WatchGuard Firebox OverviewUNIXBusinessApplication

WatchGuard Firebox is the #3 ranked solution in top Unified Threat Management (UTM) tools. PeerSpot users give WatchGuard Firebox an average rating of 8.2 out of 10. WatchGuard Firebox is most commonly compared to Fortinet FortiGate: WatchGuard Firebox vs Fortinet FortiGate. WatchGuard Firebox is popular among the large enterprise segment, accounting for 42% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 21% of all views.
WatchGuard Firebox Buyer's Guide

Download the WatchGuard Firebox Buyer's Guide including reviews and more. Updated: November 2022

What is WatchGuard Firebox?

WatchGuard Firebox is a unified security platform that offers organizations protection from cyber threats through a powerful network security device that controls all traffic between an external network and a trusted network. The solution is ideal for small and midsize businesses as well as for distributed enterprises. WatchGuard Firebox protects the entire network from intrusions, phishing attempts, malware, and ransomware by using cloud and virtual firewalls, AI-powered malware protection, and enhanced network visibility.

WatchGuard Firebox Features

WatchGuard Firebox has many valuable key features, including:

  • Policy management
  • Strong security
  • High performance
  • Network configuration for multiple clients
  • Built-in SD-WAN
  • Application control
  • Threat detection and response
  • Network discovery
  • Intuitive interface

WatchGuard Firebox Benefits

Some of the benefits of using WatchGuard Firebox include:

  • IT administrators can create and implement policies for content filtering, VPNs, and network inspections.
  • The solution is easy to set up, manage, and maintain.

Reviews from Real Users

Below are some reviews and helpful feedback written by WatchGuard Firebox users.

PeerSpot user Kelly C., IT Manager at a hospitality company, mentions, “One of the most valuable features is the Gateway AntiVirus. We scan all traffic as it's coming through. We also use spamBlocker to scrub spam. We use content filtering, which is critical in any corporate environment to make sure that people don't surf things they're not supposed to. WatchGuard has a very easy VPN and branch office VPN setup, so we use those pretty extensively too.It's very easy to use. In terms of performance, WatchGuard has always worked well for us. Regarding the reporting, I was in the Dimension server earlier today. It's very powerful. I like it. And the management features are easy to use. I like the fact that I can open up the System Manager client or I can just do it through the web if I'm making a quick change.”

A Director of Information Technology at a retailer says, “Among the most valuable features is the ease of use — love the interface — of both the web interface and of the WatchGuard System Manager. It's a stable platform. The devices are pretty rock-solid.”

Jason M., IT Director at a healthcare company, explains, “The policy monitoring and allowing different traffic flows are the most useful features for us; regulating which traffic comes in and out. In terms of the throughput and performance, we don't have a problem or any bottleneck there. We downgraded the size of our appliance because we're a small facility, and what we had before was actually too big. The one we are now going with seems to be doing a great job.” He also adds, “The management feature is pretty nice.”

Steve R., President and Owner at Peak Communication Systems, Inc., comments, "It saves us time in the respect that we now have the template built for it so we can get in and get it done. We've had much less problems supporting Voice over IP technologies from different companies. Because our client base has grown over the years, we're probably saving 20 to 30 man-hours a month now that we've got this on a good stable level."

WatchGuard Firebox Customers

Ellips, Diecutstickers.com, Clarke Energy, NCR, Wrest Park, Homeslice Pizza, Fortessa Tableware Solutions, The Phoenix Residence

WatchGuard Firebox Video

Archived WatchGuard Firebox Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Mohamed Y Ahmed - PeerSpot reviewer
Technical & Pre-Sales Manager at GateLock
Real User
Top 5Leaderboard
Easy to configure with good packet filtering templates and good traffic management features
Pros and Cons
  • "The security that is used for defending from the attacks is very good."
  • "I would like to see the devices made more flexible by adding modules to increase the ports that we can use."

What is our primary use case?

I'm deploying the WatchGuard Firebox for many of my clients, and they all stay satisfied with the product. The primary reason as a common request from most of the users is to protect the environment from the outside network attacks. It is popular because of its security layers dependencies and its great performance.

The proxy policy and packet filtering templates make it very clear while I am configuring the Firebox for customers. Also, the variety of actions that are designed per kind of packet payload are dependent on the protocol's payload.

How has it helped my organization?

The Firebox is developing most of my client's infrastructures, starting from internet access and its amazing protocol-oriented proxy policies. It also has a deep understanding of the packets, meanwhile the most powerful HTTPS inspection features.

It is supported by the VPN, either Branch office or mobile users.

In addition to its impressive extraordinary DNS security, it has an access portal, which is a feature for publishing web applications, cloud applications, or even publishing internal RDP and SSH. 

https://www.watchguard.com/wgrd-resource-center/2019-nss-labs-ngfw-group-test

What is most valuable?

The traffic management feature is very flexible and it let you manage varieties of our customer's needs as it is working per policy, for all policies, and per IP address. You can apply it also per application or application category, all in the same proxy policy.

The differences between backup and restore and the configuration file allow us to perform a migration from one box to another in a single click.

The security that is used for defending from the attacks is very good. As an example, for the HTTP packet, you will find botnet protection, Reputation Enabled Defense "RED" and DNSWatch "the DNS security", in addition to the AV gateway. They are all working together to protect internet access.

What needs improvement?

I would like to see the number of management consoles reduced. As it is now, Firebox can be configured using the web UI, WatchGuard System Manager, Dimension server, and from the cloud. This should be done without affecting the way we deal with the configuration file, as it's one of the strongest points in making its implementation smooth and easy.

I would like to see the devices made more flexible by adding modules to increase the ports that we can use. As it's started from T80, the last edition of tabletop appliances, it should also be applied to all M series appliances.

Buyer's Guide
WatchGuard Firebox
November 2022
Learn what your peers think about WatchGuard Firebox. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,113 professionals have used our research since 2012.

Which solution did I use previously and why did I switch?

As I work as a services provider, I have used many different solutions. I find WatchGuard Firebox provides very good value. as you find in the following points "Not everything":-

1. Configuration migration between boxes.

2. More flexible while applying traffic management.

3. Best performance.

4. Security layers and its dependencies.

5. Protocol oriented.

6. Rapid deploy feature that it let you make a total configuration remotely for a box on its default factory mode.

7. total protection for inbound and outbound traffic by applying the policies with a deep understanding of the traffic. 

8. The DNS security and how it stops the malicious DNS requests on the scale of network security and its endpoint for mobile users to apply the same while they are outside the environment.

9. SD-WAN feature and how it deals with lines quality by its Jitter, loss, and latency.

10. The exception for sites, ports, and IPs, it has a huge variety and you can do it at many levels. Before the policies starting already in the default threat protection, Or in the global settings but after the policies starting to scan then you can avoid all of that per policy per protection type which is meaning that you can expect something from geolocation or WebBlocker or APT Blocker, etc...

11. there are some other features in the box Access Portal, Application Control, APT Blocker, Botnet Detection, Data Loss Prevention (DLP), Gateway AntiVirus, DNSWatch, Geolocation, IntelligentAV, Intrusion Prevention Service (IPS), Reputation Enabled Defense (RED), spamBlocker, Threat Detection and Response, and WebBlocker.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: We are a distributor for the vendor in Egypt
PeerSpot user
Alexey Shcherbatyi - PeerSpot reviewer
Network Administrator at Abona Deutschland GmbH
Real User
Identifies attacks on our services and precisely directs us to the problem, saving us significant time
Pros and Cons
  • "After conducting several tests I found the antivirus is working very well. Additionally, they have a very interesting feature, DNS WatchGuard, which is checking DNS requests for phishing, among other things, and it has caught a lot of unwanted attempts and attacks."
  • "I haven’t dug deeply into the reporting features yet or if they are working well. However, I have generated several reports and there was too much unnecessary information, in comparison with the reporting features in the Sophos firewall. Sophos' reporting is more readable and easier to configure."

What is our primary use case?

We are using WatchGuard Firebox for defense of our internal infrastructure.

How has it helped my organization?

I wouldn't say that Firebox has improved the way our organization functions, but rather that it protects our organization.

The solution identifies attacks on our services and, as a result, directs our attention precisely to the cause of the problem. As we are not actively watching the traffic ourselves and we completely rely on Firebox to alert us instead, the solution saves us about 30 hours per week.

What is most valuable?

The most valuable features are WatchGuard’s antivirus, traffic protection, and ease of configuration. I also appreciate their traffic analytics. 

After conducting several tests I found the antivirus is working very well. Additionally, they have a very interesting feature, DNS WatchGuard, which is checking DNS requests for phishing, among other things, and it has caught a lot of unwanted attempts and attacks.

Regarding the management features, the interface is user-friendly, and the instructions are well documented. There is a fast learning curve and everything is intuitive and understandable.

It also provides us with layered security. Firebox protects our traffic, as we have numerous Web Services that are external and which are a priority for us to defend. We don't use the rest as much.

What needs improvement?

I haven’t dug deeply into the reporting features yet or if they are working well. However, I have generated several reports and there was too much unnecessary information, in comparison with the reporting features in the Sophos firewall. Sophos' reporting is more readable and easier to configure. Having said that, reporting features were not very important for us when selecting a solution. What was important were other types of functionality that WatchGuard Firebox was able to meet.

In addition to the reporting features, I would suggest they work on an SSL VPN gateway.

For how long have I used the solution?

We have been working with WatchGuard Firebox for about one year. Initially we got an M200 model and then switched to an M470 in a cluster.

What do I think about the stability of the solution?

In terms of the stability, everything is perfect. We haven’t experienced any issues.

What do I think about the scalability of the solution?

The solution scales intuitively and quickly with any internet, meaning the solution’s protocols support any internet configuration. The connectivity scales in any location.

We could scale it to several companies with up to 100 employees and up to 1 Gb of traffic.

How are customer service and technical support?

I would rate WatchGuard's tech support at the highest mark of five out of five. I was very pleased with them. We were working with them on the software licensing and opened some tickets related to technical issues. In both cases, they resolved the issues promptly and without unnecessary back-and-forth, unlike when working with the support teams of other vendors.

Which solution did I use previously and why did I switch?

Before Firebox we used a Sophos firewall. We switched because the WatchGuard firewall offers a broad set of features and parameters that were lacking in the Sophos firewall. Additionally, the WatchGuard solution was cheaper.

WatchGuard has a comprehensive antivirus system included in the firewall and that was important for us. Sophos’ antivirus features were weak, in comparison.

How was the initial setup?

The initial setup was medium in terms of the difficulty of some aspects, such as initially understanding the logic of their security policies. It took several hours to acquaint myself and to fully understand things. The whole deployment took about three days.

We initially had an implementation strategy, but it was adapted according to the recommendations and specifications of WatchGuard.

In terms of the technical aspects, I am the only who works with this solution in our organization.

Initially, we purchased the Firebox just for us but, as of today, we have deployed it to two or three other companies. The client sent us project specs with necessary internet configurations for each device, as well as the physical locations. We replicated their infrastructure in our test environment, configured each device according to their specs, and shipped the device to them. The client then connected the device with a cable to the ports outlined in our instructions and everything worked the first time.

What about the implementation team?

During the deployment we worked closely with WatchGuard’s tech support team and they were very speedy in their responses to us.

What's my experience with pricing, setup cost, and licensing?

The price of the solution corresponds to the quality and the feature set offered. There are no additional costs to the standard licensing fees.

Which other solutions did I evaluate?

Before selecting WatchGuard Firebox, we evaluated the Cisco FirePOWER firewall and, in comparison, Firebox is much easier to use.

Also, WatchGuard’s solution, in terms of the cost-per-value ratio, is very balanced.

What other advice do I have?

My advice would be to try this product.

As for the throughput, at this point it is hard for us to evaluate it because we don’t have heavy traffic, or at least we do not experience the traffic throughput specified for this model. Our inbound and outbound traffic is 1 Gb and the M470 handles it very well, not even stressing its components.

When it comes to the solution’s Cloud Visibility feature, they need to improve on the reporting. But in terms of the logs, it gives us very good visibility.

Overall, I would rate the solution a strong eight out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
WatchGuard Firebox
November 2022
Learn what your peers think about WatchGuard Firebox. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,113 professionals have used our research since 2012.
President and Owner at Peak Communication Systems, Inc.
Reseller
Its stability and reliability help us save time and man-hours
Pros and Cons
  • "It saves us time in the respect that we now have the template built for it so we can get in and get it done. We've had much less problem supporting Voice over IP technologies from different companies. Because our client base has grown over the years, we're probably saving 20 to 30 man-hours a month now that we've got this on a good stable level."
  • "The pricing could be improved. It is definitely one of the more expensive products."

What is our primary use case?

We use it in my company and for my clients as well. We sell Internet access, so we use them as a firewall to hopefully protect our clients. We work with one of our partners, who is a certified WatchGuard engineer, and have come up with a fairly good plan to get these completely fired up and working. That makes a huge difference.

We're now up to the 7 Series. We've gone through WatchGuard 3 Series, 5 Series, and 6 Series. So, we've gone through several different versions over the years.

How has it helped my organization?

Firebox's reporting and management features have been very helpful to us. Unfortunately, we don't always have them turned on at the right time. That's something we have to be aware of. However, once they're turned on, they seem to do really well in identifying things across the board for us. We can usually hunt down problems very quickly and go from there.

The solution provides our business with layered security.

We do most of our services now as Voice over IP services. We do not do computer services. We have been able to slowly pair down exactly what we need to program within Firebox to give us the best quality of service for our customers. 

What is most valuable?

We can open or close individual ports, which most can, but I like the way that this programs. Meaning its GUI interface versus Cisco's, where their interface is still not all that great. We just become very comfortable with WatchGuard over the years because we know what to do with them.

We have found it to be very usable and friendly. We can use it for identifying and hunting down. If we run into a problem for some reason, the reporting capability makes it much easier for us to ID where problems may be.

Depending on what specific model you get, along with how deeply reprogrammed and restrictive we make it, their throughput is pretty good. Though, the models are all pretty close to the same. We get about an 85 to 90 percent throughput, depending on which of their security platforms we install. Some will take a little bit more and some will take a little less.

What needs improvement?

The pricing could be improved. It is definitely one of the more expensive products, though you can't really compare it to Ubiquiti or SonicWall.

For how long have I used the solution?

About 15 years.

What do I think about the stability of the solution?

Its stability and reliability make it a good product for us.

Over the last 15 years, there has been only one Firebox in which we've had any hardware problems and one box in which we have had a software problem. In both cases, WatchGuard overnighted a new box to us so we had it the next day, then we were able to repair or replace, as necessary.

They seem to be fairly stable. Like anything else, it's an electronic device that can last for 10 minutes or 10 years.

What do I think about the scalability of the solution?

They have put together a good process where we can go in and see, based on the processor power of Firebox, which one we would want to use on what circuit size. They have it from very small to extremely large.

We have four telephone technicians in the company who have had the training and capability to work on Firebox.

For us, a large environment is somebody with 250 or 300 users inside the company.

How are customer service and technical support?

Our partner has used their support. It's really good support. If they don't answer immediately, they get back to you very quickly, usually in less than an hour.

Which solution did I use previously and why did I switch?

We see cases where several of our clients are switching from a different firewall to WatchGuard. With Cisco, it depends on who's supporting it. SonicWall seems to give us a bit more problems when it comes to interfacing with IP telephone devices or if we're doing SIP trunking.

How was the initial setup?

Firebox stabilizes it so we know we get better support for the platform and user when it comes to Voice over IP. We find a lot of them don't give us the ease of setting it up. Now that we know we have it down to what we're doing so the platform stays stable, we can imply good quality of service for the customer and keep going on so they continually get good performance on their network.

In the beginning to set this solution up, it takes four to six hours. That is to get a brand new one out of the box and make sure it's got all the latest and greatest revisions on it, then setting it up. That also depends on the size of the client that you are supporting with it.

We have a template built for it. Once we upload the template, we go in and adjust it accordingly.

We have a few Fireboxes deployed to distributed locations, not a lot. However, it does work well in a distributed environment. We have one customer who has five offices in five different states. He has Firebox for all of them and it seems to work pretty well.

Deploying to distributed locations is easy enough. We have a template. We just get the IP addresses for the network and update the template, so it has the appropriate addresses. We can either have one of their folks do it because this happens to be a tech company, not necessarily IT. However, a tech company is knowledgeable enough. We can send it out there and tell them what to plug in where and turn it on. Then, if we're really lucky, it comes up without any problems at all because we've already set it all up before we take it out to them. So, the deployment becomes easy depending on how you want to address it. There have been times where we've gone out to deploy them in different locations. Most of the time, depending on the company, we can set it up to deploy, then just plug and play.

What about the implementation team?

Make sure you have a good, qualified, trained engineer to help you initially get it set up. I do not recommend you doing it on your own unless you're somewhat trained in the terminology and capabilities of the particular product.

We have an engineering specialist, who has been certified by WatchGuard, secure attack vectors for us.

Once we get done putting the solution in and getting it set, there are times that the local IT support may be different from ours. They may go in and make a few minor tweaks to it. We try to keep that to a minimum because it is just one of those situations where we would like not to have too many hands in the pot.

What was our ROI?

It saves us time in the respect that we now have the template built for it so we can get in and get it done. We've had much less problem supporting Voice over IP technologies from different companies. Because our client base has grown over the years, we're probably saving 20 to 30 man-hours a month now that we've got this on a good stable level.

What's my experience with pricing, setup cost, and licensing?

They license it. When we buy it, we buy it with a three-year license. That's the most cost-effective way to do it. So, if you're going to buy it, then buy it with the three-year licensing. Only the person buying it can determine which level of licenses they have. That's something to truly consider.

There are no additional costs unless you choose their advanced licenses or different levels that they have for security. You can add on more security licenses with what you have in Microsoft today, but we have not been adding those on.

Which other solutions did I evaluate?

Our experience has been that Firebox actually performs a little better than some of its competitors as far as throughput goes. However, it depends on how much of their security software you get loaded, because they have different versions.

We have used other products. We've used SonicWall, Ubiquiti, and Cisco PIX. My personal favorite happens to be WatchGuard. Also, if we compare WatchGuard against Ubiquiti or Cisco PIX Firewalls, its ability to add multiple IP addresses and ports is much simpler than those. I can run several different networks off of ports that come on the hardware device. Depending on the model, there are anywhere from four to eight ports on the device, so you can plug it in at different levels.

What other advice do I have?

It is a great piece of hardware.

The learning curve for this solution depends on your background. If you have some technology background, implementing it will probably be okay. They have a WatchGuard academy. If you have no background at all, I wouldn't suggest you do it. In comparison, when you get trained with Cisco, there are several different classes to go through and each class is several hours long.

I would rate it as a nine or nine point five out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
FelixCheung - PeerSpot reviewer
IT Director at Wise Ally Holdings Limited
Real User
Enables us to control what kind of applications each staff member and department is able to access, but UI is not user-friendly
Pros and Cons
  • "Because we bought two firewalls... we need a central place to manage the policies and deploy them to both devices. It's good that it provides a system management console that is able to manipulate and manage policies in one place and deploy them to different locations."
  • "The UI is not as user-friendly as the model that I had used before, which was from Check Point. The design of the Firebox UI is restricted and needs an experienced network guy to understand the format and settings."

What is our primary use case?

The purpose is to enhance the application control and internet access control of our company in our office and factory.

How has it helped my organization?

Firebox provides our business with layered security. Before implementing the firewall, we didn't have any control over application access. Now, by using the Firebox, we can control each staff member and department and what kind of application they're able to access on the internet, especially with the popularity of cloud SaaS systems. It has really reduced the degree of risk in accessing those unauthorized, and potentially risky, destinations. WatchGuard provides a pre-built database that can protect against gambling domains, for example. But the accuracy of that database still needs to be improved because, in many cases, the categorization of the website is not exact.

It has also helped with productivity. It reduces the time our networking staff spends implementing things. It has saved about 20 percent of our time. We're also doing more control than before, so we have made some effort to configure the policies, which was something we'd never done before. Previously, we didn't have any control, so we didn't have to spend time configuring or troubleshooting application control policies.

What is most valuable?

There wasn't one particular valuable feature. What I like is that 

  • its pricing is competitive when compared with other brands, 
  • it has all-in-one features for intrusion detection
  • it has application control 
  • it has email control.

Also, the load balancing and failover features cost only 20 percent more than a single instance of Firebox. Those are the main reasons we chose it.

Because we use cloud applications like Office 365 and Salesforce, we don't want all our staff accessing the whole internet. We use the application control so that they are only able to access the company-authorized cloud applications.

Because we use the firewall to monitor the external traffic as well as the internal traffic, we bought a fairly large model, the M570. We turned on most of the features and the performance is comfortable. It can reach the throughput, the performance specified on the data sheet.

Also, because we bought two firewalls, which I know is not that many — not like in the retail industry where they have many firewalls in their retail stores — still, we need a central place to manage the policies and deploy them to both devices. It's good that it provides a system management console that is able to manipulate and manage policies in one place and deploy them to different locations.

What needs improvement?

The reporting features are not as flexible as I thought before I bought it. You can retrieve some simple statistics from the centralized reporting server. But let's say I want to look at the volume of internet access among our staff. There are no out-of-the-box reports or stats or any unit of measurement that show internet access for particular staff. There is no report that shows how long they're on or the volume of traffic, especially in a particular period. It's not necessary that it have very modern BI analytics, but at this point I'm a little bit disappointed with the reporting. One of the purposes of implementing the firewall was to do more application control and reduce the risk involved in employees accessing the internet. We want to measure and know how much time of our staff spends accessing and browsing and using internet resources.

For how long have I used the solution?

We bought WatchGuard Firebox last year and implemented it in our Hong Kong office and China-based factory. In the factory we have larger coverage and we use the M570. For our Hong Kong office we use the M370.

What do I think about the stability of the solution?

It's stable. So far, there have been no incidents.

What do I think about the scalability of the solution?

Our case is quite straightforward. We only use two nodes. We still need to expand to one or two more factory locations, as well as our office. We will scale out the same solution.

I do have previous experience in the retail industry. In that industry, where you need to implement many firewalls in multiple retail stores, I doubt the management tools of the Firebox would be able to scale out for that use case. But for our use case it's good.

How are customer service and technical support?

We haven't had any issues so we haven't contacted their technical support. It's been quite stable over the year since we implemented it.

Which solution did I use previously and why did I switch?

There was no application control in our old solution and we wanted to reduce the risk of being attacked from outside. So we looked for a UTM model and the cost-benefit of the WatchGuard Firebox was one of the best.

I did a little bit marketing research locally and listened to recommendations from some partners in Hong Kong.

How was the initial setup?

The initial setup was quite straightforward. It's a typical UTM.

Our implementation took about two months.

In terms of our deployment strategy, we implemented one of the firewalls. We replaced our old firewall, enabling only the internet access and left the major email traffic access. Then we defined the control by defining more specific application policies. Once it was successful, we used the same method to deploy the other firewall to our China side.

We have one person who maintains the Fireboxes, but it's really less than one because he does other administration and is not only dedicated to firewall administration. We have about 100 people in the Hong Kong office and on the factory side there are 400.

What about the implementation team?

We had one internal staff member and an external consultant from BARO International for the deployment. Our experience with BARO was good. They understood our requirements and were able to translate them into an actual solution and deploy it.

What was our ROI?

We have seen ROI using WatchGuard.

What's my experience with pricing, setup cost, and licensing?

We needed a firewall to control our internal network and the external access and we needed to implement load balancing and failover as well. Going with WatchGuard "increased" our budget.

WatchGuard had a very competitive price. It was only 10 to 20 percent more than a single instance device but with that extra cost it provided a second load balancing device and the licensing scheme didn't charge double. They only charge for one license, unlike other brands whose method of hardware and software licensing would have doubled our cost. That was a major consideration.

Which other solutions did I evaluate?

We looked at Juniper, Check Point, and one more that was the most expensive.

The usability of the Firebox is good. But the UI is not as user-friendly as the model that I had used before, which was from Check Point. The design of the Firebox UI is restricted and needs an experienced network guy to understand the format and settings. When I used the Check Point a few years ago, the UI usually guided me on how to define a policy from the source to the target, and what the objects were, and how to group objects, and everything could be seen from a simple, table-based web UI. 

