WatchGuard Firebox Reviews

The primary use case of the Firebox mainly revolves around bandwidth management, unnecessary web blocking, application control, and protection against brute force attacks. It is also implemented for load balancing, SD-WAN, and branch-to-branch connectivity from one location to another. We also use it for securing access through VPN and enforcing network security policies.

The WatchGuard Firebox has helped in securing our network by implementing a strong firewall with various features like VPN support, gateway antivirus, and application control. It has aided in preventing brute force attacks and managing our bandwidth effectively.

Some of the most valuable features of the Firebox include web blocking, application control, protection against brute force attacks, load balancing, SD-WAN, and VPN support. These features help us manage and secure our network efficiently.

One area for improvement is the limitation in the product portfolio compared to competitors like Fortinet, which offers a broader portfolio including Authentication, VPNs, FortiMail, Sandbox, and Email Security. WatchGuard's focus on UTM solutions may not meet the needs of all enterprise customers.

We have been using the WatchGuard Firebox for approximately five years.

The stability of the WatchGuard Firebox can vary depending on the customer network environment. The performance and latency may differ from customer to customer and infrastructure to infrastructure.

The scalability of the Firebox depends on the specific model and the number of concurrent users it can support. Different models offer different VPN capacities and can be tailored to fit the needs of various sizes of organizations.

Customer service and support are not explicitly mentioned in terms of rating, but overall feedback seems positive.

Positive

I have previously used various solutions including CyberRooms, Sophos, Fortinet, SonicWall, and other competitors. We largely switched to WatchGuard to integrate their UTM solutions and later their acquired endpoint security portfolios.

The initial setup of the WatchGuard Firebox is straightforward and time-saving. It is designed to be user-friendly even for those with basic IT knowledge, making it easy to deploy and manage.

Implementation can be done by internal IT teams. WatchGuard also provides support for implementation, ensuring that the configurations are appropriately pushed as per the model and requirements.

WatchGuard offers cost-effective solutions, especially beneficial for economically-constrained customers. Pricing and discounts are deal-dependent and vary based on customer requirements.

We evaluated multiple products, including Fortinet, SonicWall, Sophos, CyberRooms, and various others in the market.

To maintain the efficacy of the Firebox, it is crucial to renew the subscription to get security updates and additional support features. Ensuring the subscription is up-to-date is necessary for ongoing product support.

The solution controls who can connect to the Internet and who cannot and which protocols and services are allowed to pass through. It manages VPNs, including back-office VPNs. It also provides web-blocking features for users who want to restrict access to certain types of content.

Compared to competitors in the same segments, WatchGuard Firebox is an excellent firewall to implement.

WatchGuard Firebox offers DNS protection along with geofencing features. Additionally, the SSL VPN combined with multifactor authentication is excellent and a standout feature. 

The product is expensive. The pricing could be improved.

WatchGuard Firebox offers various models, each designed to meet different needs. While it's true that the models share many features, consolidating the lineup into fewer models could be beneficial. For example, they could have distinct models for small, medium, and large enterprises, each capable of scaling according to the number of users or throughput requirements. This approach would streamline their offerings, making it easier for customers to choose the right Firebox for their needs.

I have been using WatchGuard Firebox for 25 years.

The solution is very stable. I rate the solution’s stability a ten out of ten.

The solution’s scalability is good. 20 customers are using this solution.

I rate the solution’s scalability an eight out of ten.

WatchGuard support is highly effective. They maintain an excellent support and help desk service.

Positive

Once, I had to connect with a Cisco device on the remote side, which also went smoothly. It was between a customer and a third-party firm conducting business with my customer. They needed to establish a connection to their Cisco Firewall, and the implementation process was as smooth as setting up the back-end VPN.

The initial setup is straightforward. A simple installation for a small business takes about four to six hours. One IT guy is enough for the deployment.

I rate the product’s pricing an eight out of ten, where one is cheap, and ten is expensive.

