Coming October 25: PeerSpot Awards will be announced! Learn more
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
  • 0
  • 24

What needs improvement with WatchGuard Firebox?

Please share with the community what you think needs improvement with WatchGuard Firebox.

What are its weaknesses? What would you like to see changed in a future version?

PeerSpot user
49 Answers
Information Systems Administrator at a logistics company with 51-200 employees
Real User
Top 20
01 September 22

WatchGuard Firebox could improve the speed of updates, such as new features or improvements. However, they are frequently improving the solution in many areas, such as geo-locations, definitions, and web blocking.

Nadeem Abdulla - PeerSpot reviewer
Assistant Manager - IT Infrastructure at Taghleef Industries SpA
Real User
Top 5
22 July 22

Firebox would be improved with integration for endpoint protection solutions.

FlorianBUIS - PeerSpot reviewer
Infrastructure Administrator at CFA-INSTA
Real User
Top 5
21 July 22

We've found that sometimes the solution is not easy to understand and we need to bring in some specialist assistance.

Andrew Keywood - PeerSpot reviewer
CEO at Specifix Limited
Top 20
05 July 22

There is room for improvement in the threat protection, data packet inspection, and performance of the solution. Generally, it's just a lower-end product. It does the job but doesn't do it very well. Compared to Palo Alto, for example, some of the main differences are zero-day protection, performance, deep packet inspection, and App-ID. I'm not really a fan of WatchGuard. We only use it with one client and we're trying to get them to get rid of it. I prefer to use Palo Alto instead. Industry analysts have voted Palo Alto the number one firewall for the last eight consecutive years, so if you want good protection, it's a no-brainer.

Scott Eastman - PeerSpot reviewer
Project Consultant at SysGroup PLC
Top 20
22 March 22

They are working on cloud-based options. However, they do not have the options fully functional in their solution at this time.

Surjith Cs - PeerSpot reviewer
Sr.System Administrator at a computer software company with 201-500 employees
Real User
Top 20
19 January 22

An area for improvement is that when we use a web administration link, there is no security.

Learn what your peers think about WatchGuard Firebox. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,572 professionals have used our research since 2012.
Mohamed Y Ahmed - PeerSpot reviewer
Technical & Pre-Sales Manager at GateLock
Real User
Top 5Leaderboard
04 January 22

The vendor needs to address customer concerns and develop more according to requests, instead of prioritizing based on the existing roadmap. This is a great product and offers great protection but they don't hear the customers' needs. They don't make improvements as per the customers' requests. This is especially true in cases where the feature is common among competitors. In the future, I would like to see better integration with Active Directory. It should depend on the user's login. This is a feature in big demand and most competitors do not deal with it the right way. Making this change would make sense with customers.

Co3288Fnd9 - PeerSpot reviewer
Assistant Manager at a tech services company with 501-1,000 employees
Real User
27 December 21

The reporting could use improvement, because most of the firewalls available in the market come with the reporting built-in, with the memory and the hard disk capacity and all. With WatchGuard, the models we use, none of them support that part.

Santosh Thorwat - PeerSpot reviewer
IT Head at Patil Group
Real User
Top 20
10 July 21

The solution can improve by adding a feature to tag a MAC address of a computer system in the policy and more IP configuration settings.

Global Head ICT (CITP & MIE) at The Aga Khan Academies
Real User
Top 5
02 June 21

The way Secure Sign-On authentication is happening needs to be improved. When the Secure Sign-On portal is turned on, anybody who comes into the campus, whether he or she is a staff member or a guest, has to go past the initial portal. One of the shortcomings is the username. It shouldn't allow permutations or combinations with upper or lower cases. For example, when there is a username abc, it shouldn't allow ABC or Abc. It should not allow the same username, but currently, two separate people can go in. Therefore, its authentication or validation should be improved, and the case sensitiveness should be picked up. If I have restricted someone to two devices, they shouldn't be able to use different combinations of the same username and get into the third or fourth device. It shouldn't allow different combinations of alphabets to be used to log in.

