WatchGuard Firebox Reviews

WatchGuard Firebox is our edge firewall.

Currently, we are using the M470 and we have used many models in the past.

The solution provides our business with layered security. An example would be the intrusion protection on anything that is internet-facing. We host our own mail server and I regularly see that WatchGuard has swatted away attempts to get in from bad actors. I have to have that open because people have to connect on their cell phones. Obviously they have to send and receive mail. So I sleep a lot better knowing that something is watching the few things that I do need to present to the internet. I feel much better having something protecting and monitoring all traffic that passes through.

We have an interesting environment. There is actually a completely separate computer domain, an entirely separate network that belongs to a regulatory body. We work at a casino and our gaming commission has to be able to get into some of our systems and monitor some of our activities. Obviously we don't want them to just plug directly into our network, so we have created a DMZ where they can come into our network via the WatchGuard. That way, I get to see all of their activity as well and monitor what they can get to. We give them access to what they need and nothing more.

The solution also simplifies aspects of my job by having automated reports generated weekly, for review. I like the fact that they get delivered and I get to see the actual metrics of what the box is doing. The reporting features reassure me that it is working.

In terms of saving time, I have used Cisco firewalls in the past and I would say that it is easier to construct policies with WatchGuard than it is in Cisco, particularly Cisco's ASDM (Adaptive Security Device Manager). It probably takes about half the time with WatchGuard. Usually we're just modifying something, adding or removing somebody from a web blocker category. It's very easy to maintain.

As a casino, we have one site and that's it. There are no mobile workers. We usually don't have any remote access and we don't need collaboration tools because we all work in the same building. But now that we're trying to get some people to not come in [due to the Corona virus situation] and we're running on a skeleton crew, we are able to maintain productivity by leveraging the native VPN clients and access provided by WatchGuard. We didn't have to buy anything. We had all the infrastructure ready to go and then I slapped a policy together last Tuesday and we've been using it ever since. It was very easy.

• One of the most valuable features is the Gateway AntiVirus. We scan all traffic as it's coming through.
• We also use spamBlocker to scrub spam.
• We use content filtering, which is critical in any corporate environment to make sure that people don't surf things they're not supposed to.
• WatchGuard has a very easy VPN and branch office VPN setup, so we use those pretty extensively too.

It's very easy to use.

And our internet bandwidth does not exceed its throughput, so it is probably still a little overbuilt. It's definitely not a bottleneck. There is no problem with throughput.

In terms of performance, WatchGuard has always worked well for us. We've gone through about six different models in the last nine years, not all at our primary site. We had a couple of satellite offices that were using smaller models. They have all worked very well. There was only one time that we had a performance issue and it turned out that it was due to a hardware replacement being required, and that was handled expeditiously.

Regarding the reporting, I was in the Dimension server earlier today. It's very powerful. I like it. And the management features are easy to use. I like the fact that I can open up the System Manager client or I can just do it through the web if I'm making a quick change.

WatchGuard could be a little more robust in reporting. I get requests a lot to figure out people's internet traffic. We want to know what people are doing when they are on the internet. There is still a little bit of fine-tuning that can be done to that process.

I took over the admin role here back in 2011, so I've been using it for close to 10 years.

It's very solid. We don't reboot it very often and we don't seem to need to.

We went from a single appliance to a high-availability cluster, just last year. Managing the cluster is just as easy as it was to manage one unit.

It is doing everything we've asked of it so far, but we do plan on increasing usage. There are a few features that came out last year or maybe a little bit before that, features that we want to start using, such as WatchGuard's DNS. That will make sure that we're not asking for any bad players. At the moment we're still using Google DNS. And we haven't rolled out the endpoint security that came with it, but we are going to start using that as well.

I've never had to use their technical support. I've only used their online help. I've been able to find everything I need in the forums and the Knowledge Base.

The initial setup is straightforward. The wizards walk you through it, and I have found an answer to anything that I've ever had a question about in the Knowledge Base online. I don't think I've ever had to call for support personally. The documentation is awesome.

As for setup time, I usually have traffic passing through it within an hour or two. 

I know what traffic I want to allow out and I always start with just the stuff that I need to. I always start with the most restrictive, as far as policies go. The first thing I do is get rid of all the Any-Any rules and then I start locking it down. I love the way that it integrates with Active Directory. I base my internet usage and my web blocker policies on Active Directory security groups, and I can have all of that stuff set up ahead of time before I ever get ready to roll out the appliance itself.