The solution is transparent and easy to set up and maintain. 

WatchGuard Firebox has always been very effective for many customers who use Firebox to connect their remote sites. Additionally, many customers log in to a Firebox using the WatchGuard Mobile VPN with multi-factor authentication. This setup has proven to be very stable, high quality, and easy to configure.

Customers find WatchGuard Firebox to be an expensive solution, but some of them recognize its necessity. However, some customers initially fail to see the need for a firewall. Yet, when it comes time for renewal, after a year or three, they begin to understand its importance, often aided by a chart explaining its benefits. Just like a car requiring periodic servicing, a firewall also necessitates attention.

I recommend WatchGuard Firebox to others because it's a very good product. Firstly, it boasts numerous nice features. It's straightforward to implement, maintain, and understand. One particularly appealing feature is the real-time traffic monitoring.

Overall, I rate the solution a nine out of ten.

We primarily use WatchGuard Firebox for security and connections. It's a web and endpoint, and we have different connections to associates and customers through internal networks, which is a big part of it.

The performance has been satisfactory for all of them, and I appreciate how it simplifies configuration. While it does require a certain configuration process, once completed, it works seamlessly. Personally, I find the ease of configuration to be the most valuable aspect of this product.

We're primarily using the on-prem version, but we do use the cloud-based version a little bit as well. When I was with my previous company, we had many customers with WatchGuard devices, and the cloud-based services were quite good. One feature that I really liked was the ability to configure settings and push them straight to the cloud, which made it easier to distribute them to different firewalls.

One thing, which I have been finding a bit annoying, is that it's too dependent on the Windows operating system. The configuration systems and software required to access WatchGuard always run on the Windows system. As my workstation is Linux, I need to have access to Windows to use WatchGuard. It's a little inconvenient for me, but it's not a big issue. For me, that's the most annoying thing, and I would like it to be more Linux-friendly.

In the next release, I would like to see better software and configuration systems that could also be used on Linux.

I've been using it for about ten years. We are using the latest version of WatchGuard Firebox.

It's been a rock-solid solution with no issues. I would rate it a ten out of ten. The WatchGuard Firebox has been a reliable and stable solution for us. Only once in the ten-year period did we experience some issues with the product, but practically never any issues with the solution.

It is a scalable solution. I would rate it a nine out of ten.

Overall, there are around 50 to 70 users using WatchGuard Firebox in our local office. There are also people using this solution in our head office in other countries.

The customer service and support team was good.

Positive

I have used some SIP (Session Initiation Protocol) products and some Cisco products. But very little. Because most of the time, I use WatchGuard Firebox.

In the beginning, around ten years ago, it was a little bit challenging. However, the support was excellent in Finland, where I am located. The team who worked there provided good courses, and now, everything else is much more straightforward to install than before.

They are so easy to configure, from the littlest firewall to the biggest one. That's very good cohesion in the whole lineup of devices. It's easy to change the model if you need more performance, and you can easily change the hardware. From the very small five boxes to the bigger ones, it's easy to change the model if you need more performance. When you purchase the WatchGuard Firebox, you usually get the software with the option that the new hardware comes with.

course, it takes longer if you want to modify everything to ensure that your email gateway is working as it should and your VPN tunnels are set up properly. However, it's still very fast. So, I just quickly put the network cables in, and it starts working. But, of course, it's important to get everything working correctly, which takes some time, not because of the WatchGuard Firebox, but because you need to put every server you'll be using in working order and ensure that everything is working well with the firewall. It takes time. But once everything is set up, it's good to go.

In a new installation, it will always take time to get everything working as desired. There will always be something that needs to be done and different things you may want to enhance. But, with WatchGuard Firebox, you can get it working very quickly and then modify everything later.