Chief Executive Officer at esupport Solutions Pvt ltd
Top 20
22 April 21

Often, customers don't end up using a lot of the features. They should move more towards integration with other OEMs such as web application firewalls, et cetera. There should be better integration and a way to configure multiple vendors into the same data center in order to offer more flexibility.

IT Audit Group Head at a tech services company with 1,001-5,000 employees
Real User
02 April 21

The solution is lacking a professional website, they should be updated more often.

Marlon Sealey - PeerSpot reviewer
I.T. Co-ordinator at National Lotteries Control Board
Real User
Top 20
24 January 21

I would like to have a little more control over access points and the ability to see the bandwidth that is passing through a specific access point. We are not able to see that. We can see what traffic is passing through the Firebox itself, but we can't identify if it is coming from a particular access point or not.

Peter Galgano - PeerSpot reviewer
Owner at a construction company with 51-200 employees
Real User
Top 20
17 December 20

I don't think I can get a full-blown DNS client from it. I've been trying to have DNS services. It has forwarding, but I don't get the services of a full DNS client. My main difficulty with it is that I can't run a complete service. I need NTP. I need DNS. I need DHCP for my domain, but I only get forwarding. As far as I can tell, I don't get caching and the kinds of reporting and registration needed to host a DNS for a domain. I have to have a separate solution for that. I also struggle with its usability a little bit. I come from an open source background, so I'm accustomed to BIND and DHCP from Linux builds. With their tools I'm struggling to have a web interface. I'm not getting a third-party web interface, so I'm using Webmin, which I have become accustomed to. You have to relearn or find services that you know are there. You have to figure out what they mean by an alias. Setting up a network interface or port-forwarding isn't necessarily using the language that I'm accustomed to. Every time you deal with a new user interface, they structure things differently. Where do you go and how do you maintain it and how do you document it? So I'm frustrated often when I get involved in vertical software where they start to brand or rename things, or they've adopted terminology. An example with WatchGuard is that every time I want to find a log, I have to search forever to find just basic logging. It's in there someplace, consistently. It's just that there isn't a button that says "logging."

Mohamed Y Ahmed - PeerSpot reviewer
Technical & Pre-Sales Manager at GateLock
Real User
Top 5Leaderboard
20 August 20

I would like to see the number of management consoles reduced. As it is now, Firebox can be configured using the web UI, WatchGuard System Manager, Dimension server, and from the cloud. This should be done without affecting the way we deal with the configuration file, as it's one of the strongest points in making its implementation smooth and easy. I would like to see the devices made more flexible by adding modules to increase the ports that we can use. As it's started from T80, the last edition of tabletop appliances, it should also be applied to all M series appliances.

Alexey Shcherbatyi - PeerSpot reviewer
Network Administrator at Abona Deutschland GmbH
Real User
13 August 20

I haven’t dug deeply into the reporting features yet or if they are working well. However, I have generated several reports and there was too much unnecessary information, in comparison with the reporting features in the Sophos firewall. Sophos' reporting is more readable and easier to configure. Having said that, reporting features were not very important for us when selecting a solution. What was important were other types of functionality that WatchGuard Firebox was able to meet. In addition to the reporting features, I would suggest they work on an SSL VPN gateway.

President and Owner at Peak Communication Systems, Inc.
02 August 20

The pricing could be improved. It is definitely one of the more expensive products, though you can't really compare it to Ubiquiti or SonicWall.

FelixCheung - PeerSpot reviewer
IT Director at Wise Ally Holdings Limited
Real User
27 July 20

The reporting features are not as flexible as I thought before I bought it. You can retrieve some simple statistics from the centralized reporting server. But let's say I want to look at the volume of internet access among our staff. There are no out-of-the-box reports or stats or any unit of measurement that show internet access for particular staff. There is no report that shows how long they're on or the volume of traffic, especially in a particular period. It's not necessary that it have very modern BI analytics, but at this point I'm a little bit disappointed with the reporting. One of the purposes of implementing the firewall was to do more application control and reduce the risk involved in employees accessing the internet. We want to measure and know how much time of our staff spends accessing and browsing and using internet resources.