Back in the day, we used to have a warehouse. We used to have a uniform shop that was offsite and I was responsible for setting up the tunnels of those sites. We recently relocated some administrative offices for the tribe that owns the casino that I work for, and we decided when they were moving that we would upgrade the firewall that they had. We purchased a WatchGuard so that it would be manageable, because we were already familiar with it from using it at our site. We dropped it right into place and I had traffic passing through it within minutes. I was done with it, doing all the other rules, within a couple of hours. I was onsite for all of those. I've never preconfigured one and then sent it out into the wild.

We use Variable Path, out of San Francisco. Our rep is Jason Chang. Our experience with them was very good. I would recommend them.

It's hard to measure ROI. But I've never had to go in front of upper management and tell them that we were breached. That is probably the conversation I would least like to have with them.

Otherwise, regarding return on investment, having the infrastructure already here and having more capabilities than we're using right now allow me to react very quickly. As I said, I was able to get some people working from home last week. It literally took us a day from going from zero people with remote access to a core group of about 12 people having remote access.

Getting a WatchGuard for the first three years pays for the hardware. I think it's cheaper to keep doing hardware upgrades at every software renewal, rather than just pay for maintenance to keep a piece of hardware going. I usually tell people that it's really affordable as well, particularly compared to Cisco.

In addition to the standard cost, we usually get the Total Security Suite. We go top-shelf on all of the subscription services.

WatchGuard was brought in by one of my predecessors. I left this company for a little while and went to go work for a credit union, and that was a completely Cisco shop, so I got to experience both of them at different times.

I don't think I've actually used anything other than the Cisco ASA. With the WatchGuard it's easier to create policies, that's for sure. I like the flexible stability of being able to leverage objects in Active Directory. I also like being able to not have to create all my policies using IP addresses, and that I can actually do web domain name lookups every time. That's very handy for large, distributed stuff where you have no idea where the actual source is going to be coming from. The cloud bounces traffic from all over nowadays. So crafting rules with fully qualified domain names, FQDN, is definitely something that I did not have in my Cisco ASA.

The Cisco was a little less confusing and more straightforward. It didn't do all of the things that the WatchGuard does, so in that sense it was a little bit easier to understand. That is particularly true once you start getting into proxy actions and setting up: "Okay, cool. Once this rule gets triggered, what actions have to happen?" I do know a few people who use WatchGuard and they still have to get assistance when they look at that. So I would file that as a con for WatchGuard. Proxy actions can be a little bit complicated.

Invest in some Professional Services. Although you can absolutely pull it out of the box and deploy it — and we've done that before — it's always good to have somebody that you can ask about best practices and run a few scenarios by them. We ended up purchasing four Professional Services from our local reseller. It was good. Although they didn't really provide any answers, they were there to say, "Oh no, you're doing the right thing." It was more reassurance than anything. But I would definitely recommend springing for some Professional Services. That will make the whole process go a lot easier.

A small subset of my staff, maybe three or four people, is involved in deploying and maintaining the solution. They're all IT administrators.

We have a web server on the optional network. Then, on the trusted side, we just run all our computers out through the Internet. We don't do anything too elaborate with it.

We do have some technicians and some design center salespeople who call in. This is best usage that we get out of the solution.

We don't host our website internally anymore. We used to host our website and it did help with that, getting everything set up. We have just recently removed that and gone to a third-party. But, that was something which was very useful, setting up our internal website and NATting IPs.

The solution has increased productivity with our outside salespeople being able to connect into their computers and use those remotely.

We are able to limit where users can go, what they can do, and what they can access, so they are not wasting time doing things that they shouldn't be doing. It does help to save time, e.g., limiting Facebook. 

We are able to segment our FTP website off on the optional, setting up the rules specifically. There are certain outside IPS coming into our computers where we have different machines out there setup where technicians can remote in, etc. Being able to set those up to specific IPS, not just allowing full access, is probably our main use for setup.

The usability is good. I like it. I don't have any issues. Most everything that we have tried to set up for what we use it for is pretty straightforward and easy to use.

We have probably had it for the last 10 years. I have been here the entire time.

The stability is very good. We haven't had any issues with ports or anything else. Everything has been very good as far as the stability and issues.

The performance and throughput that the solution provides is good. We haven't had any issues as far as when we have connections and things going on. So, it's very good.