Usually, we have two people for maintenance because there are usually other things happening at the same time. When we know that we need to do something bigger for the firewall, we exchange the hardware for a better or newer one or do software updates. The big picture of software updates is made in stock. So usually, one guy maintains the firewall, another update the servers, and they oversee the maintenance and anything else that needs to be done. The job role of the maintenance team is IT administrator.

We usually keep up with the support subscriptions and usually make a three-year contract or buy a 3-year subscription. And then, it's time to update the hardware at the same time. Our size of the firewall has been from €5,000 to €7,000. I don't exactly remember the price, but that size of hardware was what we needed.

I would definitely recommend using WatchGuard Firebox. Overall, I would rate the solution a nine out of ten.

The primary use case is it is a firewall solution. One of the major selling points was that WatchGuard does adapt in real-time as new threats are discovered, and they push out fixes in real-time.

A lot of our servers have been migrated to the cloud, so it is really our primary solution right now.

One of the things that it has done is we have been able to start cutting down on extraneous web traffic. We make sure that our bandwidth is being used for business functions rather than for downloading or streaming media files.

It very much simplifies my job. Before we got the WatchGuard solution, I was doing everything on a per machine basis. All of the security, firewall, and port security had to be done on the front-end before anything could go out. This could take hours to days depending on the system being used, and then it would have to be in the IT department getting provisioned. Now, the provisioning goes more toward what types of software are needed. We have it completely unified across locations with a security standard through the WatchGuard systems due to the roles that we've set up for the organization. We just set the same roles in place, then we are able to ensure that everything is uniform across all locations.

Productivity, especially within the IT department, has increased due to the time that we used to spend on each machine can now be spent on the network level. This allows us to turn our attention to other tasks, such as creating in-house systems, so we can roll out changes faster and be more responsive to the needs of our business.

One of the most valuable features is the Geolocation. Because we aren't a multinational corporation, it allows me to look at things which might be suspicious to make sure that they are legitimate transactions rather than people sniffing around the network.

I have found the reporting and management to be pretty useful a lot of times. When the reporting did come up short, it was due to a configuration error on my part. Anytime that I've had to look up historical information, I found that everything I have needed has been there and it has allowed me to piece together what happened.

We do a lot of work with cloud-based and Internet-based vendors. A lot of times when we are on the phone with them, I find that it is a bit more technical than they are used to when we are trying to set up specific exceptions to the firewall. We ask for the ports that it's going to use or the block of addresses that they're going to be going from. A lot of times the only thing that they have for us is the web address that they want me to whitelist. Unless I'm missing that functionality, it seems like it is looking more for those technical data points, essentially. A lot of times, I'm running into a problem where there's a lack of give and take between WatchGuard and me. We get it figured out eventually, but it would just be nice if there was a way to say, "We just want to whitelist this address."

It is a very stable solution. 

Once we had it set up the way we wanted, it seemed to be running extremely well.

For deployment and management, it's just me along with the reselling group (POA).

We have not reached any scalability issues, so far. We have used it in clinics as small as a few practitioners and ones that have more than 30 providers. We have never experienced any issues with the product slowing down or failing in any way.

There are five different users, I'm the main power user of it, and I essentially set up the rule sets and work to ensure that the system is delivering what is needed. The other users are more of administrative users who are viewing the web traffic within their own departments.

So far, I haven't needed to go to the solution's technical support.

We were just using on system firewalls. We were getting to the point where we needed to consider a network-based solution of a physical firewall. WatchGuard came highly recommended from our consultants when we partnered with POA.

At first, I did the guided set up where I chose the rules of what to block and what not to block. That was fairly simple. There are a few things that I had to go in and change. That took me a little bit of time to figure out. Overall, it was pretty simple. 

When logging in and registering it, I did run into an issue where I had to spend about an hour reading to try and figure out why I couldn't activate it. I contacted my reseller and they helped me with it.

The deployment took about two and a half hours.

Implementation strategy was more about my bosses wanting to get in, then set it up afterward. It was more about let's get it in place, get it working, and then we'll lock things down as we need to.