Scott Morin - PeerSpot reviewer
Owner / CEO at Midwest Technology Specialists LLC.
Top 10
08 July 20

The data loss protection works well, but it could be easier to configure. The complexity of data loss protection makes it a more difficult feature to fully leverage. Better integration with third-party, two-factor authentication would be advantageous.

Network Administrator at Niedersächsischer Turner-Bund e.V.
Real User
25 June 20

Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard. I'm missing a tool by default, where you can find unused policies. This is possible when a) you adminstrate the firebox with dimension, or b) you connect it to Watchguard's cloud.

VP at a healthcare company with 1,001-5,000 employees
Real User
05 May 20

I would like to see more tutorials on setting up the Firebox.

Director of Information Technology at a retailer with 201-500 employees
Real User
03 May 20

If they could make the traffic monitoring easier that would be great. I don't use it that frequently, but I would like to see some improvements in the ease of use of that component, so it makes more sense. I know it's a technical component so there's going to be some difficulty trying to make that easier. Also, if they could provide more examples in their documentation, that would help. Sometimes they will say, "Hey, go in and set this up," and it would be so much easier to do it if they put in a couple of examples and showed me. Imagine instructions on how to change a tire and the steps you go through. Give me some pictures or some examples of how you change the tire. Where do you put the jack so it doesn't tear up the fender on your car? I'm a person who loves looking at examples cause I can look at things and see how they applied them and then learn from them. Even if they put in some snapshots and said, "Here's how this should look after you put this information in," that would help. It would be confirmation that this is accurate and this is going to work. Finally, when we did the split tunneling, as it turned out, that was an all-or-nothing, global setting. As soon as I did that it impacted everybody. What I was hoping to do was to set that up so that I could do a pilot group and, once it was working, I could turn it on for everybody. We needed to get it going and it was all-or-nothing. We did that on a weekend and it ate up my weekend time.

Network Admin at a manufacturing company with 51-200 employees
Real User
28 April 20

There is room for improvement on the education side, regarding what does what, rather than just throwing it at a person and assuming they know everything about it. A lot of times, you have to call WatchGuard support to get the solution that will work, rather than their just having it published so that you can fix the problem on your own.

Jason Markle - PeerSpot reviewer
IT Director at a healthcare company with 1-10 employees
Real User
08 April 20

I'm not really impressed with the reporting side of it. It may be something I just haven't figured out very well, but it's hard to filter down on reporting of the actual valuable information that you would want. There is a lot of information out there so you have to have some kind of tool capture it and then filter through it. So far, I haven't found the reporting side of the WatchGuard to be that user-friendly. I would definitely like to see better reporting tools from WatchGuard. That would be a very high priority for me. Also, setting up the site-to-site VPN is pretty easy with the WatchGuard, but the client VPN setup is not very friendly. If you have a client-to-device VPN that you need to set up for a mobile user there are different protocols that they will accept but none of them are a plug-and-play type of option.

Network Engineer at Vanderburgh Police Department
Real User
07 April 20

There are a couple of things I wished that it would do, but I can't think of those off the top of my head.

System Analyst at a transportation company
Real User
01 April 20

The usability could be better, but it is definitely manageable. If we have to go to a backup internet connection, that could be a little bit easier. Other than that, I really don't have any complaints about it.

Kelly Carlisle - PeerSpot reviewer
Manager IT at a hospitality company with 501-1,000 employees
Real User
30 March 20

WatchGuard could be a little more robust in reporting. I get requests a lot to figure out people's internet traffic. We want to know what people are doing when they are on the internet. There is still a little bit of fine-tuning that can be done to that process.