The stability is good as far as our use. I feel like we do have room. We have extra ports on it. We can set them up if we need to, but we don't need to use them. However, I feel we have room to expand and grow, if needed.

We have probably 75 users setup. Mostly, they are authenticating through to get out to the Internet. We do have some protections on it: virus stuff and different websites that users can and can't get to. We have groups setup for that. That is our main use from the inside with most of our users going out. Then, we have five or six users who remote into computers and other things.

There are not necessarily plans on expanding anything at the moment. We are pretty much set where we are. Usage is not too heavy, as it's mostly users getting in and out with us restricting what they can get to.

I have only had to call once or twice for anything in any of the time that we have had the solution. Most of the time, if I do have a question or something, I can hop onto the forum and there is an answer, then away we go. As far as my experience with the forum and just a few calls, it has been very good. We haven't had anything that has hung us up for a long time.

WatchGuard was pretty much our first solution like this. We did not use anything else before it.

The initial setup was straightforward. It walked through everything as far as the configuration. Everything that we needed was right there. So, I didn't have to search for anything. It was easy set up.

We went from a different version to this version. Even from that to this version, it was probably up and running within an hour.

I usually set it up.

We didn't consult anyone. We didn't really have an implementation strategy per se. We just set it up (like the old one), then went through and looked at some of the new features and things we might want to use.

I maintain it and and set up whatever needs to be set up. The other IT guys can come in and do stuff if I'm not here. Generally, it doesn't take too much time to get anything set up that we need.

It saves us a couple hours a week.

We don't have any other costs other than the licensing stuff.

We did look around at a few different things. We just kind of settled on WatchGuard. It seemed to have the features that we needed, so we went in that direction.

I'd give it a 10 (out of 10). I haven't had any issues. The few issues that we have had, such as not knowing where to go, they have been answered quickly. I am going to give it a 10 because of its easy to use. If we have a question, it's easy to get an answer. Also, it's very simple. For most of everything that we do, we have been able to do them pretty easily. We are very happy.

If we were to ever look at something else, I would look for something that has ease of use, simplicity, and ease of setup. That is what I like about this. Everything is pretty straightforward and easy to find. The interface being easy to use and find has been very helpful.

We don't use a lot of the logs. Generally, we don't need to. If we do need to go look at something or pull something up, the information is there in HostWatch or the logs. I have been happy with it.

We're not using the cloud.

It's our main firewall. We have over 120 hosts that flow through it.

The biggest way that it has advanced us is that when we started adding additional locations, it became surprisingly easy to do that, to create branch-office VPNs. When I was first tasked with that, I was overwhelmed with it. I thought, "This is going to be really difficult." But it was really simple. I've never actually done this, but they have the ability to program a box and ship it out there. It'll identify it by its number and just do the setup automatically. I've never been brave enough to just let it go automatically, but when I do get it in my office and set it up for the branch office, it's just a matter of just plugging in the right numbers. It works and it's very stable. That enables us to do some incredible things.

WatchGuard has been mostly cost-effective compared to other firewall systems that are out there, given the power that it has and the ease. I complain about the usability, but things such as how to set them up and how to set up the routing up are, at least, intuitive. So that's been invaluable. It's one of the reasons why I haven't moved away from them or been tempted to move away from them. These setups are very complicated and WatchGuard makes it very easy.

It does simplify my job in the sense that it's easy to set up a VPN. Setting up a branch-office VPN is rather simple, but when I have remote users, such as myself or remote salespeople who are operating out of their homes, I can use whatever solutions are out there; the software that makes it easy for them to connect. That avoids my having to go out and buy really expensive solutions like TeamViewer or LogMeIn. They are always clunky, always hard to navigate around in. With WatchGuard, remote users can pop in straight through the VPN and then RDP into their remote desktops. And everything works very smoothly and rather quickly. Anytime you VPN it's not super-fast, but it has been rather efficient and is a huge advantage. It makes my job a lot easier because I don't have to try to troubleshoot somebody else's TeamViewer account.

WatchGuard has saved me time versus having to manually help people with their remote connections. It saves me about ten to 15 hours a month of work, not having to do all that.

The basic firewall features, or just the routing, are the most valuable because that's how we configure our network. 

The second valuable feature would be the branch office. We have five offices throughout the United States, and it coordinates the connections of those offices. 

And the filtering features are okay.