The interface of the Firebox is clumsier. The settings are like a tree structure, and you need to drill down to each node in order to get to the property. It serves the same purposes, but I won't memorize all the settings. A more user-friendly user interface would reduce the number of things I need to memorize and guide me in configuring policies. It's quite good, but is not the best I have seen.

The other brands provide more professional features for reporting, the application control, and the scalability. But the strong point of WatchGuard is their all-in-one features that are suitable for our size of company and our budget.

What other advice do I have?

WatchGuard is not the best. We already knew that, but it comes with most of the features we need. Although it's not the most user-friendly, we sacrificed that to keep the core features to increase our control while maintaining our budget. Honestly, there are no particular features of the WatchGuard that impressed me to say, "I must choose a WatchGuard." But when I needed several things to come together, then I really had no choice.

I would rate WatchGuard Firebox at seven out of 10. It's good, it's better than a six, but from the management point of view, it has not totally satisfied my expectations so it's below an eight or nine.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Administrator at Niedersächsischer Turner-Bund e.V.
Real User
Visually able to see what policies are most in use and which traffic was blocked
Pros and Cons
  • "The solution simplifies my business. Normally, for administration, we are using NetApp System Manager on Window since it's easy to create new policies. In a short amount of time, you can create new policies based on new requirements. For example, in the last few months, many requirements changed due to the coronavirus, adding the use of new services, like Office 365, and eLearning tools, like Zoom."
  • "Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard."

What is our primary use case?

We use it to protect our web stations and service. 

We established a branch office VPN to our branch office. Since last month, we have added Mobile VPN tunnels to our headquarter.

How has it helped my organization?

We have the ability to use it for connecting to our terminal services, then to the Fireboxes, so we can create user-based policies, which are very important at this time. We can control who has access to management servers and machines that are not for general use by users.

We use a normal packet server. We are also using a proxy service and IPS, so all features are possible with these devices. We have seen many attacks from specific IP addresses that were all blocked. Most times, these were IPS traffic port scans. All this traffic is normally blocked from our side.

The solution simplifies my business. Normally, for administration, we are using Watchguard System Manager on Windows since it's easy to create new policies. In a short amount of time, you can create new policies based on new requirements. For example, in the last few months, many requirements changed due to the coronavirus, adding the use of new services, like Office 365, and eLearning tools, like Zoom.

With Firebox, the monitoring is good. On the Dimension servers, I can see where the IP addresses send and receive a lot of the traffic so I can analyze it. I am also able to see where attacks are coming from. It's good to see visually what policies are most in use and which traffic was blocked. Its easy to visualize policies. The dimension server shows which policy is used and the data flow through the firebox.

What is most valuable?

For our requirements, WatchGuard has very good features available in its software.

It is good for administrating devices. It is reliable and easy to use. Most of the time, the results are what I expected.

The performance of the device is good. The time to load web pages has not been slowed down too much. With additional security features, like APT and IPS, WatchGuard Fireboxes need a moment to check the traffic.

For reporting, we use the Dimension server from WatchGuard where we have many options to analyze traffic. It has a good look and feel on all websites that WatchGuard creates. All pages have the same system, so it's easy to use because the interface is uniform throughout the entire solution.

We are using some of the cloud visibility features. What we use on that cloud is DNSWatch, which checks the DNS records for that site. It is a good feature that stops attacks before they come into the network. For most of our clients, we also run DNSWatchGO, which is for external users, and does a good job with threat detection and response. It is a tool that works with a special client on our workstations. 

What needs improvement?

Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard.

I'm missing a tool by default, where you can find unused policies. This is possible when a) you adminstrate the firebox with dimension, or b) you connect it to Watchguard's cloud.

For how long have I used the solution?

We have been using this solution for a long time (for more than a decade).

What do I think about the stability of the solution?

The stability is very good. I normally only do a reboot of a Firebox when I upgrade the boxes with new software, so they run sometimes two or three months without a reboot.

What do I think about the scalability of the solution?

It is scalable to many environments. With all our locations, we found this solution works.

For the moment, we have around 80 users total at all our locations. The traffic at our headquarters per day is 300 gigabytes.

Our number of Fireboxes has been constant over the last few years, as we don't have new locations. We are a sports organization, so we are not expanding.

How are customer service and technical support?

WatchGuard's support is very good. Over the years, there have been only one or two tickets that were not solved.

When you start as a new customer, you should start with a bit of support from your dealer so you have some training on the boxes and how to manage them.

Which solution did I use previously and why did I switch?

Before using WatchGuard, we had a Linux server with iptables. We switched to Firebox because it is much easier to administrate. It has real boxes with a graphical interface, instead of command line administration.

How was the initial setup?

It is relatively easy to set up a new box. In my experience, you have a basic rule set. When you start with a new box, you can quickly make it work, but you always need to specify the services that you need on the boxes. You need some time to create the right policies and services on the box. This is the process for all Fireboxes that you buy.

When you have a small branch office with a small number of policies, you can make them active in production in one or two hours. With complex requirements at your headquarters where you have several networks with servers, web servers, and mail servers which can be accessed from the outside, the configuration will need more time because the number of policies is much higher.

What about the implementation team?

The implenetation was done by the vendor. For us the solution was ok. At this point my knowledge about firewall was not on the level I have today.

What was our ROI?

It saves me three or four a month worth of time because it stops malware. I don't need spend time removing malware from the client.

What's my experience with pricing, setup cost, and licensing?

I think the larger firewall packages are much better because a normal firewall is not enough for these times. You need IPS, APT, and all the security features of a firewall that you can buy.

Which other solutions did I evaluate?

We evaluated some other solutions.

What other advice do I have?

Administration of Fireboxes is only a small part of my job. I have been the network administrator since 1997. While the solution does make less work, I still need a little time to monitor all solutions. 

I would rate this solution as a nine (out of 10).

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Scott Morin - PeerSpot reviewer
Owner / CEO at Midwest Technology Specialists LLC.
Consultant
Top 10
Enables us to drop a lot of traffic and reduce a lot of load on otherwise poorly performing Internet connection
Pros and Cons
  • "As a whole, it has a very low requirement for ongoing interaction. It's very self-sufficient. If properly patched, it has very high reliability. The total cost of ownership once deployed is very low."
  • "The data loss protection works well, but it could be easier to configure. The complexity of data loss protection makes it a more difficult feature to fully leverage. Better integration with third-party, two-factor authentication would be advantageous."

What is our primary use case?

Our primary use cases are for the firewall and for limited routing for small to medium-sized businesses. 

How has it helped my organization?

I had a client that was saturated with RDP, remote desktop attempts, while using a standard low, consumer-grade firewall. Putting in WatchGuard allowed me to drop a lot of that traffic and reduce a lot of load on their otherwise poorly performing Internet connection.

Reporting PCI and HIPAA compliance reporting, firmware updates, cloud-based firmware updates all make for visibility within the client site much easier. I can provide comprehensive reporting on user activity and user behavior which goes along with user productivity. It has excellent mobile SSL VPN capabilities that have allowed for very rapid deployment of remote workers during our current situation.

As a whole, it has a very low requirement for ongoing interaction. It's very self-sufficient. If properly patched, it has very high reliability. The total cost of ownership once deployed is very low.

It absolutely saves us time. All firewalls can be deployed with a very basic configuration in a reasonable amount of time. The uniform way in which WatchGuard can be managed allows for the deployment of much more comprehensive configurations more quickly. When it comes to troubleshooting and identifying any kind of communication issue, they use a hierarchal policy layout. It allows you to manipulate the order of precedence, simplifying troubleshooting by tenfold. Compared to a competitor, I spend less than 10% of the amount of time on WatchGuard that a similar task would take on a Meraki, a FortiGate, or a SonicWall.

What is most valuable?

The most valuable features are: 

  • The unified threat management bundle
  • Advanced threat detection and response
  • APT Blocker
  • Zero-day threat detection.

With most Internet traffic being encrypted, it is much more difficult for firewalls to detect threats. Some of the advanced features, such as the APT Blocker and the advanced threat protection, use advanced logistics to look for behavioral, nonpattern related threats. And the threat detection and response has the capability of working with the endpoints to do a correlated threat detection.

For most people, they don't think about one workstation having a denied access, but when multiple workstations throughout a network have requests that are denied in a short period of time, one of the only ways you can detect that something nefarious is going on is through a correlated threat detection. And WatchGuard has that capability that integrates at the endpoint level and the firewall together, giving it a much better picture of what's going on in the network.

It is the single easiest firewall to troubleshoot I have ever worked with. It deploys very rapidly in the event that a catastrophic failure requires the box to be replaced. The replacement box can be put in place in a matter of minutes. Every single Firebox, regardless of its size and capability, can run the exact same management OS. Unlike some of the competitors where you have dissimilar behavior and features in the management interface, WatchGuard's uniform across the board from its smallest appliance to its very largest, making it very, very simple to troubleshoot, recover, or transition a customer to a larger appliance.

It absolutely provides us with layered security. It has one of the most robust unified threat bundles available with Gateway AntiVirus, APT Blocker. It does DNS control. It does webpage reputation enabled defense. It effectively screens out a lot of the threats before the user ever has an attempt to get to them.

Externally it does a very good job of identifying the most common threat vectors, as well as different transported links, attachments, and things of that nature because of the endpoint integration. It helps protect from internal and external threats, along with payload type, and zero-day threats.

The cloud visibility feature has improved our ability to detect and react to threats or other issues in our network. It has improved firmware upgrades and maintenance reporting as well as investigating and detecting problems or potential threats.

It has reduced my labor cost to monthly manage a firewall by 60%.

What needs improvement?

The data loss protection works well, but it could be easier to configure. The complexity of data loss protection makes it a more difficult feature to fully leverage. Better integration with third-party, two-factor authentication would be advantageous.

For how long have I used the solution?

I have been using WatchGuard Firebox for fifteen years. 

We mostly use the T series: T30s, T70s, some M3, and 400 series.

What do I think about the stability of the solution?

It is the most stable firewall I work with. The incidence of failure is very low, maybe once every two years.

What do I think about the scalability of the solution?

It's very scalable. Because it has the unified configuration interface and the unified tools, or the common tools that are used from the smallest to the lowest, a ton of time and configuration, and thereby money, is saved during an upgrade, for example. The time to take an upgrade to a new appliance is a fraction of the time it would be with a competitor because of the direct portability of the configuration from the prior firewall.

We have one engineer and one part-time technician to maintain approximately 75 WatchGuards for limited, physical installations and onsite. It is very reasonable for one or two engineers to manage 200 to 300 WatchGuards. It's very reasonable.

We have just a single location in which we do use the T70 box and WatchGuard is in place at 95% of our clientele. We do not replace viable commercial-grade solutions until such time that they are ending their licensing or whatever. We do not replace FortiGates or SonicWalls while they're still viable. However, when the opportunity to replace one arises, it is our first suggestion to the client.

How are customer service and technical support?

I do not or have not had to use technical support very often, but I find it to be excellent. They're very responsive and very knowledgeable. I get engineers from a similar time zone. They're very skilled engineers and very invested in end-user satisfaction. Even though they are 100% channel-driven, they take end-users satisfaction very seriously.

Which solution did I use previously and why did I switch?

The complexity of configuring a Sonic Wall, for example, is much, much greater than that of a WatchGuard. Identical tasks can be completed in a WatchGuard in a fraction of the time as a SonicWall. When comparing similar models, the performance of Meraki is far inferior to the WatchGuard. Its capabilities are inferior to WatchGuard. It's a simple cloud interface. Meraki's simple cloud interface is probably more appropriate for a less experienced engineer. FortiGate lacks some advanced features that WatchGuard has, but my predominant issue with FortiGate is that when all the unified threat management utilities are enabled, performance on FortiGate is inferior. Although it has capabilities, when fully enabled it does not perform as well as WatchGuard.

How was the initial setup?

The initial setup is very straightforward. I'm able to deploy a standard template after activating the device. The activation is very simple and takes just a few minutes. Then a base configuration can be applied once the firmware has been updated and a box can be prepared for initial deployment within 7 to 10 minutes after it boots. 

It took 45 minutes to set up.

In terms of the implementation strategy, I have an implementation baseline of minimum acceptable settings and then it is adjusted based on client needs.

We deploy it to distributed locations in one of two ways. The device can be drop-shipped to the user or the endpoint and a cloud configuration deployment can be pushed to the box. My preferred method is to receive the box, perform a firmware update and a base configuration, and then ship the box.

I would recommend working with a partner for an expert-level deployment. It greatly reduces the time to deploy it. An experienced engineer can then deploy the product very rapidly and can often provide instruction on how best to maintain the product. But otherwise, the deployment is very straightforward.

What was our ROI?

They are very low maintenance, they have a very high rate of my end-user satisfaction. I'm able to provide excellent levels of service to my end-users and my customers. I would say that they have a very high value and a good return on the investment.

What's my experience with pricing, setup cost, and licensing?

Generally speaking, I find the three years of live and total security to be the best option. By going with their total security, you do get the endpoint protection component of the threat detection and response. Typically the trade-in options, depending on your prior firewall, are options that they should request or pursue when dealing with their provider. Those programs are usually available, but they're not always offered by a provider unless you ask.

What other advice do I have?

I would rate WatchGuard Firebox a ten out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Director of Information Technology at a retailer with 201-500 employees
Real User
Allows me to schedule rebooting of the wireless accent points on a regular basis, making it set-and-forget
Pros and Cons
  • "Among the most valuable features is the ease of use — love the interface — of both the web interface and of the WatchGuard System Manager."
  • "If they could make the traffic monitoring easier that would be great. I don't use it that frequently, but I would like to see some improvements in the ease of use of that component, so it makes more sense. I know it's a technical component so there's going to be some difficulty trying to make that easier."

What is our primary use case?

We have multiple sites. We're in the wine business. Our corporate office is where we have accounting and marketing. Our executives are based there as is IT, HR, and payroll. That's where we have the big M200. We have five wineries that we support. Each of the wineries has a WatchGuard on it and we connect them with the business office VPN. 

We share files across our VPN and we also authenticate our users. Not all of our sites have file servers so we use the business office VPN to get them authenticated onto their machines. We also use that to go out and work on their machines if they have problems or we send files out to them and install software remotely, etc.

We also have 11 tasting rooms where we sell our wine, and each of those has a smaller WatchGuard in it. We support the computers that they use in the back office of the tasting rooms. We also support their iPads and the machines that they use to print off orders and FedEx labels and to do inventory stuff. 

We have two hospitality sites where we will take our distributors to talk to them and educate them about the wine industry and what we're doing in the industry. We provide them with internet while they're there. Some of our people will go to these sites to do retreats and planning. We have WatchGuards there to support them so they can get back to the files they need and get authenticated.

We're using a whole variety of models. We've got a couple of M200s, multiple 30s and multiple 15s. We also have about 15 of the AP120s.

How has it helped my organization?

The solution simplifies traffic management. It has features that let me automatically reboot the wireless access points on a weekly basis. For us, that has been really beneficial. Prior to that we had a range of different wireless access points and there was no way to have them all reboot. So people would just have bad experiences using them and we'd have to go in manually and reboot them. Once we started using the WatchGuard wireless access points, we just scheduled them to reboot automatically. 

Both the throughput and the fact that they support the two different radio frequencies have been great for us. It has paid for itself because we don't have to deal with them anymore. They're a set-it-and-forget-it type of deal.

The solution has saved me time, but it would be hard to come up with a specific amount of time. The bottom line is that I just don't have to deal with it.

What is most valuable?

  • Among the most valuable features is the ease of use — love the interface — of both the web interface and of the WatchGuard System Manager.
  • It's a stable platform. The devices are pretty rock-solid.
  • Education: They do host regular webinars where I can go in and learn more about the product and new features.

Also, the throughput is good value for the money. Our corporate office is basically shut down [due to COVID-19]. We've got 100 people who have been working from home over the last month and we're using the SSL VPN connection to get in, get authenticated, to get to our files, update passwords, etc. The throughput has been good for that.

I'm impressed with the solution's reporting and management features.

What needs improvement?

If they could make the traffic monitoring easier that would be great. I don't use it that frequently, but I would like to see some improvements in the ease of use of that component, so it makes more sense. I know it's a technical component so there's going to be some difficulty trying to make that easier.

Also, if they could provide more examples in their documentation, that would help. Sometimes they will say, "Hey, go in and set this up," and it would be so much easier to do it if they put in a couple of examples and showed me. Imagine instructions on how to change a tire and the steps you go through. Give me some pictures or some examples of how you change the tire. Where do you put the jack so it doesn't tear up the fender on your car? I'm a person who loves looking at examples cause I can look at things and see how they applied them and then learn from them.

Even if they put in some snapshots and said, "Here's how this should look after you put this information in," that would help. It would be confirmation that this is accurate and this is going to work. 

Finally, when we did the split tunneling, as it turned out, that was an all-or-nothing, global setting. As soon as I did that it impacted everybody. What I was hoping to do was to set that up so that I could do a pilot group and, once it was working, I could turn it on for everybody. We needed to get it going and it was all-or-nothing. We did that on a weekend and it ate up my weekend time.

For how long have I used the solution?

In my current position, I have been using WatchGuard Firebox since 2016. Prior to that, I was at another place and I used a WatchGuard for about 12 years.

What do I think about the scalability of the solution?

The scalability is fine but we're not experiencing a whole lot of people using it. Our Seattle office is probably the one where it is used the most and the M200 is fine. Our corporate office has close to 70 or 80 people. And we're spread out nationwide, with people getting back into the corporate office to get files. We have our wineries where there are another 40 people or so. Some of them are smaller and would have 12 or 15 people. And the tasting rooms are typically three people.

We opened up two new tasting rooms in the last year and we've got two more that are going to be opening up and, in my requirements, I always put in WatchGuard.

How are customer service and technical support?

For everything that I've dealt with, their technical support has been really great about helping out and helping me fix things. I just worked two weeks on a project to split our VPN tunnels out and the WatchGuard technical support guys helped me with that a couple of times.

Which solution did I use previously and why did I switch?

WatchGuard was already installed here when I came onboard and that was one of the reasons I got hired. I'd had experience with WatchGuard before and I knew about the product and I could support it. They brought me in for that. And now, over the last four years, I've gone through and upgraded the hardware. The hardware was older hardware, it was out of date, so I went through an upgrade and got it back on a maintenance plan.

In working with our WatchGuard vendor, they're the ones who emphasized that we should be getting off of Remote Desktop Protocol from Microsoft because it was being hacked so badly. They're the ones who said that WatchGuard has this SSL VPN and it's free, so they just configured it and away we went.

How was the initial setup?

For me, the setup is straightforward. Part of that is that I've just done it so frequently. On average, deployment of these devices takes me about 15 or 20 minutes. I know what I've done on other machines, so I just do the same thing again on new ones.

For deploying them to distributed locations, we order from our vendor. When it arrives I get it authorized on our account, go in and set up some basics, and set it up so I can get to it remotely. Then I ship it off. I've got some hands-on people, operations people, at the winery who will take it and start to plug it when they get it.

For maintenance of the solution there are three of us on the IT team.

What was our ROI?

The fact that they're reliable pieces of equipment is part of the ROI. I know when I go back into it, it's not like it's going to drop how it's been programmed. 

It also has a great function for my needs because I work remotely to many other places in Idaho, Eastern Washington, New Mexico, etc. I know I can get into that box remotely and it's going to have the configuration that I set up.

What's my experience with pricing, setup cost, and licensing?

I'd love it to be cheaper, but as long as long as they're being fair with me, it's a good value.

Which other solutions did I evaluate?

I've never had a need to evaluate other options.

What other advice do I have?

Take a good hard look at it. The interface is pretty easy to work with. The devices are consistently good. It has a lot of features and the boxes are hard-working. They just work.

I recommend WatchGuard to people when I'm at industry trade shows when anybody asks me. I think it does provide me with layered security, but I don't spend a lot of time looking into that. It's just part of my total solution package. The value that I get out of it is consistent management. It's a good product. Whatever kind of additional security they provide to me is just a bonus.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
VP at a healthcare company with 1,001-5,000 employees
Real User
NAT-ing allows us to direct and control the traffic
Pros and Cons
  • "The most valuable feature is the NAT-ing, the IP addresses... We can direct the traffic where it needs to go. We can control the traffic."
  • "I would like to see more tutorials on setting up the Firebox."

What is our primary use case?

It's our firewall for the internet.

What is most valuable?

The most valuable feature is the NAT-ing, the IP addresses. What the firewall does is that it NATs through the IP addresses for different servers. We can direct the traffic where it needs to go. We can control the traffic.

It's fairly easy to use. I don't think we have any trouble with it.

We've also never had any trouble with the throughput or performance. We've just recently upgraded the internet and we're getting our router upgraded. Once we get that in place, we'll see how the Firebox responds. To date, we've never had any problems.

It also provides us with layered security.

What needs improvement?

I would like to see more tutorials on setting up the Firebox.

For how long have I used the solution?

I've been Using WatchGuard for well over 10 years.

What do I think about the stability of the solution?

The stability has been fine. We've had no issues with its stability.

What do I think about the scalability of the solution?

We haven't scaled it.

There are about 40 users, anywhere from plant production to purchasing to the president, and accounting. They all go through the firebox to get to the internet of course. It's used by all management in the organization, for sure.

We don't have any plans to increase usage of the solution.

There is just one person who handles the deployment and maintenance of the solution. He's a programmer.

Which solution did I use previously and why did I switch?

We didn't have a previous solution. It's always been a Firebox.

How was the initial setup?

I don't believe we had any trouble with the initial setup. 

What was our ROI?

My gut feeling is that we have seen ROI. It keeps us secure and it allows us to get out to the internet. As opposed to having no protection, it has provided ROI.

What's my experience with pricing, setup cost, and licensing?

I've had no problems with the licensing.

What other advice do I have?

It works for us.

In terms of simplifying any aspects of my job, there's nothing I can specifically say because I've used WatchGuard for so long that I don't have anything to compare it against.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Admin at a manufacturing company with 51-200 employees
Real User
Intuitive to configure and provides us with layered security
Pros and Cons
  • "It also provides us with layered security. It has onboard virus scanning features that allow it to scan before something gets to the host. It will also stop a person from going to a site that is known to be bad."
  • "There is room for improvement on the education side, regarding what does what, rather than just throwing it at a person and assuming they know everything about it. A lot of times, you have to call WatchGuard support to get the solution that will work, rather than their just having it published so that you can fix the problem on your own."

What is our primary use case?

It's our external firewall and VPN solution.

How has it helped my organization?

  • It allows us to access the outside world.
  • It keeps us safe from external threats coming in.
  • It allows us to have remote access.

What is most valuable?

The fact that it just works is one of the most valuable features.

It's fairly intuitive when trying to figure out how to try to get things configured the way you need them. It either works or it doesn't, which means if you have a failure you have a chance to get things fixed.

In addition, I have not noticed any throughput issues at all. The device we have will actually operate at faster technologies than we have available to us.

Management of the solution is great and it also provides us with layered security. It has onboard virus scanning features that allow it to scan before something gets to the host. It will also stop a person from going to a site that is known to be bad.

What needs improvement?

There is room for improvement on the education side, regarding what does what, rather than just throwing it at a person and assuming they know everything about it. A lot of times, you have to call WatchGuard support to get the solution that will work, rather than their just having it published so that you can fix the problem on your own.

For how long have I used the solution?

We've been with WatchGuard now for about six years. We've got their XTM firewall.

How are customer service and technical support?

Their support is awesome. I get a solution to my problem within 24 hours, and if they don't have a solution within 24 hours, they usually have a higher-tier tech working with me until the problem is solved.

How was the initial setup?

The setup was fairly straight forward. We were actually dealing with a failure situation when we received the product. So we had WatchGuard support on the lines from the get-go, helping us get started so that we could get the information. It's something that we would not have been able to do had they not helped.

The main firewall was deployed within a day. The satellites were deployed within a week.