Network Administrator at a retailer
Real User
14 November 19

Websense is an application that monitors and filters internet traffic. Websense was derived from WatchGuard. But when you go to WatchGuard to actually implement that particular feature, you have to use some type of additional feature and you have to pay for it, unfortunately. I think it should be free or free in the WatchGuard box itself, as an option. It would be nice if they didn't charge us for that. And if they won't offer it for free, they should offer something better. It definitely needs a big improvement because it's very unfriendly. It's called Dimension Basic and there is a reason they call it basic, because it gives you very basic information. Let's say you want to track someone's internet activity or where they've been going. Websense gives you detailed information as far as the source. But this one only gives you very basic information and, on top of that, it's a free version for only a few months and then you have to pay for it. So not only is the version very basic but you still have to pay for it. That, in my opinion, has room for improvement. Everything else that we have, the live security services and network discovery and all the spam blocking, threat protection, and the web blocker, is included.

VP IT at a real estate/law firm with 51-200 employees
Real User
13 November 19

The reporting is a little on the weak side. I would like to see a better reporting set and easier drill-down options.

AllenHillstrom - PeerSpot reviewer
IT Manager at a tech services company with 1-10 employees
Real User
07 November 19

There is a slight learning curve. Beyond that, the only issue we've had in the past two or three years had to do with the number of current tunnel connections, and that was just an issue with our size of Firebox. We got a bigger Firebox. The old one was able to handle the load. It was just that we ran into a licensing issue. We had hit our number of concurrent tunnels. We have a lot of tunnels with the phone system. We have tunnels to and from each site for the phones to be able to talk. It was a little bit of a surprise when we came across this situation, but it's present in the documentation. It didn't take us long to figure out that that was the reason we were having an issue. It was just our not having the forethought to make sure that what we had was able to expand to meet our needs.

Christian Watt - PeerSpot reviewer
Engineer/Technician/Owner at Paramount technologies
Real User
06 November 19

We would like to see granular notification settings and more advanced filtering in traffic monitoring.

HalChernoff - PeerSpot reviewer
Enterprise Architect at a wellness & fitness company with 10,001+ employees
Real User
03 October 19

There are some features I'd like to see, although they are not standard in any of the products in this class; for example, better monitoring. I'd like to have better access to workstation monitoring, connection monitoring, and the amount of time an address is being used, to better gauge proper network utilization. If I knew that something was connected to a particular external location for an extended period that seems abnormal, I'd be able to act upon it. It comes down to overall monitoring and reporting for the class of services that I have. The solution's reporting and management features, based on what I have, are fair. I'd like to see an easier way of managing, controlling, and viewing usage at an IP-address-based level.

JasonGiles - PeerSpot reviewer
IT Manager at WTS Media (Wholesale Tape & Supply)
Real User
02 October 19

We have several branch offices. Those things run, you forget about them. My biggest gripe was when I went to update some of my devices, to try to make some speed improvements, not only did I get hit with, "You need to renew your LiveSecurity," but there was this reinstatement fee that they threw in on top of it. That really angered me, to the point that I canceled the entire order. I actually almost replaced some of those devices and I'm looking to replace them because of that type of thing. It's fair to pay for services like filtering, etc., but I don't feel it's fair to pay for updates to a product because they're patching and fixing and updating their product because of bugs. If I want to pay for the next version of something that gives me additional features, that's fair. But to have to pay a reinstatement fee and that sort of thing, I find it to be a very poor and unethical practice. We'd never do that to our customers. The reason I haven't thrown a huge fit is because everybody does it. SonicWall will do it; Cisco. All those guys do that kind of thing. I really don't like that, particularly because you're talking about a device that you paid $300 for, and the reinstatement fees are another $200-plus. I can just buy a brand-new device for that, get a faster unit, and get another year of stuff. Maybe that's what they're trying to encourage me to do. But there are firewall devices out there that I can buy that will do a lot of the stuff that I need to do in the remote offices, without having to purchase a yearly or three-year plan. I keep our main system up to date, but for the small edge units, it's just an unneeded expense. That's my biggest negative and biggest gripe about WatchGuard. In terms of the reporting and management features — and this isn't necessarily a WatchGuard issue, this seems to be more of an industry-wide issue — you get reports, but a lot of times you don't know what you're looking at. You're so overwhelmed with the data. You're getting a lot of stuff that doesn't matter, so it takes time to parse through it, to actually get what you want to know. If it gives me a threat assessment such as, "You received an attack from North Korea," I don't know what that means. I know that an IP address from North Korea hit our server, and they tried a certain attack. Is that something I should take seriously or not? I don't know. But that seems to be true with a lot of the solutions out there. They tend to report everything, and there's not a lot of control over getting rid of the noise. I've had it report threat attacks from devices within my network, from my own PC, in fact. So it's misinterpreting some things, obviously. Reporting is not something I rely very heavily on because of that. I look at it but I don't know what I'm looking at. Instead, I have a monitor that displays various things about my network, and I will have the main screen up just to see things like which host in the network is the busiest. I tend to use the main dashboard to get real-time information.