We have hubs in multiple locations. Our strategy for implementing these was once the first one was installed in our main location, then we had the role set up the way we wanted it for the entire organization. We used that to order additional Fireboxes and took them to our other locations. Those were preloaded with the same role sets and put online.

We used Pacific Office Automation. We had a very good experience with them. With the few bumps in the road that we had following the setup, we called them. We let them know what was going on and they helped us resolve the issues quickly.

It saves a lot of time. On a weekly basis, without having to do a per machine basis, it probably saves me about three and a half to four hours a week.

I think we might be subscribed to one or two of the premium features.

We were evaluating a Cisco solution as well. 

Take a look at the needs of your business and how reactive you need to have your firewall solution be. One of the major selling points for our corporate board was: As new threats come up, WatchGuard is constantly taking the information coming in and looking for a solution, then pushing it out. That was one of the major selling points for us. The field that we're in takes security very seriously. We wanted to make sure that we were protecting our client's information. When it came down to it, that was a major selling point for us.

There was a bit of a learning curve. Once I was in it for about a week or two, I found it simple and intuitive to use.

With the throughput, the only issues that we found were at the very beginning, and that was due to a misconfiguration on my part. There hasn't been a noticeable change in slow down from the throughput the way that some firewall solutions might cause. Now, my end users don't even realize that it is there.

We are not using the solution's cloud visibility feature.

Right now, we are on the base usage. It's a firewall solution for us and we haven't really had the chance to dig into the advanced features that much. I plan to expand how we use it in the future, as time allows.

I'm very happy with it so far. I need some more data points to really firm that up. However, at this time, what I'm basing the eight (out of 10) off of is the ease of use, the ease of setup, and its learning curve. Once you learn how to use the system, it is very well-organized. It does save us so much time. The drawbacks are just sometimes not having the technical information that we need in order to easily make connections with all of our Internet-based clients, but we can put the work in and still get it done.

We use the solution as an internet gateway. With its help, we can establish the connection between our company's HQ and branch.

The solution provided us with site connections and internet policies.

The solution's valuable feature is its pricing which is better than other competitors.

The performance of the solution's processor needs to be faster than other vendors. Also, it is time-consuming to configure it whenever multiple policies are involved. This area needs improvement as well.

I have been using the solution since 2012.

The solution is highly stable. I rate its stability a nine.

We have around 200-300 solution users in our organization. I rate its scalability a nine.

The solution's technical support is excellent.

Fortinet is faster to configure and access policies than WatchGuard.

The solution's initial setup process was simple, as I already have experience using it. It takes a month to complete. The process involves setting up the solution in a lab. Later, deploying it in a production environment once it meets all the configuration requirements.

Initially, we took help from a third-party vendor to deploy the solution. Afterward, we did it in-house. It requires three to four network administrators for deployment and two network administrators for maintenance.

The solution is worth buying.

I rate the solution's pricing as an eight.

I rate the solution as an eight. It offers more variable license bundles and has high availability than the other products.

The primary use case is protection for my network from external access. We also use it for some VPN, but mostly it's for protection. It's mixed usage on about a dozen different connections, a dozen different workstations, and access points.

I don't really worry about individual workstation security as much, anymore. I can depend upon the firewall to control incoming viruses, incoming attacks, bad port usage.

It simplifies my job because I don't have to worry about it on a day-to-day basis, the way I otherwise would. I'm not checking and monitoring each workstation on a minute-by-minute basis. I can check what's going on with the firewall and see how it's being used and where, and if there are any things coming through the logs.

I've built my process around the WatchGuard. I can't say it has saved me time because it's become the defacto process. I don't have anything against which to compare it.

• Intrusion Prevention is my primary focus so that's what I find most useful. The why is straightforward: It's to prevent intrusion.
• The usability is pretty good. 
• The throughput of the solution is also pretty good. I think there is some throttling that occurs.
• It provides me the layered security I need.