It layers security in the sense that it does isolate different networks. I have in-house web hosting and that's more of a DMZ-type thing sitting out in the open, so that it has to be isolated from our network. It has Gateway antivirus, which is important. It has Gateway spam protection, but I've never actually seen it do anything. That could be because our regular spam filters grab it before it gets a chance to. It's not a direct user-security thing. Another level of security is that I do keep our guest WiFi network separate from our main WiFi network. Even though WatchGuard doesn't manage our WiFi, it does play the traffic-cop between those two networks and keeps them separate. It's more IP-based routing security than anything else.

We have several branch offices. Those things run, you forget about them. My biggest gripe was when I went to update some of my devices, to try to make some speed improvements, not only did I get hit with, "You need to renew your LiveSecurity," but there was this reinstatement fee that they threw in on top of it. That really angered me, to the point that I canceled the entire order. I actually almost replaced some of those devices and I'm looking to replace them because of that type of thing. It's fair to pay for services like filtering, etc., but I don't feel it's fair to pay for updates to a product because they're patching and fixing and updating their product because of bugs. If I want to pay for the next version of something that gives me additional features, that's fair. But to have to pay a reinstatement fee and that sort of thing, I find it to be a very poor and unethical practice. We'd never do that to our customers. The reason I haven't thrown a huge fit is because everybody does it. SonicWall will do it; Cisco. All those guys do that kind of thing. 

I really don't like that, particularly because you're talking about a device that you paid $300 for, and the reinstatement fees are another $200-plus. I can just buy a brand-new device for that, get a faster unit, and get another year of stuff. Maybe that's what they're trying to encourage me to do. But there are firewall devices out there that I can buy that will do a lot of the stuff that I need to do in the remote offices, without having to purchase a yearly or three-year plan. I keep our main system up to date, but for the small edge units, it's just an unneeded expense. That's my biggest negative and biggest gripe about WatchGuard.

In terms of the reporting and management features — and this isn't necessarily a WatchGuard issue, this seems to be more of an industry-wide issue — you get reports, but a lot of times you don't know what you're looking at. You're so overwhelmed with the data. You're getting a lot of stuff that doesn't matter, so it takes time to parse through it, to actually get what you want to know. If it gives me a threat assessment such as, "You received an attack from North Korea," I don't know what that means. I know that an IP address from North Korea hit our server, and they tried a certain attack. Is that something I should take seriously or not? I don't know.

But that seems to be true with a lot of the solutions out there. They tend to report everything, and there's not a lot of control over getting rid of the noise. I've had it report threat attacks from devices within my network, from my own PC, in fact. So it's misinterpreting some things, obviously. Reporting is not something I rely very heavily on because of that. I look at it but I don't know what I'm looking at. Instead, I have a monitor that displays various things about my network, and I will have the main screen up just to see things like which host in the network is the busiest. I tend to use the main dashboard to get real-time information.

I've been using this solution for over 15 years.

The solution is very stable. I don't think I've ever had one crash in 15 years.

I did have one fail, but that was just a hardware failure. That was one of the very first, early units. That was years and years ago. I've never had one fail since then.

It's not very scalable. You get what you get. You buy for your application but if you grow, if you were to double your network bandwidth or the like, you would have to upgrade the product. That's because the hardware can't handle that. 

You could say it is scalable if want to add additional networks and that sort of thing. It makes that fairly simple. But you do need to buy the appliance that's applicable to your network.

It's used at all of our locations and it traffic-cops our entire network. But we're not adding any new networks. As we buy companies, which we've been doing, I usually pull their firewalls out and put these in, because that's what I'm familiar with, if I can't interface their existing firewalls with it.

Their tech support, the few times I've used them, have been excellent. Their staff has been very knowledgeable. I've had several instances where, when fixing a problem, they've made suggestions about other things not related to that problem, as they inspected the setup.

They have a very good system for logging in securely and seeing configurations without being able to check it. That's been very helpful. I've always given an "A+" to their tech support.

It was so long ago, but I used some PC-based proxies at the time. So there was something before this solution, but my first, actual, dedicated appliance was WatchGuard.

It might be that we purchased this back in the late '90s, because our previous solutions were back during the dial-up age. It wasn't until we started getting always-on internet in the late '90s or early 2000s that we looked at a firewall. Someone suggested WatchGuard.

The initial setup is straightforward. Network setup is complex because setting up networks is complex. I will give them props for making a very complex task a little easier. I don't know a way you could make it any easier than they do. I have done network setups in other firewalls that I thought were way more complicated and more convoluted. We've set up a branch office with some SonicWall devices and my setup screen was a whole lot easier than theirs.