John Giacco - PeerSpot reviewer
Network Administrator at Peace Bridge
Real User
31 July 19

Sometimes, the writing rules are a little confusing in how am I doing them. I had some trouble with the previous product version (XTM) at the end. When the product aged a bit, there were no redundant power supplies. For what we're doing, it would've been nice to have something to fall back on instead rebuilding and taking it from an old configuration because the older version did die. We were able to take from an older configuration, build a new one quickly, and get it up and running, which didn't take long, but there was some pain around it.

Prepress/Systems Manager at a printing company with 51-200 employees
Real User
29 July 19

There is always room to get better, which is why I gave the solution a nine out of 10.

Network Administrator at Advanced Software Designs
Real User
29 July 19

The software base, the management piece that goes onto a server, is not as user-friendly as I would like. There are three different pieces that you have to manage, so it's a little bit convoluted, in my opinion. For people who use it all the time, it's great. But I don't use the management interface all the time. Overall, it's powerful enough, so that is something that we can overlook.

Information Technology Specialist at a healthcare company with 51-200 employees
Real User
28 July 19

We do a lot of work with cloud-based and Internet-based vendors. A lot of times when we are on the phone with them, I find that it is a bit more technical than they are used to when we are trying to set up specific exceptions to the firewall. We ask for the ports that it's going to use or the block of addresses that they're going to be going from. A lot of times the only thing that they have for us is the web address that they want me to whitelist. Unless I'm missing that functionality, it seems like it is looking more for those technical data points, essentially. A lot of times, I'm running into a problem where there's a lack of give and take between WatchGuard and me. We get it figured out eventually, but it would just be nice if there was a way to say, "We just want to whitelist this address."

IT Manager at a engineering company
Real User
28 July 19

Reporting is something you've got to set up separately. It's one of those things that you've got to put some time into. One of the options is to set up a local report server, which is what I did. It's not great. It's okay. I've heard their Dimension control reporting virtual machine is supposed to be a lot better, but I haven't had the time our resources to set that up. Some of the stuff is a little complicated to get up and running. Once you do, it becomes very user-friendly and easy to work with, but I find there are some implementation headaches with some of their stuff. I wish I had a contact at WatchGuard because there are a few things I'm not using. I'm not doing packet inspection because I know it's pretty intensive to install certificates on all my computers and have it actually analyze the encrypted traffic. That's something I'd like to do but I'd really like to talk to somebody at WatchGuard about it. Is that recommended with my number of users with my piece of hardware, or is that going to overload everything? I'm not using Dimension control. I'm not using cloud. If I had a sales rep or a support person that I could just check in with, that would help. Maybe they could do yearly account reviews where somebody calls me to say, "What are you using? What are you not using? What would you like more information about?" That sort of thing could go a long way. They do a lot of education, but it's sent out to the masses. They have really good emails they send out which I find very valuable, talking about the industry, security events, and other things to be aware of. But there's not too much personal reaching out that I've seen where they're say, "Hey, how can we help your company use this device better? What do you feel you need from us?" That's my main recommendation: There should be somebody reaching out to check in with us and help us get more out of our device.