We have two home offices that they're distributed to. Typically, I get the device in, I provision it with the workflows and the exceptions they need, and then they plug it.

What other advice do I have?

I can't say whether Firebox has saved me time. It's a firewall and it does its job. So whether it be WatchGuard, SonicWall, or anybody else, if it does its job and I don't have to look at it, I'm happy. I haven't really looked at a lot of the reporting features. I mainly go in there, figure out where people are having troubles, and fix their problems. 

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Principal at a consumer goods company with 1-10 employees
Real User
We set it up and it's been running since then without issues and with good throughput
Pros and Cons
  • "The main reason we went with it was the security protocols. They were more robust on this device."

    What is our primary use case?

    We just use it as a secondary WiFi device. We're a small office and we needed to set up a WiFi device for a few of our employees.

    How has it helped my organization?

    The way it saves me time is that there is no maintenance. Once we set it up, there's nothing else for us to do on a regular basis. It might be saving me about an hour a month.

    What is most valuable?

    • It has a good signal.
    • We haven't had any security issues.
    • The usability has been good. We haven't had any problems with it.
    • The performance has been good. We haven't had any issues with the performance.

    For how long have I used the solution?

    We have been using WatchGuard Firebox for about two years.

    What do I think about the stability of the solution?

    We haven't had any issues with it. We set it up and it's been running since we set it up.

    What do I think about the scalability of the solution?

    We don't have any plans to increase usage. It just services our one office, with eight users.

    How are customer service and technical support?

    We have not had to use their technical support.

    Which solution did I use previously and why did I switch?

    We did not have a wireless solution before Firebox. The main reason we went with it was the security protocols. They were more robust on this device.

    How was the initial setup?

    The setup was easy enough. It was more or less plug-and-play. There weren't a lot of settings that we had to run through. The setup wasn't that complicated. It took about two hours and there was just one person involved.

    What was our ROI?

    The addition of the WiFi saves us from usage of our data plan. We have had some cost savings there.

    What's my experience with pricing, setup cost, and licensing?

    The pricing was in line with everyone else; maybe slightly higher. That's why it's not a 10 out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Jason Markle - PeerSpot reviewer
    IT Director at a healthcare company with 1-10 employees
    Real User
    I don't have to worry about malicious attacks or vulnerabilities in our facility
    Pros and Cons
    • "The policy monitoring and allowing different traffic flows are the most useful features for us; regulating which traffic comes in and out."
    • "I'm not really impressed with the reporting side of it. It may be something I just haven't figured out very well, but it's hard to filter down on reporting of the actual valuable information that you would want. There is a lot of information out there so you have to have some kind of tool capture it and then filter through. So far, I haven't found the reporting side of the WatchGuard to be that user-friendly."

    What is our primary use case?

    We're a hospital and we use it for developing our incoming and outgoing policies, and we also use it for VPN.

    How has it helped my organization?

    It helps keep unwanted traffic from coming in, or traffic from going out that we don't want to see out there. If we have unwanted traffic coming in, traffic that we don't need as a facility, then we would be opening ourselves up to security problems and vulnerabilities. It helps because malicious attacks coming in are things I don't have to worry about. So far the WatchGuard has done a good job at blocking all that.

    In terms of simplifying my job, the simplest device is one that you can put in place and not have to worry about it. That's the WatchGuard. It's there, it's working. I don't have problems with it so it's "out of sight, out of mind."

    It also saves me time, by doing what it's supposed to do. I don't have to mitigate problems that it allowed through. I couldn't tell you how much time it has saved me. It really would depend on what kind of problems I might experience.

    What is most valuable?

    The policy monitoring and allowing different traffic flows are the most useful features for us; regulating which traffic comes in and out.

    In terms of the throughput and performance, we don't have a problem or any bottleneck there. We downgraded the size of our appliance because we're a small facility, and what we had before was actually too big. The one we are now going with seems to be doing a great job.

    The management feature is pretty nice.

    What needs improvement?

    I'm not really impressed with the reporting side of it. It may be something I just haven't figured out very well, but it's hard to filter down on reporting of the actual valuable information that you would want. There is a lot of information out there so you have to have some kind of tool capture it and then filter through it. So far, I haven't found the reporting side of the WatchGuard to be that user-friendly. I would definitely like to see better reporting tools from WatchGuard. That would be a very high priority for me.

    Also, setting up the site-to-site VPN is pretty easy with the WatchGuard, but the client VPN setup is not very friendly. If you have a client-to-device VPN that you need to set up for a mobile user there are different protocols that they will accept but none of them are a plug-and-play type of option.

    For how long have I used the solution?

    The organization has had WatchGuard, different versions, for 12 years. I've used WatchGuard, myself, for about seven years. We got the Firebox approximately three years ago.

    What do I think about the stability of the solution?

    The stability is great. I've not had any problems. In three years, we've had to restart the device maybe twice. We've had to restart it more than to clear out any cache, because you don't want anything building up in cache memory. But we've only had two problems where we needed to restart the device. And it actually restarts really fast. It doesn't have much downtime at all.

    What do I think about the scalability of the solution?

    It's used extensively. This is the only firewall we have in the facility, between the hospital, nursing home, and home health. It handles all the traffic that comes from all three campuses here. I don't see us expanding enough to worry about getting another device. This one seems to be doing exactly what it needs to do.

    How are customer service and technical support?

    I've only had to use their technical support twice in quite a few years, so it would be hard for me to rate. But they were responsive when I did have a problem. I haven't had any problems with support at all.

    Which solution did I use previously and why did I switch?

    I moved here in 2013 and the company was using the WatchGuard at that point.

    How was the initial setup?

    With this newest device, the initial setup was pretty straightforward. We were able to copy the configuration from the old device. That's a good thing about it: the configuration file is able to transfer from an old device to a newer device and just continue going. It takes a long time to build up different traffic policies, and to make exceptions for different websites. If you had to do that every time you got a new device, that would be a problem. Luckily, with this, you're able to save your configuration file and transfer it to the new device.

    The deployment of this new device took 30 minutes, at most. There are only three people in our IT department, but the deployment only required me to be involved. The other two guys are network technicians. All three of us can go in and modify policies or do whatever we need to do, but it generally doesn't take much maintenance.

    I got on the phone with WatchGuard to make sure that everything would transfer over and they assured me that it would. And as far as the switching over to the new device goes, most of the planning required was just letting users know that the internet was going to go down for just a little while. We planned it for a period of slow usage here at the hospital where we could bring it all down, copy the config file, move it to the new device, put it in place, and swap the connections over. It came right up. We had to import the new key and got it activated. But other than that, everything worked.

    What was our ROI?

    ROI on this type of solution is a hard number to quantify. We've not had a problem so that in itself is a return on investment. If you don't have an issue how do you calculate what your return of investment would be? How do you quantify the peace of mind? But we've not had to spend a lot of time troubleshooting.

    What's my experience with pricing, setup cost, and licensing?

    The pricing of WatchGuard is probably a little higher than the SonicWall, but it makes up for it in dependability. It's worth it to me, especially since it's not much higher. For just a little bit higher price you get the dependability of the firewall with the WatchGuard brand. 

    And with this appliance you also get a certain number of VPN tunnels. With this one, it's something like 500, not that we would even use that many. Whereas with SonicWall, at the time we were using it, it came with 10 and then anything over that had to be purchased.

    Money-wise, it's a one-and-done with the WatchGuard. With SonicWall, there were a few things that you had to pay extra for to get. 

    The subscription services with the WatchGuard are pretty nice.

    Which other solutions did I evaluate?

    I used the SonicWall at another hospital in southwest Arkansas. 

    WatchGuard has come quite a way, as far as the Fireware Web UI goes. The GUI application has become better, making it easier to navigate through setting up policies and setting up VPN tunnels, etc. SonicWall had been there quite a while longer than WatchGuard, in terms of being user-friendly. But I can't complain about the WatchGuard now. When I first moved here, it was very cumbersome to navigate through, but with the Web UI it's really improved.

    They do have a client that you can connect to the WatchGuard if you want to use that client. It's still kind of clunky for navigating and I very seldom use it anymore. They call it the WatchGuard System Manager. It's not quite as friendly as the Web UI. It's usable, it's just not really friendly. But the Web UI is very well done.

    What other advice do I have?

    My advice would be go for it. We've not had any problem with it. We've been very pleased, especially with the newer WatchGuard we've put in place. It's very responsive. It works great. It may have a little bit of a curve on learning it, but once you learn it, it's hard to say you'd want to go back to something else.

    It took me a little bit to get used to WatchGuard. I was familiar with SonicWall before I moved into this role. But now that I've used it for almost seven years, I've gotten to know it pretty well and it works great. Once you get used to what I would call the idiosyncrasies of WatchGuard, as opposed to the SonicWall, it's pretty easy to configure. Using the WatchGuard web UI also makes it a lot easier to configure.

    It provides us with somewhat layered security. It is the firewall between us and the outside world. With our subscription we do have the Gateway AV, so it does watch for things of that nature. We have certain policies in place that help with the layered part of it. But it's just one of many layers. We have other things in place to help, but it's definitely something I wouldn't want to do without.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Network Engineer at Vanderburgh Police Department
    Real User
    Ease of configuration means setup can be done quickly
    Pros and Cons
    • "It provides us with Layer 2 and Layer 3 security."
    • "There are a couple of things I wished that it would do, but I can't think of those off the top of my head."

    What is our primary use case?

    It's our perimeter firewall.

    How has it helped my organization?

    We used to have Cisco and Cisco was pretty cumbersome. I actually still use Cisco, but I like WatchGuard for the features it has.

    It provides us with Layer 2 and Layer 3 security.

    If it didn't work we wouldn't be able to get to the internet and that would be a terrible thing.

    What is most valuable?

    All of its features are valuable, although we don't use the antivirus. We do use the web filter.

    It's also the ease of configuration that I like. In terms of usability, it just works. And the throughput is 100 Mbps. It's fine.

    What needs improvement?

    There are a couple of things I wished that it would do, but I can't think of those off the top of my head.

    For how long have I used the solution?

    I have been using WatchGuard Firebox for about 15 years.

    What do I think about the stability of the solution?

    It works and just keeps on working.

    What do I think about the scalability of the solution?

    The scalability is fine.

    How are customer service and technical support?

    Their technical support is good. Honestly, I haven't had to call them in five or six years.

    Which solution did I use previously and why did I switch?

    We used Cisco previously. Cisco didn't have the features that I needed, like the proxies. A Cisco box would probably do that now, but back then they wouldn't. So we switched to WatchGuard.

    How was the initial setup?

    The initial setup is straightforward. You just read the manual and follow the directions. It didn't take very long to set up. It was about an hour to have it configured and set up.

    I have deployed Firebox to distributed locations. You just plug in the numbers, the IP addresses. That's all you do. It's pretty simple.

    What was our ROI?

    We have seen return on our investment. It just works. I may have to reboot it once every two or three years.

    What's my experience with pricing, setup cost, and licensing?

    The pricing of WatchGuard was pretty comparable to Cisco, but I actually haven't looked at a new Cisco box in quite some time, so I can't say how they compare now.

    What other advice do I have?

    I would advise that you go with whatever you're more comfortable with. If you're more comfortable with Cisco, then go with Cisco.

    Firebox doesn't really save us time because whether you're going to configure a Cisco or you're going to configure a WatchGuard, you still have to configure something, no matter what it is. It is a little easier to configure WatchGuard though.

    It takes just one person in our organization to deploy and support it, and that's me. Overall, our environment has about 300 users.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Kelly Carlisle - PeerSpot reviewer
    Manager IT at a hospitality company with 501-1,000 employees
    Real User
    Automated reports, generated regularly, enable me to see metrics showing what the box is doing
    Pros and Cons
    • "WatchGuard has a very easy VPN and branch office VPN setup, so we use those pretty extensively."
    • "Regarding the reporting, I was in the Dimension server earlier today. It's very powerful. I like it. And the management features are easy to use. I like the fact that I can open up the System Manager client or I can just do it through the web if I'm making a quick change."
    • "Once you start getting into proxy actions and setting up: "Okay, cool. Once this rule gets triggered, what actions have to happen?" I do know a few people who use WatchGuard and they still have to get assistance when they look at that. So I would file that as a con for WatchGuard. Proxy actions can be a little bit complicated."

    What is our primary use case?

    WatchGuard Firebox is our edge firewall.

    Currently, we are using the M470 and we have used many models in the past.

    How has it helped my organization?

    The solution provides our business with layered security. An example would be the intrusion protection on anything that is internet-facing. We host our own mail server and I regularly see that WatchGuard has swatted away attempts to get in from bad actors. I have to have that open because people have to connect on their cell phones. Obviously they have to send and receive mail. So I sleep a lot better knowing that something is watching the few things that I do need to present to the internet. I feel much better having something protecting and monitoring all traffic that passes through.

    We have an interesting environment. There is actually a completely separate computer domain, an entirely separate network that belongs to a regulatory body. We work at a casino and our gaming commission has to be able to get into some of our systems and monitor some of our activities. Obviously we don't want them to just plug directly into our network, so we have created a DMZ where they can come into our network via the WatchGuard. That way, I get to see all of their activity as well and monitor what they can get to. We give them access to what they need and nothing more.

    The solution also simplifies aspects of my job by having automated reports generated weekly, for review. I like the fact that they get delivered and I get to see the actual metrics of what the box is doing. The reporting features reassure me that it is working.

    In terms of saving time, I have used Cisco firewalls in the past and I would say that it is easier to construct policies with WatchGuard than it is in Cisco, particularly Cisco's ASDM (Adaptive Security Device Manager). It probably takes about half the time with WatchGuard. Usually we're just modifying something, adding or removing somebody from a web blocker category. It's very easy to maintain.

    As a casino, we have one site and that's it. There are no mobile workers. We usually don't have any remote access and we don't need collaboration tools because we all work in the same building. But now that we're trying to get some people to not come in [due to the Corona virus situation] and we're running on a skeleton crew, we are able to maintain productivity by leveraging the native VPN clients and access provided by WatchGuard. We didn't have to buy anything. We had all the infrastructure ready to go and then I slapped a policy together last Tuesday and we've been using it ever since. It was very easy.

    What is most valuable?

    • One of the most valuable features is the Gateway AntiVirus. We scan all traffic as it's coming through.
    • We also use spamBlocker to scrub spam.
    • We use content filtering, which is critical in any corporate environment to make sure that people don't surf things they're not supposed to.
    • WatchGuard has a very easy VPN and branch office VPN setup, so we use those pretty extensively too.

    It's very easy to use.

    And our internet bandwidth does not exceed its throughput, so it is probably still a little overbuilt. It's definitely not a bottleneck. There is no problem with throughput.

    In terms of performance, WatchGuard has always worked well for us. We've gone through about six different models in the last nine years, not all at our primary site. We had a couple of satellite offices that were using smaller models. They have all worked very well. There was only one time that we had a performance issue and it turned out that it was due to a hardware replacement being required, and that was handled expeditiously.

    Regarding the reporting, I was in the Dimension server earlier today. It's very powerful. I like it. And the management features are easy to use. I like the fact that I can open up the System Manager client or I can just do it through the web if I'm making a quick change.

    What needs improvement?

    WatchGuard could be a little more robust in reporting. I get requests a lot to figure out people's internet traffic. We want to know what people are doing when they are on the internet. There is still a little bit of fine-tuning that can be done to that process.

    For how long have I used the solution?

    I took over the admin role here back in 2011, so I've been using it for close to 10 years.

    What do I think about the stability of the solution?

    It's very solid. We don't reboot it very often and we don't seem to need to.

    What do I think about the scalability of the solution?

    We went from a single appliance to a high-availability cluster, just last year. Managing the cluster is just as easy as it was to manage one unit.

    It is doing everything we've asked of it so far, but we do plan on increasing usage. There are a few features that came out last year or maybe a little bit before that, features that we want to start using, such as WatchGuard's DNS. That will make sure that we're not asking for any bad players. At the moment we're still using Google DNS. And we haven't rolled out the endpoint security that came with it, but we are going to start using that as well.

    How are customer service and technical support?

    I've never had to use their technical support. I've only used their online help. I've been able to find everything I need in the forums and the Knowledge Base.

    How was the initial setup?

    The initial setup is straightforward. The wizards walk you through it, and I have found an answer to anything that I've ever had a question about in the Knowledge Base online. I don't think I've ever had to call for support personally. The documentation is awesome.

    As for setup time, I usually have traffic passing through it within an hour or two. 

    I know what traffic I want to allow out and I always start with just the stuff that I need to. I always start with the most restrictive, as far as policies go. The first thing I do is get rid of all the Any-Any rules and then I start locking it down. I love the way that it integrates with Active Directory. I base my internet usage and my web blocker policies on Active Directory security groups, and I can have all of that stuff set up ahead of time before I ever get ready to roll out the appliance itself.

    Back in the day, we used to have a warehouse. We used to have a uniform shop that was offsite and I was responsible for setting up the tunnels of those sites. We recently relocated some administrative offices for the tribe that owns the casino that I work for, and we decided when they were moving that we would upgrade the firewall that they had. We purchased a WatchGuard so that it would be manageable, because we were already familiar with it from using it at our site. We dropped it right into place and I had traffic passing through it within minutes. I was done with it, doing all the other rules, within a couple of hours. I was onsite for all of those. I've never preconfigured one and then sent it out into the wild.

    What about the implementation team?

    We use Variable Path, out of San Francisco. Our rep is Jason Chang. Our experience with them was very good. I would recommend them.

    What was our ROI?

    It's hard to measure ROI. But I've never had to go in front of upper management and tell them that we were breached. That is probably the conversation I would least like to have with them.

    Otherwise, regarding return on investment, having the infrastructure already here and having more capabilities than we're using right now allow me to react very quickly. As I said, I was able to get some people working from home last week. It literally took us a day from going from zero people with remote access to a core group of about 12 people having remote access.

    What's my experience with pricing, setup cost, and licensing?

    Getting a WatchGuard for the first three years pays for the hardware. I think it's cheaper to keep doing hardware upgrades at every software renewal, rather than just pay for maintenance to keep a piece of hardware going. I usually tell people that it's really affordable as well, particularly compared to Cisco.

    In addition to the standard cost, we usually get the Total Security Suite. We go top-shelf on all of the subscription services.

    Which other solutions did I evaluate?

    WatchGuard was brought in by one of my predecessors. I left this company for a little while and went to go work for a credit union, and that was a completely Cisco shop, so I got to experience both of them at different times.

    I don't think I've actually used anything other than the Cisco ASA. With the WatchGuard it's easier to create policies, that's for sure. I like the flexible stability of being able to leverage objects in Active Directory. I also like being able to not have to create all my policies using IP addresses, and that I can actually do web domain name lookups every time. That's very handy for large, distributed stuff where you have no idea where the actual source is going to be coming from. The cloud bounces traffic from all over nowadays. So crafting rules with fully qualified domain names, FQDN, is definitely something that I did not have in my Cisco ASA.

    The Cisco was a little less confusing and more straightforward. It didn't do all of the things that the WatchGuard does, so in that sense it was a little bit easier to understand. That is particularly true once you start getting into proxy actions and setting up: "Okay, cool. Once this rule gets triggered, what actions have to happen?" I do know a few people who use WatchGuard and they still have to get assistance when they look at that. So I would file that as a con for WatchGuard. Proxy actions can be a little bit complicated.

    What other advice do I have?

    Invest in some Professional Services. Although you can absolutely pull it out of the box and deploy it — and we've done that before — it's always good to have somebody that you can ask about best practices and run a few scenarios by them. We ended up purchasing four Professional Services from our local reseller. It was good. Although they didn't really provide any answers, they were there to say, "Oh no, you're doing the right thing." It was more reassurance than anything. But I would definitely recommend springing for some Professional Services. That will make the whole process go a lot easier.

    A small subset of my staff, maybe three or four people, is involved in deploying and maintaining the solution. They're all IT administrators.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    System Analyst at a transportation company
    Real User
    Makes it easy to block websites from getting in and to prevent users from going where they shouldn't
    Pros and Cons
    • "The set up of the VPN is pretty straightforward. Being able to build VPNs on the fly for certain users, if need be, is also valuable."
    • "The usability could be better, but it is definitely manageable. If we have to go to a backup internet connection, that could be a little bit easier."

    What is our primary use case?

    We use it to prevent any unnecessary stuff from getting into our network. It's for the usual security features. We do utilize the VPN and there are quite a few people on the VPN right now.

    How has it helped my organization?

    It gives our business layered security. Attack vectors it secures for us include denial of service attacks, people spoofing our network, as well as preventing malware from getting in — the typical attack vectors. We're satisfied with it overall.

    Also, there was a phishing scheme going around a while back. WatchGuard caught it and we were able to mitigate it. That was very good. It keeps us from not having to worry about our network being under attack. It keeps us secure.

    It saves us on the order of three hours a month. The solution just works.

    What is most valuable?

    • The set up of the VPN is pretty straightforward. Being able to build VPNs on the fly for certain users, if need be, is also valuable.
    • The traffic monitoring is very nice.
    • I also like the ease of blocking certain websites from getting in or users from getting to stuff they don't need to be at.

    We're satisfied with the performance, as well as its reporting and management features.

    What needs improvement?

    The usability could be better, but it is definitely manageable. If we have to go to a backup internet connection, that could be a little bit easier. Other than that, I really don't have any complaints about it.

    For how long have I used the solution?

    I've been using WatchGuard for three years. That's how long I have been with the company. The company has been using it upwards of 10 years, I believe.

    What do I think about the stability of the solution?

    It's very stable.

    What do I think about the scalability of the solution?

    It's scalable. We are probably going to be doing another area for some of the outer branches and the WatchGuards will be part of that. I can't say how soon it's going to happen, but there have been discussions about it.

    How are customer service and technical support?

    I have no complaints about WatchGuard's technical support. If you have a question, they answer it.

    Which solution did I use previously and why did I switch?

    As far as I know, WatchGuard is the only one that our company has used. We like the product enough. We're buying another appliance because our support ran out on one of our boxes. We're continuing to buy WatchGuard stuff because it does what we need it to do, it's priced reasonably well, and we like the support and usability.

    How was the initial setup?

    We have deployed this product to distributed locations. We have a couple of branch offices and we've set them up in all of our locations. We set it up, we configure it to our network settings, we put in all of the information we need, and we go from there. We usually take a configuration from an existing and apply it. It's straightforward. The documentation goes step-by-step on how to set it up. The last time I did one it took about an hour.

    In terms of maintenance of WatchGuard there are three people in our department. Whoever sees a problem or hears about an issue takes care of it. Two of us are system analysts and the third is our director of information technology.

    What was our ROI?

    It keeps our network secure and that's a good enough return for me.

    What's my experience with pricing, setup cost, and licensing?

    I feel that the pricing is fair for all of the security you get. That's one of the reasons we went with, and continue to go with, WatchGuard.

    What other advice do I have?

    Go ahead and implement it and don't think twice about it.

    We're not using the cloud visibility feature at this time. Maybe we will in the future.

    There are 75 users of our environment, in total. They range from mechanics to accountants to our COO and CEO. Everybody in the organization uses it.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Computer Programmer at Crestwood Inc
    Real User
    We are able to limit where users can go, what they can do, and what they can access
    Pros and Cons
    • "The solution has increased productivity with our outside salespeople being able to connect into their computers and use those remotely."
    • "The few issues that we have had, such as not knowing where to go, they have been answered quickly."

    What is our primary use case?

    We have a web server on the optional network. Then, on the trusted side, we just run all our computers out through the Internet. We don't do anything too elaborate with it.

    How has it helped my organization?

    We do have some technicians and some design center salespeople who call in. This is best usage that we get out of the solution.

    We don't host our website internally anymore. We used to host our website and it did help with that, getting everything set up. We have just recently removed that and gone to a third-party. But, that was something which was very useful, setting up our internal website and NATting IPs.

    The solution has increased productivity with our outside salespeople being able to connect into their computers and use those remotely.

    We are able to limit where users can go, what they can do, and what they can access, so they are not wasting time doing things that they shouldn't be doing. It does help to save time, e.g., limiting Facebook. 

    What is most valuable?