The deployment itself takes an hour, if that. I've done upgrades, but I haven't done a straight, flat-out deployment in a long time. But usually, when I deploy a branch office or upgrade the main unit, it's usually up and running within ten to 15 minutes in most cases. If I get something wrong, then it might go to an hour or so, but usually they're very straightforward. If it's a branch-office deployment, it's just a matter of plugging it in. It takes five to ten minutes. The configuration might take another ten to 15 minutes. The one thing that's difficult when you're setting one up is that you have to isolate a computer that you can connect directly to. They have things that make that easier, but I've never tried it.

Our implementation strategy, back then, was to bring branch offices online.

The process of deploying the product to distributed locations usually means that I bring the device in-house and preconfigure and test it before I send it out to a remote location. I'm usually onsite at remote locations to install it. So my process is to order the product, configure it locally, get it correct, and then install it onsite.

In terms of using it, there are maybe ten users and they use a VPN client. They directly interface with it. It's primarily me who manages it. I'm the only user who actually sets the configurations up in it.

I purchased it from a retailer at CDW and did the deployment myself.

Being able to control network traffic and being able to monitor employee activity on the network are things you can't quantify, but there's definitely a cost that you could attach to each. If we have users that we find are spending too much time on social networks, we can address those issues, replace the employee if they don't comply, or help them with their productivity, etc. 

A firewall is a necessary evil. You've got to have one. It's one of the less expensive but powerful models. I've always been very impressed with that. There's a definite return on investment in terms of that the branch-office option. I didn't have to pay anything extra for that. It was just built-in. Those can get upwards of thousands of dollars with other solutions. One solution I saw was $15 a month per user. It would be astronomical if we tried to go that route.

I don't have a number, but the return on investment is good.

I buy a three-year renewal on the main device, which is usually around $3,000 to $4,000. They usually upgrade the device when I do it. You get a big discount when you do three years.

If I were to renew my other devices — we haven't renewed them — it would probably be around a couple of thousand dollars for the little edge devices.

In addition to the standard licensing fees, we pay for the filtering software. There's a web blocker, Gateway antivirus, intrusion prevention. Those sorts of things are extra. They call it LiveSecurity. I do the LiveSecurity update and that includes a lot of those features. It's a type of a-la-carte scenario. You pick what you want, and that then includes maintenance and support.

I can't remember what we looked at, at that time. I have looked at more recent solutions like Untangled, SonicWall, and the like, just to see what else is out there.

Make sure you buy the device that fits your environment. Don't try to do too much with too little. You can buy one of the edge devices, and you could technically run a large network on it, but it's not going to work as smoothly. Your firewall is your primary point of security from outside intrusion so you want to do it right. Be very meticulous about your configuration.

Straight-up, walking-to-the-console usability of the solution is not very user-friendly. It's not very intuitive. However, compared to other firewalls, it's very user-friendly. So it's more user-friendly than most, but it's just not something anybody could walk up to and use. If I had to walk someone through it remotely, it wouldn't be very easy for them to do.

Each upgrade of the device, and I've had about five of them — five main devices — has allowed an increase in bandwidth and performance. They tend to work fairly consistently, but as speeds have gotten faster, you've got to upgrade the device to keep up with it. They seem to be doing an adequate job at that.

I have used the solution's Cloud Visibility feature. I wasn't really blown away. I thought, "Okay, that's neat." I haven't really dug into it deeply. I don't really think about it in the context of detecting and reacting to threats or other issues in our network. I like to be aware of threats, but threats in networking terms are always not practical. For a company like ours, we know there are going to be internet probes out there, and they're going to hit our network. The WatchGuard identifies them and locks them down. There's nothing I can do about it. It's more along the lines of, "For your information, there was an attempted attacked last night."

What I'd rather have is internal threat assessment. I want to know: "This machine started doing something last night it wasn't supposed to do. It was sending out emails at two in the morning. It shouldn't be doing that." Since it's sitting here watching the network, I'm more concerned with internal threats, and people doing things they shouldn't be doing, than I'm worried about the external threats. 

I probably should be equally concerned about them but I've never found a really good solution on that. I have some customized things that I've done that try to send me alerts if certain behavior patterns are detected. I'm scanning through the logs, and if certain keywords pop up, then I'm alerted. That's been somewhat helpful, but most of the time I get more false positives than I get actual.