There are some features I'd like to see, although they are not standard in any of the products in this class; for example, better monitoring.

I'd like to have better access to workstation monitoring, connection monitoring, and the amount of time an address is being used, to better gauge proper network utilization. If I knew that something was connected to a particular external location for an extended period that seems abnormal, I'd be able to act upon it. It comes down to overall monitoring and reporting for the class of services that I have.

The solution's reporting and management features, based on what I have, are fair. I'd like to see an easier way of managing, controlling, and viewing usage at an IP-address-based level.

It's very stable.

WatchGuard's product line is very scalable, but this particular product is not.

Technical support is pretty good. The online knowledge base is usually the best way to go. But I have had some telephone support as well.

I had been using SonicWall for about ten years. I got a little frustrated with them at around the time that Dell purchased them. The WatchGuard UI is easier to manage and easier to work through. I ultimately became dissatisfied with the service and ongoing costs of the SonicWall devices.

The initial setup was straightforward. They walked me through it. I have enough knowledge to be able to walk through the setup and then tweak it the way I need it. I was able to find anything that was unusual, pretty easily, on the web.

The initial deployment took under an hour. I've spent dozens of hours tweaking it over the years, but nothing out of the ordinary.

The implementation strategy was to set up something that allowed for VPN access, to grow VPN access, and that would protect my workstations against viruses and attacks, as well as my servers. The goal was to simplify everything with one box.

For deployment and maintenance, it's just one person who handles the network, and that is me.

I did it myself.

I'm not sure I could establish a numerical return on investment. It's mostly peace of mind. I could probably do well with a lesser product, but I'm afraid a lesser product would provide significantly less protection.

It costs me about $800 a year. There any no costs in addition to the standard licensing fees.

I looked at some Cisco products. I only upgraded to this latest T35 last year, from the previous WatchGuard item. I also looked at SonicWall and a couple of others.

It's used extensively. Do I plan to increase usage? If I can get better reporting, perhaps. But it's fully deployed and static at this point.

I would rate WatchGuard a seven out of ten. A perfect ten would come from lower costs for small installations for the service licensing, and improved reporting. And maybe some better awareness of what it's capable of doing. It's hard to figure out what I could do. That's a big thing. It's hard to figure out what is possible. What am I not taking advantage of? I've tried to work with people on that, and that's the biggest thing.

We use it to keep people out and we use it for a VPN.

The only thing that we care about is that we're kept safe from any attacks. That is important. The VPN is very secure and that's of huge importance because we have remote users who depend on it to do their jobs. So that's crucial.

The improvement it's provided is to our security. We don't have issues with rogue access, with people coming in here, or having access to our, data who shouldn't. That is huge, of course.

The solution simplifies my job. I don't even have to think about it. Everything is set and I leave it alone. And it just does its job. I would estimate it saves me at least 20 hours a month because I don't have to worry about things. It's set and it just runs.

WatchGuard has increased productivity because our VPN is stable. It's up. It doesn't go down. We used to have an issue with remote connectivity but that's no longer a problem. Having a VPN is very big for us.

• We have firewall policies in place to keep safe from malware and we rely heavily on it for our secure VPN.
• In terms of usability, the web interface is great.
  
• The throughput is great. It's perfect. We have no issues whatsoever.
• The management features are very powerful, although I don't use the reporting features at all.

The software base, the management piece that goes onto a server, is not as user-friendly as I would like. There are three different pieces that you have to manage, so it's a little bit convoluted, in my opinion. For people who use it all the time, it's great. But I don't use the management interface all the time.

Overall, it's powerful enough, so that is something that we can overlook.

It's very stable and it meets our needs. The stability is huge. It's rock-solid.

It's been able to handle anything we've thrown at it so far. We've never had an issue.

We upgrade as the models we have become obsolete. We upgrade to newer ones and they're usually on a three-year rotation, which is fine for us.