    We are able to segment our FTP website off on the optional, setting up the rules specifically. There are certain outside IPS coming into our computers where we have different machines out there setup where technicians can remote in, etc. Being able to set those up to specific IPS, not just allowing full access, is probably our main use for setup.

    The usability is good. I like it. I don't have any issues. Most everything that we have tried to set up for what we use it for is pretty straightforward and easy to use.

    For how long have I used the solution?

    We have probably had it for the last 10 years. I have been here the entire time.

    What do I think about the stability of the solution?

    The stability is very good. We haven't had any issues with ports or anything else. Everything has been very good as far as the stability and issues.

    The performance and throughput that the solution provides is good. We haven't had any issues as far as when we have connections and things going on. So, it's very good.

    What do I think about the scalability of the solution?

    The stability is good as far as our use. I feel like we do have room. We have extra ports on it. We can set them up if we need to, but we don't need to use them. However, I feel we have room to expand and grow, if needed.

    We have probably 75 users setup. Mostly, they are authenticating through to get out to the Internet. We do have some protections on it: virus stuff and different websites that users can and can't get to. We have groups setup for that. That is our main use from the inside with most of our users going out. Then, we have five or six users who remote into computers and other things.

    There are not necessarily plans on expanding anything at the moment. We are pretty much set where we are. Usage is not too heavy, as it's mostly users getting in and out with us restricting what they can get to.

    How are customer service and technical support?

    I have only had to call once or twice for anything in any of the time that we have had the solution. Most of the time, if I do have a question or something, I can hop onto the forum and there is an answer, then away we go. As far as my experience with the forum and just a few calls, it has been very good. We haven't had anything that has hung us up for a long time.

    Which solution did I use previously and why did I switch?

    WatchGuard was pretty much our first solution like this. We did not use anything else before it.

    How was the initial setup?

    The initial setup was straightforward. It walked through everything as far as the configuration. Everything that we needed was right there. So, I didn't have to search for anything. It was easy set up.

    We went from a different version to this version. Even from that to this version, it was probably up and running within an hour.

    What about the implementation team?

    I usually set it up.

    We didn't consult anyone. We didn't really have an implementation strategy per se. We just set it up (like the old one), then went through and looked at some of the new features and things we might want to use.

    I maintain it and and set up whatever needs to be set up. The other IT guys can come in and do stuff if I'm not here. Generally, it doesn't take too much time to get anything set up that we need.

    What was our ROI?

    It saves us a couple hours a week.

    What's my experience with pricing, setup cost, and licensing?

    We don't have any other costs other than the licensing stuff.

    Which other solutions did I evaluate?

    We did look around at a few different things. We just kind of settled on WatchGuard. It seemed to have the features that we needed, so we went in that direction.

    What other advice do I have?

    I'd give it a 10 (out of 10). I haven't had any issues. The few issues that we have had, such as not knowing where to go, they have been answered quickly. I am going to give it a 10 because of its easy to use. If we have a question, it's easy to get an answer. Also, it's very simple. For most of everything that we do, we have been able to do them pretty easily. We are very happy.

    If we were to ever look at something else, I would look for something that has ease of use, simplicity, and ease of setup. That is what I like about this. Everything is pretty straightforward and easy to find. The interface being easy to use and find has been very helpful.

    We don't use a lot of the logs. Generally, we don't need to. If we do need to go look at something or pull something up, the information is there in HostWatch or the logs. I have been happy with it.

    We're not using the cloud.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Network Administrator at a retailer
    Real User
    Provides us with more secure site-to-site VPN, remote access ACLs, and client-to-VPN
    Pros and Cons
    • "It's hard to pick one feature over another. But if I had to pick one, the UTM would be the most valuable because of the notification. I get notified via email if there is any type of threat detection or alert, telling me something is wrong."
    • "Websense is an application that monitors and filters internet traffic. Websense was derived from WatchGuard. But when you go to WatchGuard to actually implement that particular feature, you have to use some type of additional feature and you have to pay for it, unfortunately. I think it should be free or free in the WatchGuard box itself, as an option. It would be nice if they didn't charge us for that."

    What is our primary use case?

    We have four locations and at every one of them we use WatchGuard. We use them as firewalls and for UTM. They provide protection in terms of detection and prevention. And we also use them for site-to-site VPN, as well as for direct connect, VPN to AWS, and to AWS using VLAN tagging.

    How has it helped my organization?

    One of the main ways it has helped is that we use site-to-site VPN a lot, as well as remote access ACLs and client-to-VPN. Prior to WatchGuard, for example, we used to use Remote Desktop, which is not very secure, or RD Web, which is also not very secure. We installed the client VPN on everyone's remote computer and they can access our local area network. That is much better than using the other solutions. It's an improvement for the user and it's less risky for us. It gives us peace of mind that we're using the proper channels to access our network.

    What is most valuable?

    It's hard to pick one feature over another. But if I had to pick one, the UTM would be the most valuable because of the notification. I get notified via email if there is any type of threat detection or alert, telling me something is wrong.

    For me personally, because I'm Cisco-Certified, it was very easy to take this over. I think it's a lot easier to work with because it's a GUI and not a CLI. I cannot speak for other users or other administrators, but it's pretty simple.

    Based on our needs, the throughput is pretty solid. We haven't had any issues as far as the throughput is concerned. This particular box maxes out at 2 GBs and we only have 1 GB so we haven't had any latency.

    I manage it using the System Manager, based on the firewall access control that I have. I've been able to manage it and use it without any problems.

    What needs improvement?

    Websense is an application that monitors and filters internet traffic. Websense was derived from WatchGuard. But when you go to WatchGuard to actually implement that particular feature, you have to use some type of additional feature and you have to pay for it, unfortunately. I think it should be free or free in the WatchGuard box itself, as an option. It would be nice if they didn't charge us for that.

    And if they won't offer it for free, they should offer something better. It definitely needs a big improvement because it's very unfriendly. It's called Dimension Basic and there is a reason they call it basic, because it gives you very basic information. Let's say you want to track someone's internet activity or where they've been going. Websense gives you detailed information as far as the source. But this one only gives you very basic information and, on top of that, it's a free version for only a few months and then you have to pay for it. So not only is the version very basic but you still have to pay for it. That, in my opinion, has room for improvement.

    Everything else that we have, the live security services and network discovery and all the spam blocking, threat protection, and the web blocker, is included.

    For how long have I used the solution?

    We've been using Firebox for as long as I can remember. I inherited this position close to 13 years ago and they'd been using it before that.

    What do I think about the stability of the solution?

    For the most part, everything seems to be working without any issues. That's why we've had it for this long, close to 17 years for the company and, under me, for 13 years. There are more pros than cons.

    We haven't had any issues. I always buy an additional box as a Hot Standby. I have never had to use it, and thank God for that. So it's been very stable. We keep them for a maximum of three to four years and then we upgrade to a newer one. For the time that we keep the box active, we don't have any issues.

    What do I think about the scalability of the solution?

    In terms of scalability, as far other features go, we're stuck with what we have on the physical appliance. For example, we had one that was set to 300 MBs for throughput and when we wanted to upgrade, we couldn't obviously use that same box. It wasn't really scalable. So we had to upgrade to a newer version.

    We have four locations and approximately 400 users. We don't have any firm plans to increase usage. The owner of our company just acquired another company and that may make a difference. WatchGuard is the main component that we use. The subscription for all four of the WatchGuards that we currently have ends in 180 days. We're just going to upgrade to the newer version, if it's available. 

    How are customer service and technical support?

    There was an incident, back in the day, where I called for support and the guy sort of brushed me off. It was very uncomfortable but it could have been an isolated incident. I don't want to say that all the support engineers are the same. But this particular guy was either drunk or rude.

    Other than that, it's been very smooth sailing for us, as far as support goes.

    Which solution did I use previously and why did I switch?

    We have always been using Cisco. They decided that WatchGuard would be beneficial to keep because it's GUI and it's a lot easier to work with than other products, especially for junior admins.

    How was the initial setup?

    I set it up all the time and it's very straightforward. It's very easy to set up and very easy to migrate over to a newer version. It's really simple. I've only done a new deployment once. 

    For upgrades, you save the configuration and you upload it to a new file, or you just open a new file and browse to the configuration file that you saved. It usually takes 10 minutes at the most.

    But the first deployment, because it was obviously more involved, took a few hours. Setup included the site-to-site VPN, the client VPN, the actual interfaces, the static NATs, a lot of the firewall policy, the internet certificates, and the policy routing; the basic components of any router.

    Deploying WatchGuard to distributed locations is mainly the same. Obviously, there are differences in the IP addressing and the network addresses. And you have to take care of the VPN connection between the two, to be able to communicate using the site-to-site VPN. There is also web blocking. We have certain policies for denying access to certain sites or certain applications. We don't allow, for example, weapons or sex or any of those kinds of solicitation sites. We then set the external and internal interfaces and then do the routing. In the some of those locations we use the WatchGuard as a DHCP server, so we set that up as well. The rest is all pre-configured.

    What's my experience with pricing, setup cost, and licensing?

    We have had two-year deals in the past, but recently we decided to go with annual. The cost was somewhere in the vicinity of $2,000 to $3,000 for each one, depending on if they had a special at that time or if they were doing an in-place upgrade or with the same router.

    Which other solutions did I evaluate?

    They figured if they were going to get something different then it would have to be something very user-friendly for the administrators, because I'm the only one who is certified to work on Cisco. We evaluated the Barracuda NextGen Firewall. We also looked into Juniper and the Meraki firewall, because all our switches are Meraki switches. 

    But we decided to stay with the WatchGuard. The prices were a little bit better than Meraki and, since everything was pre-configured, to upgrade to a newer WatchGuard all we had to do was just save the config file and upload it to the new one, and that was the end of that.

    What other advice do I have?

    Educate yourself. Read documentation and watch videos online. Since the administrators are going to use it, they should educate themselves on WatchGuard. Keep a cheap, old box for training. I train my administrators on an older box and I give them a network to train on.

    We have been attacked with ransomware in the past, and it was kind of disappointing because, when I talked to Cisco support they said that they recommended purchasing end-point protection with a ransomware interceptor, so we ended up getting Sophos. So alongside the WatchGuard, we have Sophos' ransomware interceptor and end-point protection. We use them, on top of the WatchGuard, as a secondary line of defense.

    It has been smooth sailing as far as the product itself is concerned. That's why we keep renewing it. We either renew it or we upgrade to the newest version if they have a special. We also use it for Hot Standby. It's been good.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    VP IT at a real estate/law firm with 51-200 employees
    Real User
    Protects us from viruses and intrusions and provides us with good throughput
    Pros and Cons
    • "The most valuable feature is the ease of use of the interface."
    • "The reporting is a little on the weak side. I would like to see a better reporting set and easier drill-down options."

    What is our primary use case?

    It's our primary edge firewall at the home office. We have two M470s running Active-Passive. We have about 100 users in total here. Everything runs through the firewall, so the users run the gamut from analysts to accountants to executives.

    How has it helped my organization?

    It protects us from viruses and intrusions.

    It has also saved me time, about an hour per month.

    What is most valuable?

    The most valuable feature is the ease of use of the interface. The usability is good. It's a firewall, it does its job and it does it well.

    The throughput also seems to be good. I don't have any issues with throughput.

    The management features are good.

    What needs improvement?

    The reporting is a little on the weak side. I would like to see a better reporting set and easier drill-down options.

    For how long have I used the solution?

    I've been with the company for a year and they were already on WatchGuard when I got here.

    What do I think about the stability of the solution?

    The stability is good. It runs well.

    What do I think about the scalability of the solution?

    I haven't had reason to scale it. It's the edge firewall and it's used extensively. We're a pretty small environment with a couple of hundred devices.

    What's my experience with pricing, setup cost, and licensing?

    We pay yearly.

    What other advice do I have?

    It's just me who is responsible for deployment and maintenance of the solution.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    AllenHillstrom - PeerSpot reviewer
    IT Manager at a tech services company with 1-10 employees
    Real User
    Makes it easier to set up new policies, new devices, and tunnels to the devices
    Pros and Cons
    • "It's very easy to use, especially compared to similar products. A lot more users use the WatchGuard appliance now than use the SonicWall appliance because of the ease of usability."
    • "There is a slight learning curve."

    What is our primary use case?

    We use it both for VPN tunnels and as a firewall.

    Our company runs group homes. There are 140 or so sites and employees are traveling to those sites on a daily basis. They use the VPN tunnels going back to the main office to access the file servers. We also have about 12 remote locations connected by WatchGuards on both ends to create a VPN tunnel, with SD-WAN to allow traffic to go between those two sites, both for the file servers and for the phone system.

    How has it helped my organization?

    It gives us a higher sense of security. There is an easier workflow as well.

    I estimate that 50 percent more users use the WatchGuard VPN than use the SonicWall VPN tunnels. Those users are able to work on documents out of the site or increase their workflow and do work while they're onsite instead of doing it later. It saves us a couple of hours per person per week.

    What is most valuable?

    Once it's set up, we don't have to touch it that much.

    We enjoy its usability very much. It's very easy to use, especially compared to similar products. A lot more users use the WatchGuard appliance now than use the SonicWall appliance because of the ease of usability.

    As long as you're using the correct model, since different models have different numbers of allowed tunnels, the throughput is enough.

    In terms of management features, we have a Dimension Server set up. It's nice to be able to see where people have gone to and when they have gone there. Overall, the solution makes it easier to manage on my side. Setting up new policies, new devices, and setting up tunnels to the current devices, is easier.

    The firewall secures the external perimeter.

    What needs improvement?

    There is a slight learning curve.

    Beyond that, the only issue we've had in the past two or three years had to do with the number of current tunnel connections, and that was just an issue with our size of Firebox. We got a bigger Firebox. The old one was able to handle the load. It was just that we ran into a licensing issue. We had hit our number of concurrent tunnels. We have a lot of tunnels with the phone system. We have tunnels to and from each site for the phones to be able to talk. It was a little bit of a surprise when we came across this situation, but it's present in the documentation.

    It didn't take us long to figure out that that was the reason we were having an issue. It was just our not having the forethought to make sure that what we had was able to expand to meet our needs.

    For how long have I used the solution?

    We've been using WatchGuard Firebox for about eight years.

    What do I think about the stability of the solution?

    Stability is excellent. We've had no issues with the firewall going down because of the Firebox.

    What do I think about the scalability of the solution?

    We haven't run into a scalability issue yet. There are over 1,000 employees including several hundred office staff. There are 20-some sites that we have connected. We had to step up to a 470 for the current VPN connections, but as long as we're on the right size Firebox, everything goes pretty well.

    Whenever there's a new office site coming up, we typically add a new Firebox. We're looking at putting more Fireboxes in all of the group homes, so that's probably going to be 115 more deployments in the coming years. We plan on continuing to use it, but I don't see any issues with expanding.

    How are customer service and technical support?

    We don't work directly with Cisco tech support. We work with a third-party company to handle support that we can't figure out.

    Which solution did I use previously and why did I switch?

    We used SonicWall Next or Dell. 

    How was the initial setup?

    The setup is pretty straightforward. It takes 15 to 20 minutes per box. We have to set up current tunnels and get a static IP address at the sites where we're putting the boxes. It requires one person for deployment and there is very little maintenance needed.

    Deploying it to distributed locations is a matter of setting the Firebox up. If it's a replacement Firebox, we set it up with the same policies and ship it to the location. They can take it, unplug the old wires from the old box, put the new wires in, turn it on, and it's up and going.

    Which other solutions did I evaluate?

    There were other options. We took a look at Dell but this was the best one at the time. The usability and setup of the WatchGuard were better. Also, the maintenance was very minimal. It's almost nothing.

    The other solutions had their features that were nice, but there wasn't anything that really drew us or made it stand out from WatchGuard. We're pretty happy with WatchGuard right now.

    What other advice do I have?

    There are updates pretty regularly. There haven't been any big changes over the past few years. They've kept working, rather than taking steps backward or making things harder.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Christian Watt - PeerSpot reviewer
    Engineer/Technician/Owner at Paramount technologies
    Real User
    Live logging, good troubleshooting, and excellent reporting

    What is our primary use case?

    We use this solution as an edge firewall and layer-3 routing internally.

    How has it helped my organization?

    This solution has provided ease and speed of rules. It has unparalleled troubleshooting with excellent reporting.

    What is most valuable?

    The most valuable features of this solution are live logging, rule setup and maintenance, and VPN creation.

    What needs improvement?

    We would like to see granular notification settings and more advanced filtering in traffic monitoring.

    For how long have I used the solution?

    I have been using this solution for eighteen years.

    Which other solutions did I evaluate?

    There is not a product that compares to this one.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    HalChernoff - PeerSpot reviewer
    Enterprise Architect at a wellness & fitness company with 10,001+ employees
    Real User
    Provides the layered security I need but reporting and management features could be improved
    Pros and Cons
    • "Intrusion Prevention is my primary focus so that's what I find most useful. The why is straightforward: It's to prevent intrusion."
    • "I'd like to have better access to workstation monitoring, connection monitoring, and the amount of time an address is being used, to better gauge proper network utilization. If I knew that something was connected to a particular external location for an extended period that seems abnormal, I'd be able to act upon it."

    What is our primary use case?

    The primary use case is protection for my network from external access. We also use it for some VPN, but mostly it's for protection. It's mixed usage on about a dozen different connections, a dozen different workstations, and access points.

    How has it helped my organization?

    I don't really worry about individual workstation security as much, anymore. I can depend upon the firewall to control incoming viruses, incoming attacks, bad port usage.

    It simplifies my job because I don't have to worry about it on a day-to-day basis, the way I otherwise would. I'm not checking and monitoring each workstation on a minute-by-minute basis. I can check what's going on with the firewall and see how it's being used and where, and if there are any things coming through the logs.

    I've built my process around the WatchGuard. I can't say it has saved me time because it's become the defacto process. I don't have anything against which to compare it.

    What is most valuable?

    • Intrusion Prevention is my primary focus so that's what I find most useful. The why is straightforward: It's to prevent intrusion.
    • The usability is pretty good. 
    • The throughput of the solution is also pretty good. I think there is some throttling that occurs.
    • It provides me the layered security I need.

    What needs improvement?

    There are some features I'd like to see, although they are not standard in any of the products in this class; for example, better monitoring.

    I'd like to have better access to workstation monitoring, connection monitoring, and the amount of time an address is being used, to better gauge proper network utilization. If I knew that something was connected to a particular external location for an extended period that seems abnormal, I'd be able to act upon it. It comes down to overall monitoring and reporting for the class of services that I have.

    The solution's reporting and management features, based on what I have, are fair. I'd like to see an easier way of managing, controlling, and viewing usage at an IP-address-based level.

    For how long have I used the solution?

    I've been using the solution for about five years.

    What do I think about the stability of the solution?

    It's very stable.

    What do I think about the scalability of the solution?

    WatchGuard's product line is very scalable, but this particular product is not.

    How are customer service and technical support?

    Technical support is pretty good. The online knowledge base is usually the best way to go. But I have had some telephone support as well.

    Which solution did I use previously and why did I switch?

    I had been using SonicWall for about ten years. I got a little frustrated with them at around the time that Dell purchased them. The WatchGuard UI is easier to manage and easier to work through. I ultimately became dissatisfied with the service and ongoing costs of the SonicWall devices.

    How was the initial setup?

    The initial setup was straightforward. They walked me through it. I have enough knowledge to be able to walk through the setup and then tweak it the way I need it. I was able to find anything that was unusual, pretty easily, on the web.

    The initial deployment took under an hour. I've spent dozens of hours tweaking it over the years, but nothing out of the ordinary.

    The implementation strategy was to set up something that allowed for VPN access, to grow VPN access, and that would protect my workstations against viruses and attacks, as well as my servers. The goal was to simplify everything with one box.

    For deployment and maintenance, it's just one person who handles the network, and that is me.

    What about the implementation team?

    I did it myself.

    What was our ROI?

    I'm not sure I could establish a numerical return on investment. It's mostly peace of mind. I could probably do well with a lesser product, but I'm afraid a lesser product would provide significantly less protection.

    What's my experience with pricing, setup cost, and licensing?

    It costs me about $800 a year. There any no costs in addition to the standard licensing fees.

    Which other solutions did I evaluate?

    I looked at some Cisco products. I only upgraded to this latest T35 last year, from the previous WatchGuard item. I also looked at SonicWall and a couple of others.

    What other advice do I have?

    It's used extensively. Do I plan to increase usage? If I can get better reporting, perhaps. But it's fully deployed and static at this point.

    I would rate WatchGuard a seven out of ten. A perfect ten would come from lower costs for small installations for the service licensing, and improved reporting. And maybe some better awareness of what it's capable of doing. It's hard to figure out what I could do. That's a big thing. It's hard to figure out what is possible. What am I not taking advantage of? I've tried to work with people on that, and that's the biggest thing.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    JasonGiles - PeerSpot reviewer
    IT Manager at WTS Media (Wholesale Tape & Supply)
    Real User
    Setup, and setting up the routing — normally very complicated processes — are intuitive
    Pros and Cons
    • "[A] valuable feature would be the branch office. We have five offices throughout the United States, and it coordinates the connections of those offices."
    • "In terms of the reporting and management features — and this isn't necessarily a WatchGuard issue, this seems to be more of an industry-wide issue — you get reports, but a lot of times you don't know what you're looking at. You're so overwhelmed with the data. You're getting a lot of stuff that doesn't matter, so it takes time to parse through it, to actually get what you want to know."

    What is our primary use case?

    It's our main firewall. We have over 120 hosts that flow through it.

    How has it helped my organization?

    The biggest way that it has advanced us is that when we started adding additional locations, it became surprisingly easy to do that, to create branch-office VPNs. When I was first tasked with that, I was overwhelmed with it. I thought, "This is going to be really difficult." But it was really simple. I've never actually done this, but they have the ability to program a box and ship it out there. It'll identify it by its number and just do the setup automatically. I've never been brave enough to just let it go automatically, but when I do get it in my office and set it up for the branch office, it's just a matter of just plugging in the right numbers. It works and it's very stable. That enables us to do some incredible things.

    WatchGuard has been mostly cost-effective compared to other firewall systems that are out there, given the power that it has and the ease. I complain about the usability, but things such as how to set them up and how to set up the routing up are, at least, intuitive. So that's been invaluable. It's one of the reasons why I haven't moved away from them or been tempted to move away from them. These setups are very complicated and WatchGuard makes it very easy.

    It does simplify my job in the sense that it's easy to set up a VPN. Setting up a branch-office VPN is rather simple, but when I have remote users, such as myself or remote salespeople who are operating out of their homes, I can use whatever solutions are out there; the software that makes it easy for them to connect. That avoids my having to go out and buy really expensive solutions like TeamViewer or LogMeIn. They are always clunky, always hard to navigate around in. With WatchGuard, remote users can pop in straight through the VPN and then RDP into their remote desktops. And everything works very smoothly and rather quickly. Anytime you VPN it's not super-fast, but it has been rather efficient and is a huge advantage. It makes my job a lot easier because I don't have to try to troubleshoot somebody else's TeamViewer account.

    WatchGuard has saved me time versus having to manually help people with their remote connections. It saves me about ten to 15 hours a month of work, not having to do all that.

    What is most valuable?

    The basic firewall features, or just the routing, are the most valuable because that's how we configure our network. 

    The second valuable feature would be the branch office. We have five offices throughout the United States, and it coordinates the connections of those offices. 

    And the filtering features are okay.

    It layers security in the sense that it does isolate different networks. I have in-house web hosting and that's more of a DMZ-type thing sitting out in the open, so that it has to be isolated from our network. It has Gateway antivirus, which is important. It has Gateway spam protection, but I've never actually seen it do anything. That could be because our regular spam filters grab it before it gets a chance to. It's not a direct user-security thing. Another level of security is that I do keep our guest WiFi network separate from our main WiFi network. Even though WatchGuard doesn't manage our WiFi, it does play the traffic-cop between those two networks and keeps them separate. It's more IP-based routing security than anything else.

    What needs improvement?