We have web filtering, so I'm looking to see if anyone is going to pornographic or hacker or peer-to-peer sites. I get alerts from that and it logs those. But most of the time, I'll get hundreds of alerts on sites for a user, and I'll go over and find that the user was looking for fonts and one of the ads happened to be on a server that caused a trigger. It was a complete false positive but I don't know how to filter all that out. So the alert becomes useless. That may be an industry problem.

I would rate WatchGuard at eight out ten. There is a need for improvements in the reporting. There needs to be more granular, built-in filtering in the reporting, so that you can drill it down to exactly the information you want. The second thing would be the cost-plan of renewals. They can have a security plan and they can have a renewal plan. But if you lapse and they charge a penalty on top of that, to me that's really unacceptable. I should be able to let a product lapse if I want to. It may not be a priority. It might be something I have in someone's home and then there's just a new feature I need to add. As I'm going down the road I should just be able to buy that when I want. To put in reinstatement fees is a big negative to me. Granted, they all do it, but they all shouldn't do it.

It is a firewall. I have two M400s. They act as security for the Internet, like a border between us and the Internet.

We allow more outside vendors to be able to come in, then I could protect them. This is a way that I could leverage the solution which has improved business. It has made vendors coming from the outside able to get to resources that we can provide them without allowing them onto our production network.

We have the logging working along with the System Manager overview. This all seems very good to use and straightforward. It is where I look when I start since it gives me that sort of a single pane of glass for both firewalls.

It gives me Layer 3 and Layer 4 security. I don't know if it gives me the full Layer 7 security, which some other firewalls do. It might in new revisions of it. However, for what I need, it meets the sweet spot.

Having the VPN access helps productivity in the sense that people can get to resources anywhere.

• HostWatch is a nice feature.
• Logging
• The central management piece of the system
• The overview manager is good to have.
• The GUI is somewhat easy to use.

These features provide visibility on the network. When there is trouble, I like to see why I might be having trouble at the gateway level.

HostWatch makes it so I can see, in real-time, activity in the event that there is something weird happening on the network. This simplifies my job.

The product's usability is good. It is straightforward and simple. One of the benefits is that it is easy to navigate and intuitive.

Sometimes, the writing rules are a little confusing in how am I doing them.

I had some trouble with the previous product version (XTM) at the end. When the product aged a bit, there were no redundant power supplies. For what we're doing, it would've been nice to have something to fall back on instead rebuilding and taking it from an old configuration because the older version did die. We were able to take from an older configuration, build a new one quickly, and get it up and running, which didn't take long, but there was some pain around it.

With the previous version (XTM), I started seeing some hiccups.

With this new version (M400), it has been in place for about a year and been running just fine. I haven't had to reboot it. I don't think I've had an issue at all with it.

I manage the solution as the network administrator.

I am not sure what I can scale up to. It meets our needs, though. We're not a growing company. We are sort of a static company in terms of growth. As a static company, we are not looking to increase our usage.

We have around 200 users, who are tradesmen, toll collectors, administrators, accountants, and auditors.

I haven't used WatchGuard's technical support because it is an easy product to use.

We switched from WatchGuard's previous model due to age of hardware. We went from something that was seven or eight years old to something from the last year or two.

The initial setup was straightforward. We had been previously using WatchGuard and moved from an XTM to an M400. So, this is our second-generation of firewall with them, and I didn't have any problems.

The deployment took about a day. I upgraded the hardware, making sure that everything migrated over correctly. That was the goal. I had one rule that I dropped, but that's about it.

We have multiple networks with Internet points of presence where we have multiple firewalls. These are not at the distribution layer. The core layer is more where our firewall is.

For the price point, what we do with it, and the time that the last one lived for on our network, we have gotten our money's worth from it. I'm satisfied with the product for the most part.

We did consider other vendors. I don't think there's a need for us to switch right now. In the future, there might be. However, we're pretty happy right now with what we have.

We also looked at Palo Alto, Cisco, and Juniper NetScreen. We looked at Juniper because we have a lot of Juniper switching infrastructure. WatchGuard's price point worked, which is the reason why we stayed with WatchGuard.

Leverage the website. They have a good knowledge base out there. If this was a green deployment, make sure that you understand how the policies work for VPN and matting.

The throughput is adequate. It certainly handles what I pumped through it, which is about 150MB. I don't know how we would do on a big gigabit network, but for what I do, it works. I haven't seen any slow downs in throughput.