AlanRogers - PeerSpot reviewer
Owner at
Real User
18 July 19

The software in it could be a bit more friendly for an amateur user. I look at it and don't understand what half the stuff is. Looking at the interface, it is all mumbo-jumbo to me. It's not a simple interface. You have to be an IT guy to understand it. It is not for your average person to use, then walk away from it. It is much more entailed. It could be a bit more user-friendly, but my IT guy knows what he's doing with it. I just let him do most everything. They need to make it so you have a step-by-step guide which goes through and sets it all up for you. However, they don't have that. You have to know what you're doing with it.

Woodworker at Creative Woodworking NW
Real User
16 July 19

I would like to see more simplified management of the firewall. It's something that I've had to bring in outside support for - for setting up the firewall - because I don't fully understand it yet. I've been learning it. Some of that is my fault, but it's a complicated system to use. I don't know if it can be simplified much, because of the nature of what it's doing. But it's very complicated.

JimWarren - PeerSpot reviewer
IT Manager at Horizon Forest Products
Real User
14 July 19

We use WatchGuard to manage our failover for internet. If a primary internet goes down, it does a failover to the secondary the internet. However, what it doesn't do so well is that if the primary internet has a lot of latency but it's not completely down, it doesn't do a failover to the backup in a timely manner.

Joseph Jansen - PeerSpot reviewer
IT Specialist at Art Students League
Real User
14 July 19

One of the things that is always valuable is workshops. It's really hard to get away and do webinars, but what I would like is a selection of webinars. I see WatchGuard comes forward with a webinar where they're going to introduce this or that. I'd like to see a lot more of those and a lot shorter. On I can just point to a video to show me something I need to know how to do; for example, how to merge contacts in Outlook. But it is a ten-minute video. I would like to see more of that kind of learning. I'm sure WatchGuard has got all these videos, has got the webinars and the training sessions. But when I need to know something, I need to be able to get to it quickly. I want an indexed learning system very close to what might use. I also want to be able to put questions forward either in a "frequently-asked-questions" forum or by sending them up to the support team for quick reply. I want to be able to go to a portal and put in my problem and have WatchGuard bounce back to me with, "Well, this is how we can do it," or "We don't have a solution for that." And then I can go to other vendors to look for a solution. The more targeted learning system I can have, the better. If I have to schedule a webinar that might take 30 minutes, there's a good chance I'll miss it. I sign up for webinars and it happens that I'm not available because I've got other fires going. The learning has to be there almost at my whim: "I've got a fire burning, I've got to figure out how to put it out. I need a ten-minute video to show me." Those learning sessions have to be available and easily found, when I need them. I have so little control over my schedule on a daily basis, and I'm sure I'm like many others. One other shortcoming is that there is no backup for it. We really haven't figured out how we might solve that problem. We may want to put a duplicate in. With Cisco, it's not uncommon to have dual firewalls with something our size. That way, if one were to fail, we've always got the other. With WatchGuard, we just have the one box. If that were to fail, we'd probably be really hurting.

Rick Phillips - PeerSpot reviewer
IT Manager at IDI Distributors Inc.
Real User
23 June 19

It's very hard to get information from their website, for exactly what I need to do. Sometimes I end up having to open a lot of support tickets. It's either too detailed or not. I never have good luck with their online tools. It's a navigational issue which makes it hard to find what I'm looking for and it's just so broad. In addition, I have had a ticket in for an awful long time regarding a bug that they should address. If you're using a firewall as a DHCP server, it doesn't keep a good record of the leases. I opened a ticket on this about two years ago, and every couple of months I get an email back that it's still under engineering review.

Sr. Systems Administrator at a individual & family service with 201-500 employees
Real User
26 May 19

The product could have some more predefined service protocols in the list, which don't have to manually be defined. But that's very low hanging fruit. The documentation for the System Manager/Dimension configuration, could be a little bit clearer. The use case where you have multiple sites with multiple firewalls, and one site that has the System Manager server and the Dimension server, wasn't really well defined. It took me a little bit of digging to get that to actually work.