    We have several branch offices. Those things run, you forget about them. My biggest gripe was when I went to update some of my devices, to try to make some speed improvements, not only did I get hit with, "You need to renew your LiveSecurity," but there was this reinstatement fee that they threw in on top of it. That really angered me, to the point that I canceled the entire order. I actually almost replaced some of those devices and I'm looking to replace them because of that type of thing. It's fair to pay for services like filtering, etc., but I don't feel it's fair to pay for updates to a product because they're patching and fixing and updating their product because of bugs. If I want to pay for the next version of something that gives me additional features, that's fair. But to have to pay a reinstatement fee and that sort of thing, I find it to be a very poor and unethical practice. We'd never do that to our customers. The reason I haven't thrown a huge fit is because everybody does it. SonicWall will do it; Cisco. All those guys do that kind of thing. 

    I really don't like that, particularly because you're talking about a device that you paid $300 for, and the reinstatement fees are another $200-plus. I can just buy a brand-new device for that, get a faster unit, and get another year of stuff. Maybe that's what they're trying to encourage me to do. But there are firewall devices out there that I can buy that will do a lot of the stuff that I need to do in the remote offices, without having to purchase a yearly or three-year plan. I keep our main system up to date, but for the small edge units, it's just an unneeded expense. That's my biggest negative and biggest gripe about WatchGuard.

    In terms of the reporting and management features — and this isn't necessarily a WatchGuard issue, this seems to be more of an industry-wide issue — you get reports, but a lot of times you don't know what you're looking at. You're so overwhelmed with the data. You're getting a lot of stuff that doesn't matter, so it takes time to parse through it, to actually get what you want to know. If it gives me a threat assessment such as, "You received an attack from North Korea," I don't know what that means. I know that an IP address from North Korea hit our server, and they tried a certain attack. Is that something I should take seriously or not? I don't know.

    But that seems to be true with a lot of the solutions out there. They tend to report everything, and there's not a lot of control over getting rid of the noise. I've had it report threat attacks from devices within my network, from my own PC, in fact. So it's misinterpreting some things, obviously. Reporting is not something I rely very heavily on because of that. I look at it but I don't know what I'm looking at. Instead, I have a monitor that displays various things about my network, and I will have the main screen up just to see things like which host in the network is the busiest. I tend to use the main dashboard to get real-time information.


    For how long have I used the solution?

    I've been using this solution for over 15 years.

    What do I think about the stability of the solution?

    The solution is very stable. I don't think I've ever had one crash in 15 years.

    I did have one fail, but that was just a hardware failure. That was one of the very first, early units. That was years and years ago. I've never had one fail since then.

    What do I think about the scalability of the solution?

    It's not very scalable. You get what you get. You buy for your application but if you grow, if you were to double your network bandwidth or the like, you would have to upgrade the product. That's because the hardware can't handle that. 

    You could say it is scalable if want to add additional networks and that sort of thing. It makes that fairly simple. But you do need to buy the appliance that's applicable to your network.

    It's used at all of our locations and it traffic-cops our entire network. But we're not adding any new networks. As we buy companies, which we've been doing, I usually pull their firewalls out and put these in, because that's what I'm familiar with, if I can't interface their existing firewalls with it.

    How are customer service and technical support?

    Their tech support, the few times I've used them, have been excellent. Their staff has been very knowledgeable. I've had several instances where, when fixing a problem, they've made suggestions about other things not related to that problem, as they inspected the setup.

    They have a very good system for logging in securely and seeing configurations without being able to check it. That's been very helpful. I've always given an "A+" to their tech support.

    Which solution did I use previously and why did I switch?

    It was so long ago, but I used some PC-based proxies at the time. So there was something before this solution, but my first, actual, dedicated appliance was WatchGuard.

    It might be that we purchased this back in the late '90s, because our previous solutions were back during the dial-up age. It wasn't until we started getting always-on internet in the late '90s or early 2000s that we looked at a firewall. Someone suggested WatchGuard.

    How was the initial setup?

    The initial setup is straightforward. Network setup is complex because setting up networks is complex. I will give them props for making a very complex task a little easier. I don't know a way you could make it any easier than they do. I have done network setups in other firewalls that I thought were way more complicated and more convoluted. We've set up a branch office with some SonicWall devices and my setup screen was a whole lot easier than theirs.

    The deployment itself takes an hour, if that. I've done upgrades, but I haven't done a straight, flat-out deployment in a long time. But usually, when I deploy a branch office or upgrade the main unit, it's usually up and running within ten to 15 minutes in most cases. If I get something wrong, then it might go to an hour or so, but usually they're very straightforward. If it's a branch-office deployment, it's just a matter of plugging it in. It takes five to ten minutes. The configuration might take another ten to 15 minutes. The one thing that's difficult when you're setting one up is that you have to isolate a computer that you can connect directly to. They have things that make that easier, but I've never tried it.

    Our implementation strategy, back then, was to bring branch offices online.

    The process of deploying the product to distributed locations usually means that I bring the device in-house and preconfigure and test it before I send it out to a remote location. I'm usually onsite at remote locations to install it. So my process is to order the product, configure it locally, get it correct, and then install it onsite.

    In terms of using it, there are maybe ten users and they use a VPN client. They directly interface with it. It's primarily me who manages it. I'm the only user who actually sets the configurations up in it.

    What about the implementation team?

    I purchased it from a retailer at CDW and did the deployment myself.

    What was our ROI?

    Being able to control network traffic and being able to monitor employee activity on the network are things you can't quantify, but there's definitely a cost that you could attach to each. If we have users that we find are spending too much time on social networks, we can address those issues, replace the employee if they don't comply, or help them with their productivity, etc. 

    A firewall is a necessary evil. You've got to have one. It's one of the less expensive but powerful models. I've always been very impressed with that. There's a definite return on investment in terms of that the branch-office option. I didn't have to pay anything extra for that. It was just built-in. Those can get upwards of thousands of dollars with other solutions. One solution I saw was $15 a month per user. It would be astronomical if we tried to go that route.

    I don't have a number, but the return on investment is good.

    What's my experience with pricing, setup cost, and licensing?

    I buy a three-year renewal on the main device, which is usually around $3,000 to $4,000. They usually upgrade the device when I do it. You get a big discount when you do three years.

    If I were to renew my other devices — we haven't renewed them — it would probably be around a couple of thousand dollars for the little edge devices.

    In addition to the standard licensing fees, we pay for the filtering software. There's a web blocker, Gateway antivirus, intrusion prevention. Those sorts of things are extra. They call it LiveSecurity. I do the LiveSecurity update and that includes a lot of those features. It's a type of a-la-carte scenario. You pick what you want, and that then includes maintenance and support.

    Which other solutions did I evaluate?

    I can't remember what we looked at, at that time. I have looked at more recent solutions like Untangled, SonicWall, and the like, just to see what else is out there.

    What other advice do I have?

    Make sure you buy the device that fits your environment. Don't try to do too much with too little. You can buy one of the edge devices, and you could technically run a large network on it, but it's not going to work as smoothly. Your firewall is your primary point of security from outside intrusion so you want to do it right. Be very meticulous about your configuration.

    Straight-up, walking-to-the-console usability of the solution is not very user-friendly. It's not very intuitive. However, compared to other firewalls, it's very user-friendly. So it's more user-friendly than most, but it's just not something anybody could walk up to and use. If I had to walk someone through it remotely, it wouldn't be very easy for them to do.

    Each upgrade of the device, and I've had about five of them — five main devices — has allowed an increase in bandwidth and performance. They tend to work fairly consistently, but as speeds have gotten faster, you've got to upgrade the device to keep up with it. They seem to be doing an adequate job at that.

    I have used the solution's Cloud Visibility feature. I wasn't really blown away. I thought, "Okay, that's neat." I haven't really dug into it deeply. I don't really think about it in the context of detecting and reacting to threats or other issues in our network. I like to be aware of threats, but threats in networking terms are always not practical. For a company like ours, we know there are going to be internet probes out there, and they're going to hit our network. The WatchGuard identifies them and locks them down. There's nothing I can do about it. It's more along the lines of, "For your information, there was an attempted attacked last night."

    What I'd rather have is internal threat assessment. I want to know: "This machine started doing something last night it wasn't supposed to do. It was sending out emails at two in the morning. It shouldn't be doing that." Since it's sitting here watching the network, I'm more concerned with internal threats, and people doing things they shouldn't be doing, than I'm worried about the external threats. 

    I probably should be equally concerned about them but I've never found a really good solution on that. I have some customized things that I've done that try to send me alerts if certain behavior patterns are detected. I'm scanning through the logs, and if certain keywords pop up, then I'm alerted. That's been somewhat helpful, but most of the time I get more false positives than I get actual.

    We have web filtering, so I'm looking to see if anyone is going to pornographic or hacker or peer-to-peer sites. I get alerts from that and it logs those. But most of the time, I'll get hundreds of alerts on sites for a user, and I'll go over and find that the user was looking for fonts and one of the ads happened to be on a server that caused a trigger. It was a complete false positive but I don't know how to filter all that out. So the alert becomes useless. That may be an industry problem.

    I would rate WatchGuard at eight out ten. There is a need for improvements in the reporting. There needs to be more granular, built-in filtering in the reporting, so that you can drill it down to exactly the information you want. The second thing would be the cost-plan of renewals. They can have a security plan and they can have a renewal plan. But if you lapse and they charge a penalty on top of that, to me that's really unacceptable. I should be able to let a product lapse if I want to. It may not be a priority. It might be something I have in someone's home and then there's just a new feature I need to add. As I'm going down the road I should just be able to buy that when I want. To put in reinstatement fees is a big negative to me. Granted, they all do it, but they all shouldn't do it.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    John Giacco - PeerSpot reviewer
    Network Administrator at Peace Bridge
    Real User
    Its features provide me visibility on the network
    Pros and Cons
    • "HostWatch makes it so I can see, in real-time, activity in the event that there is something weird happening on the network. This simplifies my job."
    • "The product's usability is good. It is straightforward and simple. One of the benefits is that it is easy to navigate and intuitive."
    • "Sometimes, the writing rules are a little confusing in how am I doing them."
    • "We were able to take from an older configuration, build a new one quickly, and get it up and running, which didn't take long, but there was some pain around it."

    What is our primary use case?

    It is a firewall. I have two M400s. They act as security for the Internet, like a border between us and the Internet.

    How has it helped my organization?

    We allow more outside vendors to be able to come in, then I could protect them. This is a way that I could leverage the solution which has improved business. It has made vendors coming from the outside able to get to resources that we can provide them without allowing them onto our production network.

    We have the logging working along with the System Manager overview. This all seems very good to use and straightforward. It is where I look when I start since it gives me that sort of a single pane of glass for both firewalls.

    It gives me Layer 3 and Layer 4 security. I don't know if it gives me the full Layer 7 security, which some other firewalls do. It might in new revisions of it. However, for what I need, it meets the sweet spot.

    Having the VPN access helps productivity in the sense that people can get to resources anywhere.

    What is most valuable?

    • HostWatch is a nice feature.
    • Logging
    • The central management piece of the system
    • The overview manager is good to have.
    • The GUI is somewhat easy to use.

    These features provide visibility on the network. When there is trouble, I like to see why I might be having trouble at the gateway level.

    HostWatch makes it so I can see, in real-time, activity in the event that there is something weird happening on the network. This simplifies my job.

    The product's usability is good. It is straightforward and simple. One of the benefits is that it is easy to navigate and intuitive.

    What needs improvement?

    Sometimes, the writing rules are a little confusing in how am I doing them.

    I had some trouble with the previous product version (XTM) at the end. When the product aged a bit, there were no redundant power supplies. For what we're doing, it would've been nice to have something to fall back on instead rebuilding and taking it from an old configuration because the older version did die. We were able to take from an older configuration, build a new one quickly, and get it up and running, which didn't take long, but there was some pain around it.

    For how long have I used the solution?

    I have been using it for a year and a few months.

    What do I think about the stability of the solution?

    With the previous version (XTM), I started seeing some hiccups.

    With this new version (M400), it has been in place for about a year and been running just fine. I haven't had to reboot it. I don't think I've had an issue at all with it.

    I manage the solution as the network administrator.

    What do I think about the scalability of the solution?

    I am not sure what I can scale up to. It meets our needs, though. We're not a growing company. We are sort of a static company in terms of growth. As a static company, we are not looking to increase our usage.

    We have around 200 users, who are tradesmen, toll collectors, administrators, accountants, and auditors.

    How are customer service and technical support?

    I haven't used WatchGuard's technical support because it is an easy product to use.

    Which solution did I use previously and why did I switch?

    We switched from WatchGuard's previous model due to age of hardware. We went from something that was seven or eight years old to something from the last year or two.

    How was the initial setup?

    The initial setup was straightforward. We had been previously using WatchGuard and moved from an XTM to an M400. So, this is our second-generation of firewall with them, and I didn't have any problems.

    The deployment took about a day. I upgraded the hardware, making sure that everything migrated over correctly. That was the goal. I had one rule that I dropped, but that's about it.

    We have multiple networks with Internet points of presence where we have multiple firewalls. These are not at the distribution layer. The core layer is more where our firewall is.

    What was our ROI?

    For the price point, what we do with it, and the time that the last one lived for on our network, we have gotten our money's worth from it. I'm satisfied with the product for the most part.

    Which other solutions did I evaluate?

    We did consider other vendors. I don't think there's a need for us to switch right now. In the future, there might be. However, we're pretty happy right now with what we have.

    We also looked at Palo Alto, Cisco, and Juniper NetScreen. We looked at Juniper because we have a lot of Juniper switching infrastructure. WatchGuard's price point worked, which is the reason why we stayed with WatchGuard.

    What other advice do I have?

    Leverage the website. They have a good knowledge base out there. If this was a green deployment, make sure that you understand how the policies work for VPN and matting.

    The throughput is adequate. It certainly handles what I pumped through it, which is about 150MB. I don't know how we would do on a big gigabit network, but for what I do, it works. I haven't seen any slow downs in throughput.

    I am not using the Cloud Visibility feature.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Network Administrator at Advanced Software Designs
    Real User
    Keeps our VPN secure and it is stable as well - it doesn't go down
    Pros and Cons
    • "The throughput is great. It's perfect. We have no issues whatsoever. The management features are very powerful..."
    • "The software base, the management piece that goes onto a server, is not as user-friendly as I would like. There are three different pieces that you have to manage, so it's a little bit convoluted, in my opinion."

    What is our primary use case?

    We use it to keep people out and we use it for a VPN.

    How has it helped my organization?

    The only thing that we care about is that we're kept safe from any attacks. That is important. The VPN is very secure and that's of huge importance because we have remote users who depend on it to do their jobs. So that's crucial.

    The improvement it's provided is to our security. We don't have issues with rogue access, with people coming in here, or having access to our, data who shouldn't. That is huge, of course.

    The solution simplifies my job. I don't even have to think about it. Everything is set and I leave it alone. And it just does its job. I would estimate it saves me at least 20 hours a month because I don't have to worry about things. It's set and it just runs.

    WatchGuard has increased productivity because our VPN is stable. It's up. It doesn't go down. We used to have an issue with remote connectivity but that's no longer a problem. Having a VPN is very big for us.

    What is most valuable?

    • We have firewall policies in place to keep safe from malware and we rely heavily on it for our secure VPN.
    • In terms of usability, the web interface is great.
    • The throughput is great. It's perfect. We have no issues whatsoever.
    • The management features are very powerful, although I don't use the reporting features at all.

    What needs improvement?

    The software base, the management piece that goes onto a server, is not as user-friendly as I would like. There are three different pieces that you have to manage, so it's a little bit convoluted, in my opinion. For people who use it all the time, it's great. But I don't use the management interface all the time.

    Overall, it's powerful enough, so that is something that we can overlook.

    For how long have I used the solution?

    We've been using this solution since 2010.

    What do I think about the stability of the solution?

    It's very stable and it meets our needs. The stability is huge. It's rock-solid.

    What do I think about the scalability of the solution?

    It's been able to handle anything we've thrown at it so far. We've never had an issue.

    We upgrade as the models we have become obsolete. We upgrade to newer ones and they're usually on a three-year rotation, which is fine for us.

    How are customer service and technical support?

    I haven't had to use technical support very often, but when I have they've been great.

    Which solution did I use previously and why did I switch?

    We tried a software-based solution. I don't even remember what it was now.

    How was the initial setup?

    The initial setup wasn't too bad. We didn't have any problems with it. It took a couple of hours.

    We planned ahead of time, put the policies in place on paper and then tested them out. We then went live with it and fine-tuned it as necessary.

    What about the implementation team?

    Our reseller helped with deployment. Our experience with them was great. We still use them.

    What's my experience with pricing, setup cost, and licensing?

    We pay about $3,500 every three years. There are no costs in addition to the standard licensing fees.

    Which other solutions did I evaluate?

    We looked into offerings from Dell EMC, from Fortigate, and Cisco. But it was just going to be too much of a nightmare.

    What other advice do I have?

    Rely on your vendor.

    For us, it's in use every day. it's 24/7.

    We're not using the solution's cloud visibility feature. That's something you have to pay for, and we haven't. I would love to, but there's a wireless piece and it's just too expensive. They have a wireless product that integrates perfectly with the WatchGuard appliance. But that's just not a reality for us because of the cost of those appliances. We would love to but just can't.

    In terms of users, we've got about 15 people worldwide. They do support, testing - all of them use remote access. And then we have our internal users as well. It keeps us safe internally and our remote users are able to work with a reliable connection. It's very reliable.

    I'm the only one who manages the firewall. If I need any help, there is a local vendor that helps me out as well. We're a small company but it's been great for us. I'm not that technical but I just know it works.

    WatchGuard is a ten out of ten for me, because of its reliability.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Prepress/Systems Manager at a printing company with 51-200 employees
    Real User
    Provides ease of use and navigation without having to do too much networking
    Pros and Cons
    • "It's pretty simple to use. It's pretty simple to understand, and there's plenty of documentation. It does a pretty good job of what it is meant to do."
    • "Last year, I had an issue with one of the Fireboxes going down. It was overheated, because my server room became overheated and this fried it."

    What is our primary use case?

    We use it as a firewall. It protects us from security threats and uses a VPN tunnel.

    How has it helped my organization?

    WatchGuard Firebox made it so that I can connect to my remote offices without having to set up every computer to connect to our headquarters. Now, the remote offices can all just login to their system and work as if they are here at our headquarters.

    The throughput and performance are excellent. I have never had a problem with them.

    The solution provides our business with layered security. It gives us the ability to prevent traffic from coming in on certain ports and the ability to navigate certain traffic to different locations, not letting it just come into my system and do whatever it wants to do.

    What is most valuable?

    The VPN and tunnel between the two different clients. 

    The ability to route Internet traffic to certain computers or IP addresses based on ports, etc. It provides me with ease of use, allowing navigation without having to do too much networking. It is all in a user friendly location.

    The product is very usable. I haven't had too many issues with it. It seems to always run and be easy to make changes to, as long as you know what you want to do. There is plenty of documentation online to how to do what you need to do.

    It simplifies my job because I can make any changes all in one location. I can login at the user-friendly site versus trying to do it in a programming or networking level site.

    What needs improvement?

    There is always room to get better, which is why I gave the solution a nine out of 10.

    What do I think about the stability of the solution?

    The stability is great. I have only had one go out on me, and it was because of my issue. 

    We have one IT person for deployment and maintenance.

    What do I think about the scalability of the solution?

    It is very scalable. I don't see an issue with scaling. I could always add another system by buying a new box and adding the connection. It would be easy.

    I would assume anybody connected to the Internet is using WatchGuard, because they are using their block sites, etc. Everybody in our company is using the Internet, which is around 60 to 70 people. However, the people who are really using it are the people that work at different remote locations and login either via the tunnel or VPN. That is roughly around 15 to 20 people who do data entry and processing.

    We do not have plans to increase usage for a couple years.

    How are customer service and technical support?

    The technical support was good. Last year, I had an issue with one of the Fireboxes going down. It was overheated, because my server room became overheated and this fried it. However, the technical support was excellent. They got me a Firebox out as soon as possible, which helped me resolve the problem, getting it back up and running. They were great.

    How was the initial setup?

    I didn't do the setup.

    The deployment took about a couple of days, because when we were initially setting it up, we didn't understand everything to do with IPs. Now that we've played with it over time, we understand what it's doing and how it's working. It is definitely easier and faster now, but the first time building it was at least a couple of days.

    When we deploy the product to other locations, we usually just get a box. On it, we make a copy of another box, importing the information into the new box, then change the settings that need to connect to the IP address on the incoming box. After that, we just run out and change the ports over, then go. It's not hard at all.

    What about the implementation team?

    We set it up ourselves.

    What was our ROI?

    The solution saves us about an hour a month.

    What other advice do I have?

    Read up about it. Understand what each of the settings are doing and use the resources that you have to get the best knowledge before implementing.

    It's pretty simple to use. It's pretty simple to understand, and there's plenty of documentation. It does a pretty good job of what it is meant to do.

    We are not using the solution’s Cloud Visibility feature.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Information Technology Specialist at a healthcare company with 51-200 employees
    Real User
    Productivity has increased because the time that we used to spend on each machine can now be spent on the network level
    Pros and Cons
    • "One of the most valuable features is the Geolocation. Because we aren't a multinational corporation, it allows me to look at things which might be suspicious to make sure that they are legitimate transactions rather than people sniffing around the network."
    • "The drawbacks are just sometimes not having the technical information that we need in order to easily make connections with all of our Internet-based clients."

    What is our primary use case?

    The primary use case is it is a firewall solution. One of the major selling points was that WatchGuard does adapt in real-time as new threats are discovered, and they push out fixes in real-time.

    A lot of our servers have been migrated to the cloud, so it is really our primary solution right now.

    How has it helped my organization?

    One of the things that it has done is we have been able to start cutting down on extraneous web traffic. We make sure that our bandwidth is being used for business functions rather than for downloading or streaming media files.

    It very much simplifies my job. Before we got the WatchGuard solution, I was doing everything on a per machine basis. All of the security, firewall, and port security had to be done on the front-end before anything could go out. This could take hours to days depending on the system being used, and then it would have to be in the IT department getting provisioned. Now, the provisioning goes more toward what types of software are needed. We have it completely unified across locations with a security standard through the WatchGuard systems due to the roles that we've set up for the organization. We just set the same roles in place, then we are able to ensure that everything is uniform across all locations.

    Productivity, especially within the IT department, has increased due to the time that we used to spend on each machine can now be spent on the network level. This allows us to turn our attention to other tasks, such as creating in-house systems, so we can roll out changes faster and be more responsive to the needs of our business.

    What is most valuable?

    One of the most valuable features is the Geolocation. Because we aren't a multinational corporation, it allows me to look at things which might be suspicious to make sure that they are legitimate transactions rather than people sniffing around the network.

    I have found the reporting and management to be pretty useful a lot of times. When the reporting did come up short, it was due to a configuration error on my part. Anytime that I've had to look up historical information, I found that everything I have needed has been there and it has allowed me to piece together what happened.

    What needs improvement?

    We do a lot of work with cloud-based and Internet-based vendors. A lot of times when we are on the phone with them, I find that it is a bit more technical than they are used to when we are trying to set up specific exceptions to the firewall. We ask for the ports that it's going to use or the block of addresses that they're going to be going from. A lot of times the only thing that they have for us is the web address that they want me to whitelist. Unless I'm missing that functionality, it seems like it is looking more for those technical data points, essentially. A lot of times, I'm running into a problem where there's a lack of give and take between WatchGuard and me. We get it figured out eventually, but it would just be nice if there was a way to say, "We just want to whitelist this address."

    For how long have I used the solution?

    I have been using the solution for six and a half months now.

    What do I think about the stability of the solution?

    It is a very stable solution. 

    Once we had it set up the way we wanted, it seemed to be running extremely well.

    For deployment and management, it's just me along with the reselling group (POA).

    What do I think about the scalability of the solution?

    We have not reached any scalability issues, so far. We have used it in clinics as small as a few practitioners and ones that have more than 30 providers. We have never experienced any issues with the product slowing down or failing in any way.