I am not using the Cloud Visibility feature.

Our primary use case is for firewalls.

We were using Websense before, for website filtering, and we had to configure the device to block and monitor. Then we would go to Cisco to configure the firewall ports and then we used antivirus software to protect that the gateway from viruses. So we were using three or four different security products. WatchGuard integrated into everything in one place, so it's much easier to configure.

It has simplified my job. Before WatchGuard, we needed one person inside and two people outside to set up our network. Now I can do it by myself.

The solution has saved us 30 minutes to an hour every day. In terms of productivity, before WatchGuard we had given up checking the logs because there was so much information. But now, with its graphical interface, it's much easier to get the information that I need: the violations and sever errors are easier to pull out.

The most valuable feature is the GUI, especially the real-time bandwidth usage report. Also, its integration with WiFi access points is nice.

The product's usability is very good. We were using Cisco products before, and that was terrible. The difference is in integration. With Cisco we had to go into the command line to configure devices. With WatchGuard we can do everything from the GUI, so it's much easier to set up and to make sure everything is working the way we want.

The throughput of the solution is good. It's also very good at reporting. I can see things graphically so I don't have to read through all the log text files.

The solution provides our business with layered security. In terms of the attack vectors it secures, we have a firewall set up and it gives me reports. It also has an integrated web filtering solution. I can set up a website filter and it's all filtered in one place. I don't have to go to another solution.

I don't know if it's just my version, but the WiFi access point integration has just started. It's getting better but if there were more reporting of the devices that are connected to WiFi access points that would be great. Right now I can see the MAC address and bandwidth usage for each device but that's about it. If I could see which sites the devices are visiting and what kind of traffic is generated from each device, that would be great.

We bought Firebox four or five years ago, and with the first version I had to reboot it every two or three months for no apparent reason. We upgraded last year to the M370 and it's been running, but it is rebooting from time to time. I don't know why.

Since everything is integrated, when there is really high user traffic, especially to the different locations, including email and everything coming in at one time, I see very high CPUs. It may not be as scalable as having three or four different devices running, one for each task.

The bandwidth is good but we only have a 15 meg fibre to this location and I see high CPU usage, so I wonder how far it can go up. It's working well for us but if you are trying to go to 200 or 300 meg of bandwidth you may need to get a bigger WatchGuard.

We don't have any plans to increase usage in the future. It has a hotspot client access which we're somewhat interested in, but we don't have many guests coming into our offices. That's the one area where we might spend some time.

Technical support is really good. That's one of the best parts of this product. With Cisco, you have to transfer all over the place, but with WatchGuard there's a ticket system. When you open up a ticket, they are really responsive.

Their response time is within a few hours. If you just log a ticket through the website, you get a response back within one to two hours. But if you call up, they respond really fast. And it's a real tech guy responding back. You go through all your details and you get answers right away.

At times I have made an additional feature request and even I have forgotten that I requested it, but they keep following up. I have to say, "It's okay now, forget it."

We were using Cisco Professional Services whenever we had to tweak our IP forms or QoS and those advanced types of changes. The outside consultants were costing us money. With WatchGuard we can do the setup by ourselves. We tried it and found we could do it.

The initial setup was very straightforward. The graphic interface gives you bandwidth control, traffic control, and a graphics screen, unlike the Cisco products where you have to go into the command line. There, you are typing commands but it's really hard to tell if it's working or not. With WatchGuard, it gives you the response right back and you see results right away. So, it's much easier to configure.

Our deployment took about three days. To get it up and running it took about one hour. The rest of the time was to tweak our firewalls, open up this port, open up that site.

Regarding our implementation strategy, we have ten remote locations. We started with one branch as a test bed, set up a template there, and applied it to the corporate site here. When we applied it to the corporate site it took a little while, about three days. But once the corporate template was done, the other sites were quick. We set up the device, and it shipped it out and, in ten to 15 minutes, it was up and running.

We purchased the solution from a local distributor, Jensen IT, and they had a support line. We called up two or three times. Our experience with them was very reasonable.

From a pure cost standpoint, we cut our fees in half by moving to WatchGuard. And in terms of time, we are spending one-third or even one-fifth of the time we were spending on Cisco devices. Those are substantial savings.

The price is so small that I don't pay attention to it anymore. I think we pay a few thousand dollars for two to three years, so about $100 per month. That's for all of our users.