Technical Consultant at Rainbow Security
16 May 19

It would be wonderful if the WatchGuard team develops nice products for threat intelligence. They have a subscription service called DNSWatch, but this needs to be improved.

Technical Support at a tech vendor with 11-50 employees
Real User
16 May 19

This solution needs the option to add an external hard drive. The competitors have this. With WatchGuard, you have to get another server, set it up, and then point it to WatchGuard. That is where the logs will be stored. Some find this tedious because they have to get another server, although I find it advantageous because there is no hard drive needed. It removes another point of failure. In any case, if the customer wants an external hard drive then it would give them the option. I saw a feature in Cisco that was a historical trajectory of the files, or sets, moving in the network. I would like to see them include this feature in the next release of the TDR.

IT Manager at Yamazen Inc
Real User
16 May 19

I don't know if it's just my version, but the WiFi access point integration has just started. It's getting better but if there were more reporting of the devices that are connected to WiFi access points that would be great. Right now I can see the MAC address and bandwidth usage for each device but that's about it. If I could see which sites the devices are visiting and what kind of traffic is generated from each device, that would be great.

Ryan Baskharoon - PeerSpot reviewer
Operations Manager at DLL Technologies
Real User
05 March 19

I don't think that WatchGuard would need to improve on their product. They have some of the least expensive appliances and software out there. They are extremely easy to use, the GUI is great through the web and on the desktop. That's why I feel WatchGuard has outdone themselves on their security products. Hands down, it's one of the best firewalls I have ever worked with.

COO/CTO at a pharma/biotech company with 11-50 employees
Real User
04 October 18

The set-up and additional feature screens are old in design and very granular. You have to know what you are doing.

Related Questions
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Apr 04, 2022
How does Fortinet FortiGate compare with WatchGuard Firebox? Which is preferable?
2 out of 3 answers
fdiazm - PeerSpot reviewer
Product Manager at Entel Chile
25 October 21
Looking at the latest reports from Gartner, at least in the SDN part, I think there is no comparison. Fortinet is leading a large part of the network virtualization market and above all it is positioning itself as the option to have value-added services on the base layer of SDN and I mean security features that today, according to the consumption of the branch are more demanded by bringing the secure perimeter to each point of the network, consuming public services and direct navigation is already a fact.
28 October 21
In my organization, we use Fortinet’s Fortigate. We find it to be very powerful, cost-efficient, and reliable. The user interface is friendly, and it is easy to create policies and set rules. As an NGFW, you can upgrade the firewall cluster firmware without disturbing the user. The graphic interface is very intuitive. The endpoint and email protection are on point, and you don’t have to worry about downtime. FortiGate offers malware and spyware protection, with advanced capabilities like proxy-based antivirus. It has advanced network protection features and a powerful intrusion prevention system with anti-spam and web filtering capabilities. For all the capabilities it offers, the price is reasonable. FortiGate has downsides though: the technical support is not great, and there is not a lot of documentation available. It is also kind of hard to configure. We reviewed WatchGuard before choosing FortiGate. WatchGuard offers a comprehensive advanced network security platform with enterprise-grade security. The router is rich in security features like antivirus, APT blocker, and spam blocker. It is simple to use and applicable for various use cases. It offers web filtering, application control, and monitoring. We liked that the GUI interface seemed intuitive and easy to use. It integrates with Active Directory, so it is a good fit for MS enterprise users. You can also schedule backups with ease. WatchGuard is, however, lacking in features for application control and we found the DNS server functionality to be poor. The firewall policies don’t point to a domain, only to IP addresses. While it is excellent that it integrates with Active Directory, the single-sign-on sometimes doesn’t refresh users’ permissions when they log on and off. Conclusion Fortinet Fortigate is undoubtedly a powerful and established next-generation firewall, and with all the features and capabilities, it is a better and more cost-effective solution than WatchGuard. WatchGuard would be better for organizations that use MS products.
Download Free Report
Download our free WatchGuard Firebox Report and get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,572 professionals have used our research since 2012.