    There are five different users, I'm the main power user of it, and I essentially set up the rule sets and work to ensure that the system is delivering what is needed. The other users are more of administrative users who are viewing the web traffic within their own departments.

    How are customer service and technical support?

    So far, I haven't needed to go to the solution's technical support.

    Which solution did I use previously and why did I switch?

    We were just using on system firewalls. We were getting to the point where we needed to consider a network-based solution of a physical firewall. WatchGuard came highly recommended from our consultants when we partnered with POA.

    How was the initial setup?

    At first, I did the guided set up where I chose the rules of what to block and what not to block. That was fairly simple. There are a few things that I had to go in and change. That took me a little bit of time to figure out. Overall, it was pretty simple. 

    When logging in and registering it, I did run into an issue where I had to spend about an hour reading to try and figure out why I couldn't activate it. I contacted my reseller and they helped me with it.

    The deployment took about two and a half hours.

    Implementation strategy was more about my bosses wanting to get in, then set it up afterward. It was more about let's get it in place, get it working, and then we'll lock things down as we need to.

    We have hubs in multiple locations. Our strategy for implementing these was once the first one was installed in our main location, then we had the role set up the way we wanted it for the entire organization. We used that to order additional Fireboxes and took them to our other locations. Those were preloaded with the same role sets and put online.

    What about the implementation team?

    We used Pacific Office Automation. We had a very good experience with them. With the few bumps in the road that we had following the setup, we called them. We let them know what was going on and they helped us resolve the issues quickly.

    What was our ROI?

    It saves a lot of time. On a weekly basis, without having to do a per machine basis, it probably saves me about three and a half to four hours a week.

    What's my experience with pricing, setup cost, and licensing?

    I think we might be subscribed to one or two of the premium features.

    Which other solutions did I evaluate?

    We were evaluating a Cisco solution as well. 

    What other advice do I have?

    Take a look at the needs of your business and how reactive you need to have your firewall solution be. One of the major selling points for our corporate board was: As new threats come up, WatchGuard is constantly taking the information coming in and looking for a solution, then pushing it out. That was one of the major selling points for us. The field that we're in takes security very seriously. We wanted to make sure that we were protecting our client's information. When it came down to it, that was a major selling point for us.

    There was a bit of a learning curve. Once I was in it for about a week or two, I found it simple and intuitive to use.

    With the throughput, the only issues that we found were at the very beginning, and that was due to a misconfiguration on my part. There hasn't been a noticeable change in slow down from the throughput the way that some firewall solutions might cause. Now, my end users don't even realize that it is there.

    We are not using the solution's cloud visibility feature.

    Right now, we are on the base usage. It's a firewall solution for us and we haven't really had the chance to dig into the advanced features that much. I plan to expand how we use it in the future, as time allows.

    I'm very happy with it so far. I need some more data points to really firm that up. However, at this time, what I'm basing the eight (out of 10) off of is the ease of use, the ease of setup, and its learning curve. Once you learn how to use the system, it is very well-organized. It does save us so much time. The drawbacks are just sometimes not having the technical information that we need in order to easily make connections with all of our Internet-based clients, but we can put the work in and still get it done.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    IT Manager at a engineering company
    Real User
    Geolocation allows us to lock down certain policies to only U.S. IPs
    Pros and Cons
    • "One of my favorite features is the Geolocation service, where you can actually block specific activity or IP addresses registered to certain countries. For example, I don't want any web traffic from Russia or North Korea. I may even lock down certain policies down to 'I only want U.S. IP addresses.' I find that very useful."
    • "They've done a lot of work with their SD-WAN, which we do use, to have our old internet service with our new internet service. If anything goes down on a particular interface, I can have different rules applied. Most of my users don't even know when our primary internet goes down anymore... I don't have to be here to do anything to switch it to our backup internet or to switch it back."
    • "Reporting is something you've got to set up separately. It's one of those things that you've got to put some time into. One of the options is to set up a local report server, which is what I did. It's not great. It's okay... Some of the stuff is a little complicated to get up and running. Once you do, it becomes very user-friendly and easy to work with, but I find there are some implementation headaches with some of their stuff."

    What is our primary use case?

    It's our primary firewall. It's also our UTM device, so we have multiple security layers enabled on it.

    We're using an M270 firewall with version 12.5.

    How has it helped my organization?

    With WatchGuard, I've got a lot of WebBlocker rules set up which help quite a bit, blocking a lot of suspicious and parked domains. Between WebBlocker, the Botnet Detection, the website reputation filters going, and IPS - which is one that is essential, but nobody really talks about a whole lot; between all those things working together, and even the antivirus, I feel our network is pretty clean. And if there is some suspicious activity, I think I have a better chance of being alerted to it. I've even been able to set up Application Control rules, so that something like Windows Update doesn't deplete too much bandwidth. There are whole bandwidth controls you can set up which aren't necessarily security-related, but they can help make sure that one particular function doesn't take up so much bandwidth that the users are affected. WatchGuard has layered security, but I also have other layers beyond that.

    I wouldn't necessarily say it has simplified my job but I am very happy to have it. I'm very glad we went with WatchGuard. I was impressed with WatchGuard for a lot of other reasons like their education and training videos. They do a lot of little security announcements about what's going on with other companies in the industry, so that part has made my job easier. I wouldn't say it's made my job more difficult either. It has definitely made me feel more comfortable about the security here, but I wouldn't say it simplified things. We had a very simple firewall which was almost a small-business router. It had a little firewall screen with four settings on it that really didn't do a whole lot. So, I can't say WatchGuard simplified things for me. It's just we're much more secure and it hasn't overly complicated things.

    What is most valuable?

    One of my favorite features is the Geolocation service, where you can actually block specific activity or IP addresses registered to certain countries. For example, I don't want any web traffic from Russia or North Korea. I may even lock down certain policies down to "I only want U.S. IP addresses." I find that very useful. That was not a feature that was initially there for us. It was something WatchGuard released after we bought our first device with them and it is one I am very happy with.

    I may want to only allow U.S. IPs onto a specific interface that I share files with, for security reasons, or I may know of a security issue in a particular country. I can just block that whole country for all my users. Or maybe I'm seeing a lot of malicious links coming out of South Korea, even, and I just say, "We don't go on a lot of websites there, let me just block that country completely," and if we do need to get on a website, I'll just make an exception. It improves security and helps block malicious links.

    There's a little bit of a learning curve in getting everything working. But once you understand how all the pieces work, and the fact that you're using physical hardware with a web interface alongside a piece of software installed on your computer, and you learn what to do in each location, it's very user-friendly.

    I like the management. There are some nice dashboards and other things to keep an eye on things. There are email alerts, once you get those configured. Once again, they're a little complicated to get set up, but once they work, they work well. Management is pretty easy. 

    The version I'm on, 12.5, came out last week. I try to stay pretty current and they do add features and improve usability and functionality often. It's one thing I've been happy with. It's not like they say, "Here are the modules you bought with it four years ago and that's all you have." They're constantly adding, developing, improving. 

    They've done a lot of work with their SD-WAN, which we do use, to have our old internet service with our new internet service. If anything goes down on a particular interface, I can have different rules applied. Most of my users don't even know when our primary internet goes down anymore. It does run slower on our backup, but they don't know the difference unless they're doing some kind of bandwidth-intensive function or streaming. I don't have to be here to do anything to switch it to our backup internet or to switch it back. They've developed that feature even more, to allow you to have different rules for different policies or different interfaces to behave differently, depending on what happens with either packet-loss or latency, with multiple internet sources. That is pretty helpful.

    What needs improvement?

    Reporting is something you've got to set up separately. It's one of those things that you've got to put some time into. One of the options is to set up a local report server, which is what I did. It's not great. It's okay. I've heard their Dimension control reporting virtual machine is supposed to be a lot better, but I haven't had the time our resources to set that up. Some of the stuff is a little complicated to get up and running. Once you do, it becomes very user-friendly and easy to work with, but I find there are some implementation headaches with some of their stuff.

    I wish I had a contact at WatchGuard because there are a few things I'm not using. I'm not doing packet inspection because I know it's pretty intensive to install certificates on all my computers and have it actually analyze the encrypted traffic. That's something I'd like to do but I'd really like to talk to somebody at WatchGuard about it. Is that recommended with my number of users with my piece of hardware, or is that going to overload everything? I'm not using Dimension control. I'm not using cloud. If I had a sales rep or a support person that I could just check in with, that would help. Maybe they could do yearly account reviews where somebody calls me to say, "What are you using? What are you not using? What would you like more information about?" That sort of thing could go a long way.

    They do a lot of education, but it's sent out to the masses. They have really good emails they send out which I find very valuable, talking about the industry, security events, and other things to be aware of. But there's not too much personal reaching out that I've seen where they're say, "Hey, how can we help your company use this device better? What do you feel you need from us?" That's my main recommendation: There should be somebody reaching out to check in with us and help us get more out of our device.

    For how long have I used the solution?

    We've been using WatchGuard for over four years.

    What do I think about the stability of the solution?

    It's very stable.

    I've only even had one update that I applied that caused problems, that I had to roll back. I don't recall any kind of issue where I had to reboot the device to fix something. Somewhere along the line, WatchGuard, with their free training and free training videos, had recommended setting up an automatic reboot once a week just to keep everything clean, fresh, and healthy. I set that up during to reboot every week during off-hours on the weekend and I've had almost zero problems with it. Even with the updates, as I said, I can only think of one instance where there was a problem. I had to roll the update back, which was very easy to do, and then wait until the update patch came out and fixed the problem. That only happened once.

    I've been very happy with the stability and reliability of not just the device and the software, but WatchGuard as a company.

    What do I think about the scalability of the solution?

    With my needs and my network, I feel we could add bandwidth and add users for a while, before we would run into any issues. It's scalable for my needs with my device.

    How are customer service and technical support?

    I don't think I have used WatchGuard's technical support. If I did, it might have been once.

    I haven't really needed it too much. As I said, they have some good YouTube videos that they put out themselves on setting up stuff. That's my first resource when I want to get into a new feature I'm not using. They've got pretty good notes in there, so when I update software on the device itself, I go through their installation guide or their admin guide for that version of the software and it's all pretty straightforward. It lays out the new stuff they changed and what you need to be aware of, so I haven't needed to bug them.

    Which solution did I use previously and why did I switch?

    We didn't have anything like this before, so it's not necessarily saving me time, but it did add a whole other level of security to our network, which we really appreciate.

    We had a small-business Cisco basic solution. They called it a security router, but it was just a small device that sat on the shelf and which mostly provided internet access. It had very simple firewall controls: two or three check-boxes to do basic filtering. So we did have something, but it was nowhere near the level of the WatchGuard.

    We switched to WatchGuard because we did not have a UTM device like we do with WatchGuard. We needed to upgrade the old device because it wasn't performing well anyway. I suggested that we needed something more appropriate, or with more layers of security than what our other small, entry-level device was offering. We did review solutions from a few other firewall vendors and WatchGuard offered, in my opinion, the best protection for the cost.

    How was the initial setup?

    The initial setup was a little bit of both straightforward and complex. I'm a technical person. I read an instruction manual before I do something, whether it's putting a piece of gym equipment together or implementing something like a WatchGuard firewall. I had gone through all of their admin guides and getting-started guides and recommendations. So it was pretty straightforward, but there were a lot of steps and a lot of things to work through.

    Something as simple as email wasn't just set up by specifying the IP address of your email server. I had to enable a bunch of things on the web interface and then install the software on my computer and set it up as an email relay. That was the only way to get email alerts, which I found a little shocking because email alerts should be critical on these things. I guess bigger companies may have alert servers or Syslog servers or other things they're using. But we're smaller and we don't. So that was one thing that I found was a little more complicated than it should have been for the importance of the feature. And now I have a computer and a firewall and if one or the other isn't working, those email alerts don't work.

    Our deployment did not take long. It was no more than a week or two. I did it pretty quickly. I convinced the owner why we needed it and why this was the right move. I wanted to make sure I implemented it quickly and that we got some benefits out of it right away. I didn't want to let it sit around. It took less than two weeks.

    My implementation strategy was mostly what I mentioned above: Review all of the guides, all of the walk-throughs, a couple of tutorial videos, get a baseline of what I wanted to enable and how. Then I did it offline, as you would expect. I brought the device into my office, got it updated, got everything baselined and set up the way I needed it to start with. From there it was just switch out early in the morning before users were in the office. It was nothing too out of the ordinary.

    For deployment and maintenance of the product, it's just me.

    What about the implementation team?

    I did it myself.

    What was our ROI?

    I believe there has been ROI, with the level of protection and things that are being blocked that we're aware of. And there is just the peace of mind of knowing certain things.

    Some of this I'm simplifying a little bit because, again, a lot of these things have been implemented over the last four-and-a-half years. I'm thinking now of other features I've implemented that I'm very proud of, like locking down remote access software so people can't just come and use any remote access software to get in or out of our office. There's a sense of security because I only allow the remote-access software that we pay for and use. I don't allow any other protocols to get through. It is making sure we don't have people who work here doing weird things, but it also makes it harder for other people to break in. Just that peace of mind and all the other layers we have working is worth the money, in my opinion.

    What's my experience with pricing, setup cost, and licensing?

    We had a trade-in offer at the end of our first three-year term. As a result, we pretty much got a free device by buying the three-year subscription. It was around $3,000 for the three-years.

    Which other solutions did I evaluate?

    We probably looked at SonicWall and ForcePoint, but it's been a number of years so I don't recall much of that process.

    What other advice do I have?

    Do your research. It's not impossible. Do things in a logical order and make sure you understand what you're doing and how you're going to do it. Once you understand it and get everything working the way you want, it does get very easy to use and work with from there. Once you get over the learning curve of how all the pieces work together, it's very easy, very user-friendly, very easy to update, and very easy to make changes and document those changes - all that good stuff.

    I tend to buy the hardware platform that's like one level above where we think we absolutely have to be at a minimum, so the performance has been adequate or good. I've yet to hit an issue where I feel the device is slowing us down or causing any issues because of the performance of the device, itself. We're usually limited more by our actual bandwidth. It's been great as far as our network and needs go.

    In terms of the extent to which we're using the product, six months ago when I renewed the second three-year term, the subscriptions had changed quite a bit from when I had my first three-year term. Now, I have a whole list of new subscription services or modules or layers that I have not started implementing. I got a couple of the new ones implemented, to get some of the benefit, when I first got this new device. But there are a few more I want to implement. One of them, is packet inspection, which is difficult because that can really bog down your device. I'd like to have Dimension control to get better reporting. There are a couple of other ones that I have not implemented because they're new for me and I just haven't had the time to work on them. Threat Detection and Response is one I'm interested in which I haven't time to implement yet. It involves me setting up a client in each one of my endpoints and it keeps track of unusual activity there. That's probably where I want to go next. Maybe even the Access Portal could be useful for me, to have a place for vendors or customers go to access things inside our network.

    We've gotten more features for our money because there's a new security package which wasn't available when I first subscribed, and that included pretty much everything. I had paid separately for APT, Advanced Persistent Threat protection, on my old subscription. To get that now, it was cheaper to bundle it with their total threat package. That included a lot of things like DNSWatch, which I did set up to look for malicious DNS access requests throughout my network. It gave me intelligent antivirus. I believe there's some kind of DLP module, which is one I haven't spent any time on. Network Discovery is another one I haven't spent time on that I need to work on. All of those came as new features with the new hardware and with that new subscription. The Threat Detection Response is definitely something I didn't have access to before. For sure, in this second three-year term, we got a lot more value for the money with what WatchGuard offered us.

    I would give WatchGuard an eight out of ten. There's a little bit of room for improvement but I'm very happy with WatchGuard. I think it's a good fit for me. I won't often give a ten, just on principle, unless I feel they deserve a 12. That's when I give a ten.

    I've definitely said positive things about WatchGuard to other people in the industry, people I talk to or know. I'm a promoter of WatchGuard, to be honest. I haven't seen anything I like better, but I haven't had a lot of experience with other devices. I've said good things to people on a regular basis, especially about WatchGuard's education, the emails and videos and other stuff they put out to try and help people, even when it's not related to WatchGuard products.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    AlanRogers - PeerSpot reviewer
    Owner at Thermioninc.com
    Real User
    You can control how you want things to go in and out of it
    Pros and Cons
    • "If there is any conflict, the reporting feature will kick out all types of information, which is great."
    • "The software in it could be a bit more friendly for an amateur user. I look at it and don't understand what half the stuff is. Looking at the interface, it is all mumbo-jumbo to me. It's not a simple interface. You have to be an IT guy to understand it. It is not for your average person to use, then walk away from it. It is much more entailed."

    What is our primary use case?

    I use it as my firewall. 

    We are using it to filter our email.

    How has it helped my organization?

    It roadblocks most everything, as far as viruses and stuff like that, from getting into my network and does a good job of that.

    If there is any conflict, the reporting feature will kick out all types of information, which is great.

    What is most valuable?

    The most valuable feature is if I need to control spam. I can control everything with it, anything coming in or out of my network. The controllability is phenomenal.

    You can control how you want things to go in and out of it. So, it is great for that.

    What needs improvement?

    The software in it could be a bit more friendly for an amateur user. I look at it and don't understand what half the stuff is. Looking at the interface, it is all mumbo-jumbo to me. It's not a simple interface. You have to be an IT guy to understand it. It is not for your average person to use, then walk away from it. It is much more entailed. It could be a bit more user-friendly, but my IT guy knows what he's doing with it. I just let him do most everything.

    They need to make it so you have a step-by-step guide which goes through and sets it all up for you. However, they don't have that. You have to know what you're doing with it.

    For how long have I used the solution?

    I have been using the M200 for a year.

    What do I think about the stability of the solution?

    It seems to be stable.

    There are always updates for it. So, they are always improving it. We are always putting updates into it all the time. They do a good job of trying to keep up on everything.

    I just have a consultant who comes in every so often to do deployment and maintenance.

    What do I think about the scalability of the solution?

    I haven't seen any restrictions as far as the scalability is concerned, so it seems to be just fine.

    All of our users are just office workers. 

    How are customer service and technical support?

    Our IT guy talks highly of the technical support, saying that they are pretty knowledgeable. He never complains about them. 

    Which solution did I use previously and why did I switch?

    I've had WatchGuard ever since I put my network together. All I've used is WatchGuard.

    They were discontinuing support for the last one that I had. Therefore, I had to upgrade to the M200.

    How was the initial setup?

    The initial setup is complicated. Unless you know what you're doing with it, you can make mistakes, which are really difficult to recoup from. You have to know what you are doing with it. Otherwise, you'll screw it all up.

    It only took our IT guy probably an hour to set it all up, but he knows what he's doing with it. He works with them everyday.

    What about the implementation team?

    I just used an integrator for the deployment, who was good. I have worked with him for years.

    What's my experience with pricing, setup cost, and licensing?

    There is an additional cost for support on top of licensing. When I bought my new unit, I received additional time added to my support. 

    Which other solutions did I evaluate?

    I just went by what my IT guy recommended, so I didn't really evaluate any others because he's very knowledgeable on all of these type of things. I just went off of his recommendation.

    What other advice do I have?

    The functionality of the unit is great. However, you have to be pretty knowledgeable on how to work with its interface.

    I don't any plans to increase usage. The product is always on and always being used.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Woodworker at Creative Woodworking NW
    Real User
    Protects my network and I don't have to deal with downtime
    Pros and Cons
    • "It protects me against malicious websites, as well as malicious downloads, as a perimeter anti-virus. I've also seen it blocking a lot of pings and different probes."
    • "I would like to see more simplified management of the firewall... It's a complicated system to use."

    What is our primary use case?

    I use it for protecting my network and for routing. Also, if my network connection goes down with CenturyLink, it automatically switches over to my Verizon cellular.

    How has it helped my organization?

    It protects me against malicious websites, as well as malicious downloads, as a perimeter anti-virus. I've also seen it blocking a lot of pings and different probes. 

    A file wasn't opening on one of our mobile devices, so the owner said, "Hey, open it on your computer," and WatchGuard stopped it. I didn't have to try to remove a virus from my accountant's computer because WatchGuard stopped it. 

    It has also saved me time by not having to rebuild because of damage to the network due to nefarious situations. Since I installed WatchGuard, it has probably saved me 20 hours a year thanks to increased uptime as well as not having any issues with viruses on computers. It's protecting my network and I don't have to deal with downtime.

    It has increased productivity in security management.

    I've also had very good uptake time. I would have to reboot my previous routers once a month or so or try to figure out what was wrong with them. With WatchGuard I've had zero problems. If I ever have an issue with connecting to the internet, it's always due to my internet provider.

    As the person who manages IT for the business, it saves me thousands of dollars.

    What is most valuable?

    • Safety
    • Uptime

    The solution's reporting and management features are good.

    What needs improvement?

    I would like to see more simplified management of the firewall. It's something that I've had to bring in outside support for - for setting up the firewall - because I don't fully understand it yet. I've been learning it. Some of that is my fault, but it's a complicated system to use. I don't know if it can be simplified much, because of the nature of what it's doing. But it's very complicated.

    For how long have I used the solution?

    I've been using it for about three years.

    What do I think about the stability of the solution?

    It's very stable. I haven't ever had a product that is this stable.

    What do I think about the scalability of the solution?

    It appears to be scalable. Scalability doesn't apply to me very much. I did have to buy a new router since the last one wasn't powerful enough. But it was not too bad because I was able to upload all my previous settings to this new one. It handles our entire network, but I don't have any plans on increasing usage.

    We have 15 employees and everyone uses it for some sort of connection, whether it be for their phones to connect to our server for our time-tracking system, or for our office computers. I'm the only person who takes care of its maintenance.

    How are customer service and technical support?

    I would rate their technical support very highly. They are very knowledgeable.

    Which solution did I use previously and why did I switch?

    I used Ubiquity. I switched because it was not stable and it would not provide a lot of the services that I needed.

    How was the initial setup?

    It was complicated, but it's hard to say that it's the fault of the device itself, and not the complexity of what I was doing. It's managing my internet connection. I eliminated my internet provider's modem from my network. It's doing all of the routing and the work of the modem for my fibre internet connection. So it was complicated to set that up with my internet provider, but I don't know if that's due to the appliance itself.

    The deployment took less than a day. It's hard to say exactly how long it took because I do woodworking as well as maintaining our network. It's hard for me to give it my full attention but I would say it took about four hours.

    What about the implementation team?

    I purchased it through Last Mile Gear, a reseller. One of their techs assisted me in installing it. He was pretty helpful. I also called WatchGuard's helpline and they were very helpful.

    What was our ROI?

    The service seemed fairly expensive, but when I saw it stopped a malicious file and saved our computer from having to be rebuilt, I upped it to their Security Suite. It definitely showed itself to be useful, and I'm glad that I have it.

    It's prevented network intrusions, which is invaluable. Having 100 percent uptime so far has made it a great value.

    What's my experience with pricing, setup cost, and licensing?

    The cost three years ago was about $800. There were no additional costs beyond the initial purchase.

    Which other solutions did I evaluate?

    The reseller recommended WatchGuard, so that's what I went with.

    What other advice do I have?

    If you can understand the way the firewall works, the logic of the firewall, it will serve you really well. It's a very stable, great product.

    I started with a T10. I ended up needing a more powerful version, so I bought the T30 about two years ago. I've been very happy with it. The usability is difficult but it's a complicated system. It's a professional solution. I wouldn't recommend it to my friends for their homes, but for business, I think it's a fantastic solution.

    I'm happy with the throughput on the T30. The T10 was definitely lacking. It was definitely slow.

    I would rate it a nine out of ten. The way to make it a ten would be to make it easier to use for a novice.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Joseph Jansen - PeerSpot reviewer
    IT Specialist at Art Students League
    Real User
    Easily understood and managed and it's simple to do network diagnostics
    Pros and Cons
    • "It's pretty simple to understand when you want to do any diagnostics on your network. If you want to go in and see what packages are having trouble getting through, what's being held, stalled, etc., it's very easy to use in that way."
    • "One other shortcoming is that there is no backup for it. We really haven't figured out how we might solve that problem. We may want to put a duplicate in... With WatchGuard, we just have the one box. If that were to fail, we'd probably be really hurting."