There is an additional cost if we want to go with a deeper licensing model, but we just pay for antivirus, IPS, and main product support.

At the time we made the switch to WatchGuard we were also using two or three different solutions to manage security and our internet connection. We were using Symantec Gateway for antivirus protection, Websense for web filtering, Symantec IPS reporting, and Cisco.

The integration of all of those with our system was cumbersome and there were maintenance fees and license fees being paid to four or five companies. All licensing terms were different and it was really cumbersome to manage. With WatchGuard, everything is really in one place.

However, for one of our new locations we started using Meraki, which has cloud capabilities so I can remotely manage the setup of the firewall for remote offices. For ease-of-setup, Meraki is a little bit easier. If you want an easy solution in terms of setup, Meraki might be a better solution. But there is a lack of depth of setup on the Meraki, while WatchGuard is a real firewall solution. In the new office, we only have a five people, so the WatchGuard features may be a little bit too much that size of office.

Firebox has a very small model for personal use, a home-use product, but we did not test it out. That might be a good fit, but the value for a very small office may be a little bit of overkill.

If you have a small IT staff and want an easy-to-set-up solution, I would one hundred percent recommend WatchGuard. If you have a very serious, big IT department and a big business, you might want to test out the throughput and the stability.

In each of our ten remote offices, we have about ten to 15 people using it. At our corporate office we have 70 to 80 people. We require two people for deployment and one person for maintenance of the solution, including me, the IT manager and, our systems administrator.

I would rate the solution at nine out of the. It's just missing that stability point.

The tool's most valuable feature is the dashboard. 

The solution needs to improve its accessibility. 

I have been working with the solution for four months. 

I rate the tool's stability an eight out of ten. 

My company has three users for WatchGuard Firebox. 

I rate WatchGuard Firebox a five out of ten. 

My company uses WatchGuard Firebox for the data centers that work in our office. My company has websites and web applications, because of which we use WatchGuard Firebox for system security.

In WatchGuard Firebox, the antivirus and malware detection systems are areas with shortcomings that require improvement since they are the most important elements of a cybersecurity tool.

In the future releases of WatchGuard Firebox, I want to see more frequent updates.

I have been using WatchGuard Firebox for two years. I am an end-user of WatchGuard Firebox.

Stability-wise, I rate the solution a one out of ten.

It is not a very scalable solution. Scalability-wise, I rate the solution a three out of ten. The scalability structure of the product does not work properly. There are some downtimes in the solution for which we don't get any notifications. In our company, we don't worry whenever there is an upgrade for the solution.

In my company, we are full-time users of WatchGuard Firebox, and we have applications that are not just used inside our office but publicly on the internet. My company faces many cyberattacks from Russia and China, which is really bad.

My company does not plan to increase the use of the solution.

When trying to contact the product's technical support team, it turns out to be a slow process.

I rate the technical support a three out of ten.

Negative

I rate the initial setup phase of the tool a seven on a scale of one to ten, where one is difficult, and ten is easy.

The solution is deployed on an on-premises model.

The solution's deployment process takes just a few hours to be completed.

For the deployment process, you first connect to a serial cable. WatchGuard has management software that you need to install on a computer to manage the firewall software. You need to connect the firewall serial cables to your computers. In my company, we manage just one software for upgrades and deployments.

One person is enough to take care of the product's deployment process.

WatchGuard Firebox is a cheap solution.

The systems from WatchGuard are not properly working since I have seen that my company faces exploits in security when using WatchGuard Firebox.

If you just plan to use WatchGuard Firebox in your office and not publicly, then it is okay to purchase it. With WatchGuard Firebox, you can manage your users and permissions while also taking care of the basic setup phase in your office. For systems open on the internet, you can use solutions bigger than WatchGuard Firebox that can provide you with more professional services.

Since the tool's performance is not good, I rate the overall tool a two out of ten.

We use this for our network, mainly for the configuration of rules, such as VPN connections, remote access connections, and application web filtering. I'm a security engineer and we are customers of WatchGuard.

This is a very flexible product without licensing limitations. They offer good classes through Gartner. 

Although this solution is better than others on the market, I'd like to see improvement in the visibility of network traffic. It feels that the web interface is missing some parts, particularly access and configuration. 

I've been using this solution for two years. 

The solution is stable. 

The solution is scalable.

We've never had to use the technical support. 

The initial setup is straightforward. 

I rate this solution eight out of 10.