, the static NATs, a lot of the firewall policy, the internet certificates, and the policy routing; the basic components of any router.

Deploying WatchGuard to distributed locations is mainly the same. Obviously, there are differences in the IP addressing and the network addresses. And you have to take care of the VPN connection between the two, to be able to communicate using the site-to-site VPN. There is also web blocking. We have certain policies for denying access to certain sites or certain applications. We don't allow, for example, weapons or sex or any of those kinds of solicitation sites. We then set the external and internal interfaces and then do the routing. In the some of those locations we use the WatchGuard as a DHCP server, so we set that up as well. The rest is all pre-configured.

We have had two-year deals in the past, but recently we decided to go with annual. The cost was somewhere in the vicinity of $2,000 to $3,000 for each one, depending on if they had a special at that time or if they were doing an in-place upgrade or with the same router.

They figured if they were going to get something different then it would have to be something very user-friendly for the administrators, because I'm the only one who is certified to work on Cisco. We evaluated the Barracuda NextGen Firewall. We also looked into Juniper and the Meraki firewall, because all our switches are Meraki switches. 

But we decided to stay with the WatchGuard. The prices were a little bit better than Meraki and, since everything was pre-configured, to upgrade to a newer WatchGuard all we had to do was just save the config file and upload it to the new one, and that was the end of that.

Educate yourself. Read documentation and watch videos online. Since the administrators are going to use it, they should educate themselves on WatchGuard. Keep a cheap, old box for training. I train my administrators on an older box and I give them a network to train on.

We have been attacked with ransomware in the past, and it was kind of disappointing because, when I talked to Cisco support they said that they recommended purchasing end-point protection with a ransomware interceptor, so we ended up getting Sophos. So alongside the WatchGuard, we have Sophos' ransomware interceptor and end-point protection. We use them, on top of the WatchGuard, as a secondary line of defense.

It has been smooth sailing as far as the product itself is concerned. That's why we keep renewing it. We either renew it or we upgrade to the newest version if they have a special. We also use it for Hot Standby. It's been good.

It's our primary edge firewall at the home office. We have two M470s running Active-Passive. We have about 100 users in total here. Everything runs through the firewall, so the users run the gamut from analysts to accountants to executives.

It protects us from viruses and intrusions.

It has also saved me time, about an hour per month.

The most valuable feature is the ease of use of the interface. The usability is good. It's a firewall, it does its job and it does it well.

The throughput also seems to be good. I don't have any issues with throughput.

The management features are good.

The reporting is a little on the weak side. I would like to see a better reporting set and easier drill-down options.

I've been with the company for a year and they were already on WatchGuard when I got here.

The stability is good. It runs well.

I haven't had reason to scale it. It's the edge firewall and it's used extensively. We're a pretty small environment with a couple of hundred devices.

We pay yearly.

It's just me who is responsible for deployment and maintenance of the solution.

We use it both for VPN tunnels and as a firewall.

Our company runs group homes. There are 140 or so sites and employees are traveling to those sites on a daily basis. They use the VPN tunnels going back to the main office to access the file servers. We also have about 12 remote locations connected by WatchGuards on both ends to create a VPN tunnel, with SD-WAN to allow traffic to go between those two sites, both for the file servers and for the phone system.

It gives us a higher sense of security. There is an easier workflow as well.

I estimate that 50 percent more users use the WatchGuard VPN than use the SonicWall VPN tunnels. Those users are able to work on documents out of the site or increase their workflow and do work while they're onsite instead of doing it later. It saves us a couple of hours per person per week.

Once it's set up, we don't have to touch it that much.

We enjoy its usability very much. It's very easy to use, especially compared to similar products. A lot more users use the WatchGuard appliance now than use the SonicWall appliance because of the ease of usability.

As long as you're using the correct model, since different models have different numbers of allowed tunnels, the throughput is enough.

In terms of management features, we have a Dimension Server set up. It's nice to be able to see where people have gone to and when they have gone there. Overall, the solution makes it easier to manage on my side. Setting up new policies, new devices, and setting up tunnels to the current devices, is easier.

The firewall secures the external perimeter.

There is a slight learning curve.

Beyond that, the only issue we've had in the past two or three years had to do with the number of current tunnel connections, and that was just an issue with our size of Firebox. We got a bigger Firebox. The old one was able to handle the load. It was just that we ran into a licensing issue. We had hit our number of concurrent tunnels. We have a lot of tunnels with the phone system. We have tunnels to and from each site for the phones to be able to talk. It was a little bit of a surprise when we came across this situation, but it's present in the documentation.

It didn't take us long to figure out that that was the reason we were having an issue. It was just our not having the forethought to make sure that what we had was able to expand to meet our needs.

We've been using WatchGuard Firebox for about eight years.

Stability is excellent. We've had no issues with the firewall going down because of the Firebox.

We haven't run into a scalability issue yet. There are over 1,000 employees including several hundred office staff. There are 20-some sites that we have connected. We had to step up to a 470 for the current VPN connections, but as long as we're on the right size Firebox, everything goes pretty well.

Whenever there's a new office site coming up, we typically add a new Firebox. We're looking at putting more Fireboxes in all of the group homes, so that's probably going to be 115 more deployments in the coming years. We plan on continuing to use it, but I don't see any issues with expanding.