    What is our primary use case?

    We really don't use the firewall too much, we use it more as a VPN. We've got several different networks that we're joining through WatchGuard.

    How has it helped my organization?

    It has made firewall configuration really simple. It doesn't take years of training or certificates to go in and manage it. That's a big deal. We set up our firewall, operating as a VPN. It's bringing several networks together and it made that process easy.

    In terms of my job, it's taken so little of my attention. I have worked with Cisco firewalls and they were complex. WatchGuard is easily understood and managed. It's easy to watch traffic go through the network, to look for ports that are closed or open, and to see what's actually moving through the network and what's not. It has made it easy to understand network traffic.

    The learning curve is very small in comparison to the Cisco firewall. Within two hours, I was managing WatchGuard, whereas with Cisco it might have taken a month to accomplish that same level of proficiency. As far as the control of traffic is concerned, I spend one or two hours a week on WatchGuard, as compared to about eight hours with the Cisco firewall. It has freed up my time to do other things.

    What is most valuable?

    What I like most is the analytical side. It's pretty simple to understand when you want to do any diagnostics on your network. If you want to go in and see what packages are having trouble getting through, what's being held, stalled, etc., it's very easy to use in that way.

    In terms of the usability overall, it's pretty simple but, at the same time, it's pretty full-featured in terms of what it can do. We only use part of it, only because that's where we're at right now. But for a small network, for a small organization, especially, it's a complete solution to your firewall needs. It's relatively simple for me to get into and to work with when I need to; if I need to set up an ARP table or to create different reports. For a smaller network with lesser-trained IT people - if they're lucky, they've got one IT guy trying to do it all - it's an excellent size. Whether you've got a few machines or several hundred, it's pretty simple.

    What needs improvement?

    One of the things that is always valuable is workshops. It's really hard to get away and do webinars, but what I would like is a selection of webinars. I see WatchGuard comes forward with a webinar where they're going to introduce this or that. I'd like to see a lot more of those and a lot shorter.

    On lynda.com I can just point to a video to show me something I need to know how to do; for example, how to merge contacts in Outlook. But it is a ten-minute video. I would like to see more of that kind of learning. I'm sure WatchGuard has got all these videos, has got the webinars and the training sessions. But when I need to know something, I need to be able to get to it quickly. I want an indexed learning system very close to what lynda.com might use. I also want to be able to put questions forward either in a "frequently-asked-questions" forum or by sending them up to the support team for quick reply. 

    I want to be able to go to a portal and put in my problem and have WatchGuard bounce back to me with, "Well, this is how we can do it," or "We don't have a solution for that." And then I can go to other vendors to look for a solution.

    The more targeted learning system I can have, the better. If I have to schedule a webinar that might take 30 minutes, there's a good chance I'll miss it. I sign up for webinars and it happens that I'm not available because I've got other fires going. The learning has to be there almost at my whim: "I've got a fire burning, I've got to figure out how to put it out. I need a ten-minute video to show me." Those learning sessions have to be available and easily found, when I need them. I have so little control over my schedule on a daily basis, and I'm sure I'm like many others.

    One other shortcoming is that there is no backup for it. We really haven't figured out how we might solve that problem. We may want to put a duplicate in. With Cisco, it's not uncommon to have dual firewalls with something our size. That way, if one were to fail, we've always got the other. With WatchGuard, we just have the one box. If that were to fail, we'd probably be really hurting.

    For how long have I used the solution?

    We've been using it for about 14 or 15 months.

    What do I think about the stability of the solution?

    I haven't had to look at it in nine months. It just works pretty painlessly. It's very stable. It's kind of invisible.

    What do I think about the scalability of the solution?

    We haven't hit a limit. We have the wireless running through it, a camera system running through it. There are 50 workstations running through it, as well as servers. I don't have any problems with it whatsoever. 

    How are customer service and technical support?

    Tech support is everything for any product. WatchGuard's technical support is up there at eight or nine out of ten. That's really what you're looking for in a product; more than the product itself, it's that support. If it's not there, you can just frustrate yourself to death on solutions. WatchGuard is support is easily available and know what they are talking about.

    Which solution did I use previously and why did I switch?

    We were looking for a solution. The engineer that I had knew of WatchGuard and thought it was probably a good idea, and that was the whole strategy. He had worked with it before and he was the lead engineer when we implemented it. He was right about WatchGuard, it is a good product.

    We were using Ciscos. They were aged and out of date. They were pretty well done. Our options were to get new Ciscos and get them configured. Of course the deployment and hardware were expensive. And the maintenance or the management, in the long run, was much more expensive.

    With the WatchGuard, the initial hardware was less expensive. And the implementation, because it didn't require as much training, was much less expensive. And the management is much less. When I say "much less," I'm talking about 25 percent of the cost of what the similar Cisco would be.

    How was the initial setup?

    I remember it being somewhat complicated. There were some complications we ran into; it didn't seem to be quite as easy as what we'd hoped. We did have really good support though, from WatchGuard, on the other end, assisting with the setup. That made all the difference in the world. That made it pretty painless. That was the key. 

    When you're configuring a new piece of hardware, there's always some little switch that you miss or that just doesn't make sense. When you've got that support on the other end they know exactly where to go... WatchGuard had that.

    At first, we were running into some issues configuring it to meet our needs. It was throwing us for a loop for a while. The issue was setting up the correct rules. But from the time we got that done, it just sits there and runs. We've had it 15 months and I haven't seen it in nine months. We got it configured and set up, and it just operates. 

    We had it running on the first day, literally within hours. We had a lot of configuration to be done over the next six months, twists here and there. But as far as actually being able to set it up and have a firewall in place, that was done within two or three hours.

    What's my experience with pricing, setup cost, and licensing?

    There are no costs in addition to the standard licensing fees. It was pretty much, "Get the license and you're good to go for the year."

    Which other solutions did I evaluate?

    We looked at Cisco in addition to WatchGuard. We didn't look at anything else.

    What other advice do I have?

    I wouldn't hesitate to implement this solution. Particularly if you're down to an IT staff of one, this is a really good solution. If you're that small and your IT staff is very limited, then you're probably lacking the onsite expertise to move to a more expensive solution anyway. I would strongly recommend it.

    We've got three people who sign in to WatchGuard, me and two others. Beyond that, everybody else is just an end-user. I'm the only full-time IT person we have on staff. We do have a vendor that we use for a lot of our engineering solutions and design. They spend about 12 hours a week on our network.

    As for increasing our usage of it, I don't know what all its capabilities are. I deal with problems all the time and I have to come up with solutions for them. I don't foresee any expanded use of WatchGuard. However, it may be that it can solve some of my problems much more simply than some of the other solutions I'm thinking about. But I don't really know how it could at this point, so I'm not seeing us using more of it than we are now.

    I would give WatchGuard a ten out of ten. It's simple, easily managed, and it has good tech support compared to other products out there. Because it is a full-functioning firewall, it does everything with full support. You're not buying a cheaper quality of firewall at all. It's full quality, fully functional and has good support.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    JimWarren - PeerSpot reviewer
    IT Manager at Horizon Forest Products
    Real User
    Allows us to self-manage our network and branch office VPNs while saving money
    Pros and Cons
    • "The firewall aspect and the branch office VPNs are the most valuable features... We don't have any issues with it. We don't have to spend a lot of time maintaining it."
    • "We use WatchGuard to manage our failover for internet. If a primary internet goes down, it does a failover to the secondary the internet. However, what it doesn't do so well is that if the primary internet has a lot of latency but it's not completely down, it doesn't do a failover to the backup in a timely manner."

    What is our primary use case?

    We use it for our firewall as well as for our branch office VPNs.

    How has it helped my organization?

    The WatchGuard devices allow us to self-manage our network and our branch office VPNs. As a result, we've saved ourselves a lot of money, without compromising our security. It provides a much more economical and effective solution. We used to have an MPLS network which was a cloud-based firewall system and it cost us a small fortune every month. But when we implemented all these firewalls and got it all configured, up and running, we literally saved ourselves $10,000 a month.

    It makes managing the network a lot easier. It takes care of our network for us.

    Once it was set up and running, it began to save us time. It works, and we spend very little time managing it. We have very few issues with it. We might spend an hour a month managing it, if that.

    What is most valuable?

    The firewall aspect and the branch office VPNs are the most valuable features. They just plain work. We don't have any issues with it. We don't have to spend a lot of time maintaining it. You set it up and, for the most part, you can forget about it.

    In terms of the usability:

    • It's user-friendly with an easy user interface.
    • It has a lot of features.

    The throughput the solution provides is good.

    In addition, WatchGuard provides our business with layered security. It certainly protects our network, blocks unwanted incoming traffic and, at the same time, can manage outbound traffic too.

    What needs improvement?

    We use WatchGuard to manage our failover for internet. If a primary internet goes down, it does a failover to the secondary the internet. However, what it doesn't do so well is that if the primary internet has a lot of latency but it's not completely down, it doesn't do a failover to the backup in a timely manner.

    For how long have I used the solution?

    We've been using WatchGuard for about three years.

    What do I think about the stability of the solution?

    The stability is great. 

    What do I think about the scalability of the solution?

    We don't really have any experience with the scalability. We implemented the appropriate devices for our size and we haven't really grown to the point that we've had to upgrade devices. The scalability is fine in the sense that we have some locations with more people, and WatchGuard has a slightly beefier device than we use at some of our smaller locations. All in all, it works well.

    All of our networks are managed by WatchGuard. If we add locations we'll be using it for them as well in the future, although we don't have new locations on the horizon. We use it every day because it manages our network. Because all of our network traffic runs through WatchGuard, everybody uses it. But they're not using it for a specific function, other than to communicate between locations.

    How are customer service and technical support?

    The customer service is good. If we have an occasional issue there are helpful. They help us resolve problems. Overall, I'm pleased.

    Which solution did I use previously and why did I switch?

    We had a third-party MPLS network that managed all of the cloud-based software but it was very expensive. It was similar in effect, but it was a third-party, as opposed to WatchGuard which is self-managed. The main reason we switched was the pricing.

    How was the initial setup?

    The initial setup was a little complex. But once we understood how it works and after we got the first one configured, the rest of the firewalls were pretty easy. It is pretty straightforward. It is just a matter of learning it initially: understanding the nuances of the application and the user interface, understanding how to set it up and understanding what does what and the naming of features. That initial learning curve was a little steep, but once we got into it, it made a lot of sense.

    Company-wide, our deployment took about 30 days.

    Our initial implementation strategy was to do a backup to the internet and ultimately remove our MPLS and use the branch office VPN to manage it ourselves.

    What about the implementation team?

    We were helped by an authorized WatchGuard reseller on the initial setup. Once we got through the first one, we took over from them internally. The reseller was NetSmart. Our overall experience with them was very good.

    We still have a relationship with them. We do a lot of our stuff in-house, but if we have something that we need a little bit of help with, we do reach out to them from time to time. But doing so, for us, is pretty rare at this point.

    What was our ROI?

    We have absolutely seen return on investment. We saved a small fortune switching over. It paid for itself, literally, within the first couple months.

    What's my experience with pricing, setup cost, and licensing?

    When we bought them we got a three-year license for each device. The two larger devices are about $1,000 each and the smaller ones are about $500 or $600 each. 

    There are some additional software features that you can add on and pay for, but we don't use them. 

    Which other solutions did I evaluate?

    We didn't evaluate other options. The WatchGuard reseller was a company we had done business with before and they recommended it right out of the gate. We went with that.

    What other advice do I have?

    It's worth it, depending on your current network environment. If you are in the same situation we were in, it's really a no-brainer going from the MPLS network to self-managing it with simple broadband internet. It works great. To be honest, you'd be crazy not to do it. The advantages of WatchGuard over MPLS are that it's cheaper and you have more control because it's self-managed. The only con is that it does require a little bit of maintenance that you wouldn't otherwise have to do, but it's minimal.

    In terms of distributed locations, we have a firewall at all of our locations. Once we got it set up we'd visit a branch, install it, test it, and implement it.

    As for maintenance, it requires just one person, a network administrator. We manage it ourselves and there's not a whole lot to it.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Rick Phillips - PeerSpot reviewer
    IT Manager at IDI Distributors Inc.
    Real User
    VPN and proxy features enable us to connect all our branches to headquarters with excellent throughput
    Pros and Cons
    • "The most valuable are the VPN and proxy features."
    • "It's very hard to get information from their website, for exactly what I need to do. Sometimes I end up having to open a lot of support tickets... It's a navigational issue which makes it hard to find what I'm looking for and it's just so broad."

    What is our primary use case?

    Our primary use case is VPN connectivity between 50 locations and our headquarters.

    How has it helped my organization?

    It saves us a lot of money over MPLS connections, about $125,000 per year.

    WatchGuard provides us with one of our layers of security. The HTTPS proxy is where a lot of things get trapped.

    What is most valuable?

    The most valuable are the VPN and proxy features. We have all the sites we have to connect and that's how we do it.

    I've been using it for so long so I'm pretty used to it. But I think it's fairly simple to use and understand. It helps if you're an IT expert. There isn't much of a learning curve if someone has an understanding of connectivity and firewalling. If they don't, there is certainly a learning curve.

    The throughput is excellent. It's only limited to our bandwidth. We haven't had any trouble with throughput. The throughput of the firewall, in all cases, seems to be better than the bandwidth available. It's not the bottleneck.

    I don't use the reporting features a whole lot, but Dimension is pretty good.

    What needs improvement?

    It's very hard to get information from their website, for exactly what I need to do. Sometimes I end up having to open a lot of support tickets. It's either too detailed or not. I never have good luck with their online tools. It's a navigational issue which makes it hard to find what I'm looking for and it's just so broad.

    In addition, I have had a ticket in for an awful long time regarding a bug that they should address. If you're using a firewall as a DHCP server, it doesn't keep a good record of the leases. I opened a ticket on this about two years ago, and every couple of months I get an email back that it's still under engineering review.

    For how long have I used the solution?

    I have been using WatchGuard for 15 or 16 years.

    What do I think about the stability of the solution?

    They're very stable. I've had one firewall fail at 50 locations in the last ten years.

    What do I think about the scalability of the solution?

    Scalability for me would mean, as we add more branch locations, the firewall here can support all of those VPN connections, and I'm not even scratching the service of what it can hit. It's very scalable.

    How are customer service and technical support?

    Tech support has been good. It's gotten a lot better the past few years; it's very much improved. Twelve years ago it was the worst. Now, it's very good. They get back to me in a day if it's nothing critical. And I don't ever really have to escalate. They're pretty resourceful and understand their product.

    Which solution did I use previously and why did I switch?

    Previously, I built a Linux box.

    How was the initial setup?

    The initial setup is very straightforward. I've done it so many times that I could do it in my sleep. It's pretty simple to run through the GUI and get a quick setup. It's like if you asked me, is it hard to drive a car? I've been driving a car so long I don't know any other options. It takes me maybe an hour to set one up and get it ready to send out. At that point, it's fully configured. It's just plug-and-play when it gets to the location.

    I, or one of my IT guys, will often have to be onsite. We'll send one out to a branch, then we'll have to walk the warehouse manager through how to plug things in. Deploying it to distributed locations consists of plugging it into the modem and plugging it into the network, assuming I programmed it correctly.

    Deploying it requires just one person. We have three people in the IT group maintaining the entire network, but it's mostly me. It takes me about five hours a week.

    What was our ROI?

    ROI is very abstract for a security tool. As far as being able to create VPN tunnels versus having it managed by another vendor, as I said, it saves us about $125,000 a year, maybe a little more. Even comparing it so an SDYN solution from an outside vendor, it's a lot less expensive.

    What's my experience with pricing, setup cost, and licensing?

    We only license our corporate one and the one we have at our DR site, we don't worry about the branches. It doesn't pay for us to license the ones at the branches. What they charge for what they call basic maintenance is extremely high for those little fireboxes. So we don't bother with them.

    What other advice do I have?

    They're good machines. They're fairly easy to configure and they're stable.

    We mostly use the M400 at corporate and at our branch offices we use T35s, T30s, and XTM25s. In terms of additional usage, I'm looking at the management console and, possibly, the drag-and-drop VPNs.

    I would rate it at nine out of ten. The documentation makes it a little hard to find what I need sometimes.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    I.T. Manager at a construction company with 201-500 employees
    Real User
    A global map allows us to block an IP based on the country it's coming from
    Pros and Cons
    • "The Dimension control, the one-spot reporting and control, has been nice. It's been easy to go in and make sure people are doing what they're supposed to be doing and that only the right stuff is getting in."
    • "A 12-hour power outage... got our batteries."

    What is our primary use case?

    We use them as our firewall in every location. It's extensively used and our locations for it are ever-expanding. Right now, we have 14 locations with them. We have everything from the M300 to the T50-W to the T30-W.

    How has it helped my organization?

    Like any other firewall, if it goes down, it's going to cause problems but these don't go down.

    If I had to spend half my day fighting the stuff that it's keeping out, in that sense, it's increasing productivity. But if I was having to do that, I would find something else.

    What is most valuable?

    There are a lot of features I really like.

    One of them is that the interface is more intuitive for us. And the success rate has been very good for us. It's easier to use than a SonicWall. There's a learning curve with every firewall, but this one is a lot more intuitive than some of the other ones I've used.

    We've been very happy with the throughput and the performance the solution provides.

    The Dimension control, the one-spot reporting and control, has been nice. It's been easy to go in and make sure people are doing what they're supposed to be doing and that only the right stuff is getting in.

    It provides us with layered security.

    It's got a global map where you can block IP based on which country it's coming from. I haven't seen that on anything else.

    For how long have I used the solution?

    I started here in 2009 and they already had the WatchGuard at that time. So I've been using it for about ten years.

    What do I think about the stability of the solution?

    They work. We don't have to boot them. 

    The only time they get booted is if there is a major, extended loss of power. Otherwise, they just stay up and running. The location I'm at has been up for 90 days and the only reason it went down 90 days ago was that we had about a 12-hour power outage. It got our batteries. It got everything. But like I said, they're reliable.

    What do I think about the scalability of the solution?

    There is scalability because they have different models to choose from, as long as you buy right.

    We have 500 employees and about 150 users. I'm sure we have plans to increase usage. In terms of how extensively it is being used, it's filtering every piece of internet traffic we have.

    How are customer service and technical support?

    I haven't had to use their technical support in about seven years.

    How was the initial setup?

    When it comes to installing a new box, it's pretty simple. We have a config we copy over to it and then we just customize that config with the IP addressing that we need at that location. It doesn't get much easier than that. It takes less than an hour and takes one person to deploy it.

    What about the implementation team?

    We used a third-party integrator when we did our mass upgrade in 2017. At that time, all of our other ones had become end-of-life. They were Firebox Edges. We bought the boxes, dumped the configs on them, between us and the third-party, and either I or the third-party would deliver and install. Onsite downtime was as little as ten minutes.

    Deploying it to distributed locations was super-simple.

    What was our ROI?

    We haven't had anything get through it. It's hard to say what your return on investment is when you're saving problems. You can't quantify how many possible threats you're saving in a day.

    What's my experience with pricing, setup cost, and licensing?

    We bought ours bundled with two or three years at the time we bought them. I haven't seen the pricing since 2017, but it was competitive. SonicWall, Barracuda, and WatchGuard were all about the same price when we did our last pricing.

    Which other solutions did I evaluate?

    We investigated SonicWall back in about 2016 and decided to stay with WatchGuard because we felt the interface was a lot better. It's also easier to manage, easier to keep an eye on. We really despised the SonicWall. The support for it was awful. Dell already had it and it was bad. I had experience with SonicWall in the past, before it was a Dell company. The SonicWalls were pretty good then.

    We looked into Barracuda. We didn't actually test it. We used some other Barracuda stuff, but we didn't actually even test their firewall. I don't remember why we didn't go with them. That was a decision made three years ago. We use their backup appliance and couldn't be happier with it, so it wasn't a support issue or a reputation issue. I don't know if there was a little difference in pricing which was the reason that we didn't try it.

    We investigated the other one, we actually put the test box in, and Firebox was far superior to what we tested.

    What other advice do I have?

    Give Firebox a good, strong look. Give it a test run and I'm sure you'll be happy with it. We've always had it. Our opinion of it is that it flat-out works and we're very satisfied with it.

    I'm sure there are better ones out there for somebody who has more time to manage it. But if you're looking for something so that you don't need a dedicated staff to manage it, I'd say this is a pretty good one. I give it a nine out of ten.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Sr. Systems Administrator at a individual & family service with 201-500 employees
    Real User
    They are great, functional and useful devices.
    Pros and Cons
    • "I like the High Availability features of the newest ones I'm using because they allow a firewall to fail and still be up and running."
    • "I like their management features a lot. Their System Manager server as well the System Manager software make managing them, and tracking changes, very easy and complete."
    • "The documentation for the System Manager/Dimension configuration, could be a little bit clearer... The use case where you have multiple sites with multiple firewalls, and one site that has the System Manager server and the Dimension server, wasn't really well defined. It took me a little bit of digging to get that to actually work."

    What is our primary use case?

    Production business use at multiple interconnected locations.

    How has it helped my organization?

    It is one of the layers of our security and it definitely does protect us from many attack vectors. Between the antivirus scanning, the blocking, and DNSWatch, it is protecting us from a number of attack vectors. It is also provides useful diagnostic tools for identifying and troubleshooting issues. A recent example was when a few LOB network devices were having issues which was affecting operations. ZazaThe ability to search the realtime and historical logs helped me to navigate, zone in, and identify the ultimate issue. It ended up not being the firewall, but fast access to the logs helped me determine and prove that to be the case.

    Because of the way it's organized and the user-friendliness of the device, it does make my job managing the firewall profiles and security a lot easier. There's nothing you have to do through the command line. Being able to definitively know what the configuration is, visually, being able to edit it offline without affecting production have all been big time-savers for me. When I had to do two firewalls which had similar configurations it saved me at least 20 hours of setup work. Templates allowed me to create and define a bunch of objects once and use them in both places.

    Overall, per month, Firebox will save me four to five hours, depending on if there's something I have to investigate.

    What is most valuable?

    The Application Control and web blocker have been very valuable because they let me control the outgoing traffic of my users and keep them off of both productivity wasters and sources of vulnerabilities in my environment. 

    I like the High Availability feature because it allows a firewall to fail while keeping the environment up and running.

    In terms of its usability, it's very straightforward to use, once you understand the way they look at a firewall and the design choices they made.

    The throughput the solution provides is excellent. I have not had any performance-related issues with any of the fireboxes I've used.

    I like their management features a lot. Their System Manager server as well the System Manager software make managing them, and tracking changes, very easy and complete. In terms of the reporting, I am just starting to look at the reports in Dimension and they look pretty well-organized and useful.

    What needs improvement?

    The product could have some more predefined service protocols in the list, which don't have to manually be defined. But that's very low hanging fruit.

    The documentation for the System Manager/Dimension configuration, could be a little bit clearer. The use case where you have multiple sites with multiple firewalls, and one site that has the System Manager server and the Dimension server, wasn't really well defined. It took me a little bit of digging to get that to actually work.

    For how long have I used the solution?

    I have been using WatchGuard Fireboxes for about six to seven years.

    What do I think about the stability of the solution?

    It's pretty rock-solid. I've never had to reboot one because it was acting in an unstable manner and have some that I ran through their entire usable lives without issue.

    What do I think about the scalability of the solution?

    The scalability is good, assuming you buy the right model. They make it easy to trade up to a bigger model without having a big, financial impact, giving you a discount to trade up. 

    How are customer service and technical support?

    The times I've used technical support it was excellent.

    Which solution did I use previously and why did I switch?

    I moved from FortiGate. The reasons i switched include price - WatchGuard is a lot more cost-effective than FortiGate - and complexity. FortiGate is very complicated, had little documentation which relied heavily on cookbooks, and a lot of command-line required to get some common things to work. WatchGuard is very well-documented and everything fits within their configuration. Nothing that I've encountered has to be done through the command line. And when your subscription expires on the WatchGuard, it will still pass traffic, if you configure it to. FortiGate will only allow one connection out. 

    How was the initial setup?