I haven't had to use technical support very often, but when I have they've been great.

We tried a software-based solution. I don't even remember what it was now.

The initial setup wasn't too bad. We didn't have any problems with it. It took a couple of hours.

We planned ahead of time, put the policies in place on paper and then tested them out. We then went live with it and fine-tuned it as necessary.

Our reseller helped with deployment. Our experience with them was great. We still use them.

We pay about $3,500 every three years. There are no costs in addition to the standard licensing fees.

We looked into offerings from Dell EMC, from Fortigate, and Cisco. But it was just going to be too much of a nightmare.

Rely on your vendor.

For us, it's in use every day. it's 24/7.

We're not using the solution's cloud visibility feature. That's something you have to pay for, and we haven't. I would love to, but there's a wireless piece and it's just too expensive. They have a wireless product that integrates perfectly with the WatchGuard appliance. But that's just not a reality for us because of the cost of those appliances. We would love to but just can't.

In terms of users, we've got about 15 people worldwide. They do support, testing - all of them use remote access. And then we have our internal users as well. It keeps us safe internally and our remote users are able to work with a reliable connection. It's very reliable.

I'm the only one who manages the firewall. If I need any help, there is a local vendor that helps me out as well. We're a small company but it's been great for us. I'm not that technical but I just know it works.

WatchGuard is a ten out of ten for me, because of its reliability.

Intellectual Property protection for our and our clients' data.  We strategize for deployments of new products into Federal and State healthcare formularies.

I discovered the WatchGuard T-70 could still keep the data near the 1 gigahertz data speed, without compromise on the security perimeters being active simultaneously.  I got that information through my subscription with IT Central Station.  The WatchGuard T70 does not come with WiFi capabilities, offering flexibility for what WiFi devices you prefer.

Default set-ups found on the WatchGuard site and via YouTube are very helpful - the screen for set-up and adding additional features are lists with checkboxes.  Understand what you click before you do so.

The set-up and additional feature screens are old in design and very granular.  You have to know what you are doing.

Stable - However, you need to add APC/UPC battery back-ups to avoid power outages/surges that will mitigate your time for trouble-shooting post-power outage.

Yes, I had a positive experience with tech support.

I previously used FortiGate. I moved from the FortiGate brand on account of when you turn on all of the FortiGate capabilities (80-C & 90-D), the protection is active but your data speeds drop significantly.  We had a Verizon FiOS fiber optic true gigabit subscription.  I noticed data rate drops as our 3rd party support team also noticed.  Upon system review, the function of the reduced data speeds was the Fortigate capacity.  We were literally locking up where we couldn't communicate. So, I went with the WatchGuard XTM T-70.

Go to the WatchGuard site:

>enter the model and serial number of your device

>That loads the site automatically with the provisioning apps, firmware updates and other system checks relevant for that device

> The set-up is nearly automatic

> Once the firmware is updated, the device reboots

> Drill into the site for additional steps and additional software you can activate - you have to know what they are talking about to understand which checkboxes to click and why.

> You can reference the YouTube "JSCM" for extra support and background helps that go beyond the WatchGuard site. 

No vendor team and no "in-house" beside myself.  We are a company of under 30 people, I am an IT dept/System Engineering staff of 1.

I have far less ( 50-75%) less admin time trying to figure out why our system is so slow.  That's gone.  The admin screens are informative, especially the Dimension application, reducing your search time for the information you need to assess what your users and network are doing.

If you are experienced, I can recommend the T70 set-up with minimal support and reference.  Since I am relatively new as a systems engineer/IT design, I have had to reference a lot of online sources and hire an expert familiar with the WatchGuard line of products to help shorten my learning curve and get the system up and running quickly.

Yes - SonicWall, Baracuda and Dell.

When considering a solution like this:

> not only putting data security at the top of my list

> user convenience as the second consideration.

If there's anything extra that I have my users do, I have to really look seriously at those trade-offs.