We don't work directly with Cisco tech support. We work with a third-party company to handle support that we can't figure out.

We used SonicWall Next or Dell. 

The setup is pretty straightforward. It takes 15 to 20 minutes per box. We have to set up current tunnels and get a static IP address at the sites where we're putting the boxes. It requires one person for deployment and there is very little maintenance needed.

Deploying it to distributed locations is a matter of setting the Firebox up. If it's a replacement Firebox, we set it up with the same policies and ship it to the location. They can take it, unplug the old wires from the old box, put the new wires in, turn it on, and it's up and going.

There were other options. We took a look at Dell but this was the best one at the time. The usability and setup of the WatchGuard were better. Also, the maintenance was very minimal. It's almost nothing.

The other solutions had their features that were nice, but there wasn't anything that really drew us or made it stand out from WatchGuard. We're pretty happy with WatchGuard right now.

There are updates pretty regularly. There haven't been any big changes over the past few years. They've kept working, rather than taking steps backward or making things harder.

We use this solution as an edge firewall and layer-3 routing internally.

This solution has provided ease and speed of rules. It has unparalleled troubleshooting with excellent reporting.

The most valuable features of this solution are live logging, rule setup and maintenance, and VPN creation.

We would like to see granular notification settings and more advanced filtering in traffic monitoring.

There is not a product that compares to this one.

Our primary use case for this solution is traffic management.

When the system recognizes that we are using something like VoIP, Skype, or Cisco Video Conference, then one can adjust the bandwidth. For example, we have it set so that VoIP has a limit of 120Kbps (Kilobits per second).

The most valuable feature of this solution is traffic management.

We like the diversity of categories for blocking and allowing traffic.

This solution is very easy to manage.

There is no message displayed for the user on the desktop informing them that access to a web page has been blocked by Application Control. Because of this, the administrator has to check the logs to find out. It would be better if the user could call the administrator and explain that the page has been blocked by Application Control, and give the details, like the category and the reason, at that time. In the Web Blocker module, you can define a message that is sent to the user on their browser.

This solution is very, very stable. We have never had a hardware failure, but the solution does require maintenance. You have to tune it because as more applications are developed and enhanced, there are new categories or applications that you have to allow or to block.

We use this solution on a daily basis.

This solution is scalable but within the limits already set by WatchGuard. You can edit categories but you cannot add a new category by yourself. Rather, it is a feature request. I would say that the main categories that are available at the moment are enough, but if something is missing then you cannot add it.

Every department is using this application, and each of them has a different configuration. For example, the sales department configuration is different from the management department, which is different from the service department. The Marketing department has to have access to social media, but the service department may not need to, and it might not be allowed because it can lead to wasted time.

We have approximately fifty users.

The technical support for this solution is prompt and very, very friendly.

The only issue that we have had is when a strange error happens that requires third-level support, we have to contact Seattle in the US from here in Germany. With the time difference, it means that it takes twenty-four hours to get a solution. That is just when we call. When we email, there is no problem with time difference because they have twenty-four-hour support that is not dependent on Seattle. It comes from India or Asia or somewhere else.

Prior to this solution, we used SonicWall, which was owned by Dell at the time. We switched to this solution because the configuration is more intuitive for the users. You can choose the GUI, or instead, as we prefer, you can use the WatchGuard client. With the client, you can do things like making an evaluation.

The initial setup of this solution is not complex because you can only choose certain options or categories. You have to mark the whole category, for example, business communication like Skype, Cisco Tandberg, or Microsoft Teams, or have it choose on its own. After the category has been chosen you mark the options that are allowed. You specify what is blocked and the traffic management options such as reserved or guaranteed bandwidth. At this point, it is only checkboxes and a start button.

It is very easy, but you have to tune it because sometimes things are blocked and they should not be.

Our deployment took approximately one hour and three people were involved.

Own our team handled the deployment and configuration.

You need to have one technical specialist to enter the configuration, but you also have to involve the departments. Each department manager can specify which categories are allowed, which are blocked, and perhaps the level of bandwidth that is required for each category in their department.

One person is required to maintain this solution, although there should also be a spare.

I would suggest that for mid-size companies of say one hundred users, you should choose different configurations. For example, Application Control group one, group two, group three. It could be a management group with more bandwidth and has fewer restrictions. Then ordinary users have more restrictions so you can give them a different configuration. You can specify the levels of restrictions, and in what categories. I feel this is something that is very important.

The only dynamic is increasing categories. If a department calls and says that they cannot access a particular webiste then the admin will check the logs to see why not. It will show the category, and the admin will have the choice to allow the whole category or just a single website. Social media might be a category where we do not allow sites like Facebook, but we do allow LinkedIn. In this case, the Social Media category is blocked but there is an exception checkbox for LinkedIn.

My advice for anybody researching this type of solution is to compare this with other products. The manageability in WatchGuard is very easy. I know other solutions and they are more complex and there is no traffic management capability included.

The biggest lesson that I have learned from using this solution is that things are dynamic. The internet is constantly growing, along with the categories. Startups like Zoom have a VoIP, so you would have to manage this application. The configuration is not static. It is dynamic, like everywhere in IT. You cannot just install it and leave it.

I would rate this solution a nine out of ten.