    The initial set up was very straightforward. You take it out of the box, you plug it in, you download the software, and it starts working. That's what I consider to be the initial set up, and that was very easy and very fast.

    The deployment took me a total of about 40 hours for two sites, two firewalls, and with an incredibly complicated configuration. The complexity was a product of the environment, not the firewall.

    I utilized the template feature to make everything that could be the same, the same across both sites, which are connected locations.

    What about the implementation team?

    In-house.

    What was our ROI?


    What's my experience with pricing, setup cost, and licensing?

    They are well priced for the market and offer discounts for competitor trades and model upgrades which are definitely worth taking advantage of.

    Which other solutions did I evaluate?

    FortiGate and WatchGuard were the only two I've evaluated recently.

    What other advice do I have?

    I would definitely recommend using WatchGuard.

    I would also recommend taking one of the courses that goes through all the features of the device and the way it is organized. Every firewall vendor looks at things differently. If you don't understand the way WatchGuard is structured, you may make a strategic mistake in setting it up and you'll have to tear some of it down and redo which is true of any firewall. Leanr and use the tools Watchguard  provides.

    I used to do everything in WatchGuard through their Web UI but I now use the System Manager software because it is very valuable. It provides a lot of features that I had not realized I was missing. The System Manager Server is able to store previous versions of the configuration, and to force people to enter comments regarding what they changed when they save one. Being able to compare the configurations side-by-side, and have it tell you the differences are great tools that you should know about if you're going to start implementing a WatchGuard.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    IT Manager at Yamazen Inc
    Real User
    GUI makes setup easy and provides us with graphical, real-time bandwidth usage
    Pros and Cons
    • "The most valuable feature is the GUI, especially the real-time bandwidth usage report. Also, its integration with WiFi access points is nice."
    • "We bought Firebox four or five years ago, and with the first version I had to reboot it every two or three months for no apparent reason. We upgraded last year to the M370 and it's been running, but it is rebooting from time to time. I don't know why."

    What is our primary use case?

    Our primary use case is for firewalls.

    How has it helped my organization?

    We were using Websense before, for website filtering, and we had to configure the device to block and monitor. Then we would go to Cisco to configure the firewall ports and then we used antivirus software to protect that the gateway from viruses. So we were using three or four different security products. WatchGuard integrated into everything in one place, so it's much easier to configure.

    It has simplified my job. Before WatchGuard, we needed one person inside and two people outside to set up our network. Now I can do it by myself.

    The solution has saved us 30 minutes to an hour every day. In terms of productivity, before WatchGuard we had given up checking the logs because there was so much information. But now, with its graphical interface, it's much easier to get the information that I need: the violations and sever errors are easier to pull out.

    What is most valuable?

    The most valuable feature is the GUI, especially the real-time bandwidth usage report. Also, its integration with WiFi access points is nice.

    The product's usability is very good. We were using Cisco products before, and that was terrible. The difference is in integration. With Cisco we had to go into the command line to configure devices. With WatchGuard we can do everything from the GUI, so it's much easier to set up and to make sure everything is working the way we want.

    The throughput of the solution is good. It's also very good at reporting. I can see things graphically so I don't have to read through all the log text files.

    The solution provides our business with layered security. In terms of the attack vectors it secures, we have a firewall set up and it gives me reports. It also has an integrated web filtering solution. I can set up a website filter and it's all filtered in one place. I don't have to go to another solution.

    What needs improvement?

    I don't know if it's just my version, but the WiFi access point integration has just started. It's getting better but if there were more reporting of the devices that are connected to WiFi access points that would be great. Right now I can see the MAC address and bandwidth usage for each device but that's about it. If I could see which sites the devices are visiting and what kind of traffic is generated from each device, that would be great.

    For how long have I used the solution?

    We have been using Firebox for four or five years.

    What do I think about the stability of the solution?

    We bought Firebox four or five years ago, and with the first version I had to reboot it every two or three months for no apparent reason. We upgraded last year to the M370 and it's been running, but it is rebooting from time to time. I don't know why.

    What do I think about the scalability of the solution?

    Since everything is integrated, when there is really high user traffic, especially to the different locations, including email and everything coming in at one time, I see very high CPUs. It may not be as scalable as having three or four different devices running, one for each task.

    The bandwidth is good but we only have a 15 meg fibre to this location and I see high CPU usage, so I wonder how far it can go up. It's working well for us but if you are trying to go to 200 or 300 meg of bandwidth you may need to get a bigger WatchGuard.

    We don't have any plans to increase usage in the future. It has a hotspot client access which we're somewhat interested in, but we don't have many guests coming into our offices. That's the one area where we might spend some time.

    How are customer service and technical support?

    Technical support is really good. That's one of the best parts of this product. With Cisco, you have to transfer all over the place, but with WatchGuard there's a ticket system. When you open up a ticket, they are really responsive.

    Their response time is within a few hours. If you just log a ticket through the website, you get a response back within one to two hours. But if you call up, they respond really fast. And it's a real tech guy responding back. You go through all your details and you get answers right away.

    At times I have made an additional feature request and even I have forgotten that I requested it, but they keep following up. I have to say, "It's okay now, forget it."

    Which solution did I use previously and why did I switch?

    We were using Cisco Professional Services whenever we had to tweak our IP forms or QoS and those advanced types of changes. The outside consultants were costing us money. With WatchGuard we can do the setup by ourselves. We tried it and found we could do it.

    How was the initial setup?

    The initial setup was very straightforward. The graphic interface gives you bandwidth control, traffic control, and a graphics screen, unlike the Cisco products where you have to go into the command line. There, you are typing commands but it's really hard to tell if it's working or not. With WatchGuard, it gives you the response right back and you see results right away. So, it's much easier to configure.

    Our deployment took about three days. To get it up and running it took about one hour. The rest of the time was to tweak our firewalls, open up this port, open up that site.

    Regarding our implementation strategy, we have ten remote locations. We started with one branch as a test bed, set up a template there, and applied it to the corporate site here. When we applied it to the corporate site it took a little while, about three days. But once the corporate template was done, the other sites were quick. We set up the device, and it shipped it out and, in ten to 15 minutes, it was up and running.

    What about the implementation team?

    We purchased the solution from a local distributor, Jensen IT, and they had a support line. We called up two or three times. Our experience with them was very reasonable.

    What was our ROI?

    From a pure cost standpoint, we cut our fees in half by moving to WatchGuard. And in terms of time, we are spending one-third or even one-fifth of the time we were spending on Cisco devices. Those are substantial savings.

    What's my experience with pricing, setup cost, and licensing?

    The price is so small that I don't pay attention to it anymore. I think we pay a few thousand dollars for two to three years, so about $100 per month. That's for all of our users.

    There is an additional cost if we want to go with a deeper licensing model, but we just pay for antivirus, IPS, and main product support.

    Which other solutions did I evaluate?

    At the time we made the switch to WatchGuard we were also using two or three different solutions to manage security and our internet connection. We were using Symantec Gateway for antivirus protection, Websense for web filtering, Symantec IPS reporting, and Cisco.

    The integration of all of those with our system was cumbersome and there were maintenance fees and license fees being paid to four or five companies. All licensing terms were different and it was really cumbersome to manage. With WatchGuard, everything is really in one place.

    However, for one of our new locations we started using Meraki, which has cloud capabilities so I can remotely manage the setup of the firewall for remote offices. For ease-of-setup, Meraki is a little bit easier. If you want an easy solution in terms of setup, Meraki might be a better solution. But there is a lack of depth of setup on the Meraki, while WatchGuard is a real firewall solution. In the new office, we only have a five people, so the WatchGuard features may be a little bit too much that size of office.

    Firebox has a very small model for personal use, a home-use product, but we did not test it out. That might be a good fit, but the value for a very small office may be a little bit of overkill.

    What other advice do I have?

    If you have a small IT staff and want an easy-to-set-up solution, I would one hundred percent recommend WatchGuard. If you have a very serious, big IT department and a big business, you might want to test out the throughput and the stability.

    In each of our ten remote offices, we have about ten to 15 people using it. At our corporate office we have 70 to 80 people. We require two people for deployment and one person for maintenance of the solution, including me, the IT manager and, our systems administrator.

    I would rate the solution at nine out of the. It's just missing that stability point.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Technical Support at a tech vendor with 11-50 employees
    Real User
    Detailed reporting and Active Directory Integration make this solution easy to configure and use
    Pros and Cons
    • "The reports are detailed."
    • "This solution needs the option to add an external hard drive."

    What is our primary use case?

    We are not currently using this solution. Rather, we are reselling, and I have implemented these systems.

    The most recent one I implemented was an M200 model that was being used as a gateway firewall to control their internet usage, primarily for URL filtering.

    How has it helped my organization?

    The reports are detailed. Rather than showing the IP address for a query, such as "who is the most active internet user", it will show their name and the specific activities that he or she is browsing on the internet.

    What is most valuable?

    The most valuable feature is the Active Directory integration. WatchGuard is very easy to integrate with. The URL filtering is ok, but instead of filtering by IP addresses I usually set up filtering through Active Directory user profiles.

    I can import the users directly from Active Directory and create a space for a certain user or a certain group. This is something that is great because I have a lot of trouble setting this up with other products.

    I also liked a new feature, the WatchGuard TDR (Threat Detection and Response). This reports malware activity to the cloud.

    What needs improvement?

    This solution needs the option to add an external hard drive. The competitors have this. With WatchGuard, you have to get another server, set it up, and then point it to WatchGuard. That is where the logs will be stored.

    Some find this tedious because they have to get another server, although I find it advantageous because there is no hard drive needed. It removes another point of failure. In any case, if the customer wants an external hard drive then it would give them the option.

    I saw a feature in Cisco that was a historical trajectory of the files, or sets, moving in the network. I would like to see them include this feature in the next release of the TDR.

    For how long have I used the solution?

    Less than one year.

    What do I think about the stability of the solution?

    So far, the solution is stable.

    I have two customers who have experienced problems due to a storm. An electrical surge came through the internet line and caused damage to the port. This had nothing to do with the stability of the product itself.

    What do I think about the scalability of the solution?

    In terms of updates, it is one of the easiest firewalls to update. I just download the latest one and let it work until it reboots.

    In the company where the M200 was implemented, they have fifty users.  

    How are customer service and technical support?

    Whenever I have a problem I contact the technical support and I normally have to wait at least a day for them to respond. I have opened approximately twenty tickets, and so far, all of them have been resolved.

    Which solution did I use previously and why did I switch?

    We used an older model of the WatchGuard solution, the T50 e-series, but we have replaced it. We received a discount on a bigger unit from Fortinet. However, we recently sold a WatchGuard M200 and I had the opportunity to use the product. Comparing what I see now to what it was before, there are a lot of good changes. Not so many in the GUI, so there is familiarity there, but I think that it is faster now.

    My customer for this solution did not previously have a firewall. It was just an open internet router.

    How was the initial setup?

    The initial setup is very easy for somebody who knows the product, so I can't say that it is complex. For someone who is new to the product, of course, they would find it intimidating at first.

    The deployment took three days, with the third day being the turnover. I had to train them on how to use it. The first two days were spent setting it up.

    One IT person handles maintenance for the solution, just for secondary support.

    What about the implementation team?

    I took care of the deployment for our customer.

    What's my experience with pricing, setup cost, and licensing?

    The subscription that was purchased is for three years but it is usually for one year at a time. There are no costs in addition to the standard licensing fees.

    Which other solutions did I evaluate?

    My customer was looking into Sohpos, but because the budget was drained they opted for WatchGuard. It was a cheaper solution.

    What other advice do I have?

    Based on the reactions from people who I have implemented this solution for, some of them find it difficult to use before they get used to the interface. At the same time, if they later move to another product then they say that WatchGuard is simpler.

    I keep hearing that WatchGuard is quite marginal because it is not listed as a leader in the Gartner Magic Quadrant. It is listed under Visionary. For a firewall product, I do think that it's a leader. It doesn't cost a lot compared to Cisco, Palo Alto, or others. I think that WatchGuard is good enough.

    I would rate this product eight and a half out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
    PeerSpot user
    Technical Consultant at Rainbow Security
    Consultant
    Protects us from daily attacks against our IT forum and email server
    Pros and Cons
    • "The most valuable feature for small and medium businesses is the support for various protocol proxies."
    • "It would be wonderful if the WatchGuard team develops nice products for threat intelligence."

    What is our primary use case?

    This device is for Unified Threat Management (UTM). Our primary uses for this solution are as a firewall, antivirus, anti-spyware, web-blocker, and APT blocker.

    How has it helped my organization?

    I can say that it has been defending our organization. There are from ten to one hundred attacks per day to our IT forum and our email server.

    What is most valuable?

    The most valuable feature for small and medium businesses is the support for various protocol proxies. Without any subscription, they can realize an IDS/IPS solution.

    What needs improvement?

    It would be wonderful if the WatchGuard team develops nice products for threat intelligence. They have a subscription service called DNSWatch, but this needs to be improved.

    For how long have I used the solution?

    Twelve years personally, but the company has had it running since early 2000.

    What do I think about the stability of the solution?

    This product is very stable.

    What do I think about the scalability of the solution?

    There is no problem with the scalability. If I need a more powerful appliance then I can buy it, but I can also use less powerful devices. Overall, scalability is ok with this solution.

    We have about fifty people using this solution. There are two IT specialists, and all of the rest are salespeople, office support, etc.

    How are customer service and technical support?

    The technical support is very good. I know only of one company whose tech support is better than WatchGuard's.

    Which solution did I use previously and why did I switch?

    I have experience with Check Point UTM, and I find that this application has approximately the same functionality, but it is cheaper.

    How was the initial setup?

    The initial setup is very easy. It is not complex.

    For a small organization that has between fifty and one hundred users, the deployment can be done in perhaps fifteen minutes to three hours. Our deployment took approximately one hour.

    Only one person is required for maintenance.

    What about the implementation team?

    We handled the deployment ourselves.

    What was our ROI?

    I can see ROI within several months.

    What's my experience with pricing, setup cost, and licensing?

    The cheapest configuration, for maybe five people, is approximately $500.

    There are several other license steps that vary based on the number of security services that are included in the subscription.

    Which other solutions did I evaluate?

    We had considered several other solutions such as pfSense, MikroTik, and Fortinet. However, we became a WatchGuard distributor for the territory of the Russian Federation, so we are using only WatchGuard solutions.

    What other advice do I have?

    It is a very reliable and very easy solution. I think it is the best solution in the world, judging by its price and quality.

    I would rate this solution a ten out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PeerSpot user
    Operations Manager at DLL Technologies
    Real User
    They have some of the best customer service in the industry

    What is our primary use case?

    At a specific client location, we are using the WatchGuard Firebox M470 to control all of the security protocols, routing, VLANs, and traffic. We have a 1GB internet circuit coming into the M470 firewall, and SFPs going out to the Netgear M4300-96X modular switch. From this switch, it goes out to the Netgear GS110 devices through SFPs.

    How has it helped my organization?

    WatchGuard Web GUI is one of the best consoles I have worked with. It makes each step very simple, while you can get granular too. It made the installation process extremely easy and simple for each step to program into the Firebox. The Firebox works well with other brands and also has the capabilities to use an SFP module to use fiber connections instead of Ethernet. We were able to remove over seven devices and replace them with two devices: Firebox M470 and Netgear M4300-96X. What a cost saving and less equipment to troubleshoot. 

    What is most valuable?

    Here are just some of the valuable features: 

    • WebGUI
    • Spam blocker
    • Website filtering
    • Internet security
    • Tech support is amazing.
    • Routing and setting up VLANs. 

    These are just some; there are so many more to go over. Depending on the customer's budget, I would always recommend WatchGuard Firebox and their other security products. They have some of the best customer service in the industry.

    What needs improvement?

    I don't think that WatchGuard would need to improve on their product. They have some of the least expensive appliances and software out there. They are extremely easy to use, the GUI is great through the web and on the desktop. That's why I feel WatchGuard has outdone themselves on their security products. Hands down, it's one of the best firewalls I have ever worked with.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    This Firebox M470 is a true workhorse and has been flawless. It has not crashed yet and has been on for over a year now.

    What do I think about the scalability of the solution?

    This product is very scalable: from the Total Security Suite to adding an extra module, to getting an extended tech support contract.

    How are customer service and technical support?

    Their customer service is one of the best and is extremely knowledgeable about their products. They are very responsive when calling and or if they need to call you back. They have been a key part of this major installation.

    Which solution did I use previously and why did I switch?

    I used a Sophos firewall that was already installed when we took over the account. The Sophos Web GUI is not that easy to navigate and completely different from most of the other firewalls out there. We switched because I professionally feel that the WatchGuard security products are superior over most of the other brands out there and their Web GUI is extremely easy to navigate and use. 

    How was the initial setup?

    The initial setup was straightforward, but there is always a learning curve on all devices.

    What about the implementation team?

    We used WatchGuard's team to help implement our programming into the firewall as our implementation was a one-off. 

    What was our ROI?

    Our ROI has been over 35% just on the equipment and the job.

    What's my experience with pricing, setup cost, and licensing?

    The setup cost is extremely low for what you get with the Firebox M470. The cost of the Firebox M470 was a third of the cost of a Barracuda and a high-end SonicWall.

    I loved that I could add an SFP module to the firewall and use both Ethernet and fiber connections. 

    You will need licensing for the security features like Total Security Suite, etc.

    Which other solutions did I evaluate?

    We evaluated SonicWall, Sophos, Barracuda, and Fortinet for our firewall needs. WatchGuard not only was a great price point but also comes with so many great features without having to pay too much.

    What other advice do I have?

    If you want a robust firewall that has a great price point, this is the best way to go.

    Disclosure: My company has a business relationship with this vendor other than being a customer: We are a reseller and an End user of their products.
    PeerSpot user
    COO/CTO at a pharma/biotech company with 11-50 employees
    Real User
    I discovered that I could still keep the data rates really high, up near the 1 gigahertz data speed, without compromise on the security perimeters being active simultaneously. The setup is complex.
    Pros and Cons
    • "I could still keep the data rates really high, up near the two gigahertz data speeds, without compromise on the security perimeters being acted simultaneously."
    • "Setup of this solution is complex, it's not plug and play."

    What is our primary use case?

    Intellectual Property protection for our and our clients' data.  We strategize for deployments of new products into Federal and State healthcare formularies.

    How has it helped my organization?

    I discovered the WatchGuard T-70 could still keep the data near the 1 gigahertz data speed, without compromise on the security perimeters being active simultaneously.  I got that information through my subscription with IT Central Station.  The WatchGuard T70 does not come with WiFi capabilities, offering flexibility for what WiFi devices you prefer.

    What is most valuable?

    Default set-ups found on the WatchGuard site and via YouTube are very helpful - the screen for set-up and adding additional features are lists with checkboxes.  Understand what you click before you do so.

    What needs improvement?

    The set-up and additional feature screens are old in design and very granular.  You have to know what you are doing.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    Stable - However, you need to add APC/UPC battery back-ups to avoid power outages/surges that will mitigate your time for trouble-shooting post-power outage.

    How are customer service and technical support?

    Yes, I had a positive experience with tech support.

    Which solution did I use previously and why did I switch?

    I previously used FortiGate. I moved from the FortiGate brand on account of when you turn on all of the FortiGate capabilities (80-C & 90-D), the protection is active but your data speeds drop significantly.  We had a Verizon FiOS fiber optic true gigabit subscription.  I noticed data rate drops as our 3rd party support team also noticed.  Upon system review, the function of the reduced data speeds was the Fortigate capacity.  We were literally locking up where we couldn't communicate. So, I went with the WatchGuard XTM T-70.

    How was the initial setup?

    Go to the WatchGuard site:

    >enter the model and serial number of your device

    >That loads the site automatically with the provisioning apps, firmware updates and other system checks relevant for that device

    > The set-up is nearly automatic

    > Once the firmware is updated, the device reboots

    > Drill into the site for additional steps and additional software you can activate - you have to know what they are talking about to understand which checkboxes to click and why.

    > You can reference the YouTube "JSCM" for extra support and background helps that go beyond the WatchGuard site. 

    What about the implementation team?

    No vendor team and no "in-house" beside myself.  We are a company of under 30 people, I am an IT dept/System Engineering staff of 1.

    What was our ROI?

    I have far less ( 50-75%) less admin time trying to figure out why our system is so slow.  That's gone.  The admin screens are informative, especially the Dimension application, reducing your search time for the information you need to assess what your users and network are doing.

    What's my experience with pricing, setup cost, and licensing?

    If you are experienced, I can recommend the T70 set-up with minimal support and reference.  Since I am relatively new as a systems engineer/IT design, I have had to reference a lot of online sources and hire an expert familiar with the WatchGuard line of products to help shorten my learning curve and get the system up and running quickly.

    Which other solutions did I evaluate?

    Yes - SonicWall, Baracuda and Dell.

    What other advice do I have?

    When considering a solution like this:

    > not only putting data security at the top of my list

    > user convenience as the second consideration.

    If there's anything extra that I have my users do, I have to really look seriously at those trade-offs.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Chief Technology Officer at a tech services company with 11-50 employees
    Reseller
    WebBlocker has the best URL category database

    How has it helped my organization?

    I’m a reseller. The solution is among the top-three solutions in our portfolio.

    What is most valuable?

    WebBlocker, because it has the best URL category database ever.

    What needs improvement?

    Make WatchGuard Firebox capable of integrating with third-party vendors like FireMon, Splunk, Tenable, etc.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    No issues with stability.

    How is customer service and technical support?

    Excellent.

    How was the initial setup?

    Easy.

    What's my experience with pricing, setup cost, and licensing?

    Cheap.

    What other advice do I have?

    I rate it 10 out of 10 because it is easy to deploy and use, the best of breed in the UTM firewall concept, creating the best UTM secure platform ever.

    It's easy to use.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
    PeerSpot user
    PeerSpot user
    CFO at a tech vendor with 11-50 employees
    Real User
    The client is easy to use and stable. We would like cloud-based central administration of all devices from one point.
    Pros and Cons
    • "The client is easy to use and stable"
    • "​Efficient to setup, run, and maintain. Saving man hours and cost in the process."
    • "Simple to move settings between WatchGuard boxes."
    • "The GUI is easy and intuitive."
    • "Cloud-based central administration of all devices from one point would be nice"

    What is our primary use case?

    This was an upgrade from WatchGuard XTM 505. We have and are using many different WatchGuards between locations for (among other things) VPN between firewalls. We are using this Watchguard as an endpoint firewall at an office location.

    How has it helped my organization?

    • Efficient to setup, run, and maintain. Saving man hours and cost in the process.
    • The client is easy to use and stable.
    • Simple to backup settings.  
    • Simple to move settings between WatchGuard boxes.
    • The GUI is easy and intuitive.

    What is most valuable?

    Ease of setup. All WatchGuards are pretty much the same to setup and manage.
    We experienced that WatchGuard is easy to setup regarding VPN compared to other firewalls of other brands.


    What needs improvement?

    Client-based administrative tool. Cloud-based central administration of all devices from one point would be nice (although there is always an added risk regarding this).

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    No.

    What do I think about the scalability of the solution?

    No.

    How are customer service and technical support?

    The few times we have contacted Watchguard. They reply promptly without delays.

    Which solution did I use previously and why did I switch?

    We previously used Juniper and SonicWall.

    Switched at the time because we had IT personnel working for us with WatchGuard expertise and preference.

    How was the initial setup?

    The setup was straightforward with a simple GUI-based administrative tool.

    What about the implementation team?

    Used in-house experience.

    What was our ROI?

    Not measured.

    What's my experience with pricing, setup cost, and licensing?

    Very competitive pricing regarding throughput compared to other alternatives.

    Which other solutions did I evaluate?

    We evaluated between WatchGuard and what we already had at the time.

    The Juniper that we had at the time, which was fine, was complete overkill for our needs, but when realised it was already sunk cost.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free WatchGuard Firebox Report and get advice and tips from experienced pros sharing their opinions.
    Updated: November 2022
    Buyer's Guide
    Download our free WatchGuard Firebox Report and get advice and tips from experienced pros sharing their opinions.