WatchGuard Firebox Reviews

We use it internally and we are an MSP for lots of other companies that use it as well. Our primary use case is to block applications. 

It does the job of what it says it does. We set it to what we want it to block and then it blocks it. 

They could expand the amount of applications that are on the list, but it's pretty intensive anyway, so it's pretty good.

I have been using this solution for five years. 

We don't get any issues or bugs with it. The stability is good. 

There are two IT guys who use it in our company. 

I have contacted their technical support and they were very, very good. 

The initial setup was reasonably simple. It took us a couple of hours to get it all set up and working with all of the firewalls set. Our own team did the setup. 

It comes in the main licensing costs from the WatchGuard if you buy the license. I don't know about the prices there.

WatchGuard does what it says it does. Definitely use it. If you want to block applications, then definitely use it. 

I would rate it an eight out of ten. There's going to be newer apps that are probably not going to be blocked straight away, but then they are in time, so it's not really an issue.

We just use it as a secondary WiFi device. We're a small office and we needed to set up a WiFi device for a few of our employees.

The way it saves me time is that there is no maintenance. Once we set it up, there's nothing else for us to do on a regular basis. It might be saving me about an hour a month.

• It has a good signal.
• We haven't had any security issues.
• The usability has been good. We haven't had any problems with it.
• The performance has been good. We haven't had any issues with the performance.

We have been using WatchGuard Firebox for about two years.

We haven't had any issues with it. We set it up and it's been running since we set it up.

We don't have any plans to increase usage. It just services our one office, with eight users.

We have not had to use their technical support.

We did not have a wireless solution before Firebox. The main reason we went with it was the security protocols. They were more robust on this device.

The setup was easy enough. It was more or less plug-and-play. There weren't a lot of settings that we had to run through. The setup wasn't that complicated. It took about two hours and there was just one person involved.

The addition of the WiFi saves us from usage of our data plan. We have had some cost savings there.

The pricing was in line with everyone else; maybe slightly higher. That's why it's not a 10 out of 10.

It's our perimeter firewall.

We used to have Cisco and Cisco was pretty cumbersome. I actually still use Cisco, but I like WatchGuard for the features it has.

It provides us with Layer 2 and Layer 3 security.

If it didn't work we wouldn't be able to get to the internet and that would be a terrible thing.

All of its features are valuable, although we don't use the antivirus. We do use the web filter.

It's also the ease of configuration that I like. In terms of usability, it just works. And the throughput is 100 Mbps. It's fine.

There are a couple of things I wished that it would do, but I can't think of those off the top of my head.

I have been using WatchGuard Firebox for about 15 years.

It works and just keeps on working.

The scalability is fine.

Their technical support is good. Honestly, I haven't had to call them in five or six years.

We used Cisco previously. Cisco didn't have the features that I needed, like the proxies. A Cisco box would probably do that now, but back then they wouldn't. So we switched to WatchGuard.

The initial setup is straightforward. You just read the manual and follow the directions. It didn't take very long to set up. It was about an hour to have it configured and set up.

I have deployed Firebox to distributed locations. You just plug in the numbers, the IP addresses. That's all you do. It's pretty simple.

We have seen return on our investment. It just works. I may have to reboot it once every two or three years.

The pricing of WatchGuard was pretty comparable to Cisco, but I actually haven't looked at a new Cisco box in quite some time, so I can't say how they compare now.

I would advise that you go with whatever you're more comfortable with. If you're more comfortable with Cisco, then go with Cisco.

Firebox doesn't really save us time because whether you're going to configure a Cisco or you're going to configure a WatchGuard, you still have to configure something, no matter what it is. It is a little easier to configure WatchGuard though.

It takes just one person in our organization to deploy and support it, and that's me. Overall, our environment has about 300 users.

We use it to prevent any unnecessary stuff from getting into our network. It's for the usual security features. We do utilize the VPN and there are quite a few people on the VPN right now.

It gives our business layered security. Attack vectors it secures for us include denial of service attacks, people spoofing our network, as well as preventing malware from getting in — the typical attack vectors. We're satisfied with it overall.

Also, there was a phishing scheme going around a while back. WatchGuard caught it and we were able to mitigate it. That was very good. It keeps us from not having to worry about our network being under attack. It keeps us secure.

It saves us on the order of three hours a month. The solution just works.

• The set up of the VPN is pretty straightforward. Being able to build VPNs on the fly for certain users, if need be, is also valuable.
• The traffic monitoring is very nice.
• I also like the ease of blocking certain websites from getting in or users from getting to stuff they don't need to be at.

We're satisfied with the performance, as well as its reporting and management features.

The usability could be better, but it is definitely manageable. If we have to go to a backup internet connection, that could be a little bit easier. Other than that, I really don't have any complaints about it.

I've been using WatchGuard for three years. That's how long I have been with the company. The company has been using it upwards of 10 years, I believe.

It's very stable.

It's scalable. We are probably going to be doing another area for some of the outer branches and the WatchGuards will be part of that. I can't say how soon it's going to happen, but there have been discussions about it.

I have no complaints about WatchGuard's technical support. If you have a question, they answer it.

As far as I know, WatchGuard is the only one that our company has used. We like the product enough. We're buying another appliance because our support ran out on one of our boxes. We're continuing to buy WatchGuard stuff because it does what we need it to do, it's priced reasonably well, and we like the support and usability.

We have deployed this product to distributed locations. We have a couple of branch offices and we've set them up in all of our locations. We set it up, we configure it to our network settings, we put in all of the information we need, and we go from there. We usually take a configuration from an existing and apply it. It's straightforward. The documentation goes step-by-step on how to set it up. The last time I did one it took about an hour.

In terms of maintenance of WatchGuard there are three people in our department. Whoever sees a problem or hears about an issue takes care of it. Two of us are system analysts and the third is our director of information technology.

It keeps our network secure and that's a good enough return for me.

I feel that the pricing is fair for all of the security you get. That's one of the reasons we went with, and continue to go with, WatchGuard.

Go ahead and implement it and don't think twice about it.

We're not using the cloud visibility feature at this time. Maybe we will in the future.

There are 75 users of our environment, in total. They range from mechanics to accountants to our COO and CEO. Everybody in the organization uses it.

One of the most valuable features is that when we send emails and it gives a warning, you can configure those email addresses so that they can only send outside the email.

WatchGuard Data Loss Prevention could be improved if they would add a pocket-size, meaning limitations on the data size, where for example an email address can only send 25MB for a month.

In terms of additional tools, I would like to see more graphical reporting tools, with graphs, etc., that are very easy to comprehend. This is especially important if you are reporting to top management so they will fully understand what is happening in the firewall. You don't need to use technical terms or definitions, just show them the graph. That would be good.

I have been working with WatchGuard Data Loss Prevention for one year.

It is stable, though there is a problem with the RAM - it's eating up resources. The RAM utilization sometimes reaches up to 80% - 95%, and what we do is just restart the firewall. Maybe WatchGuard could get it higher.

The scalability is fine for small and medium enterprises, 10Gbps is fine and smooth. 

We have 800 employees using it. But for maintenance and monitoring, we only have one IT personnel. It is easy to maintain as long as you have the knowledge and capability.

After five years we will upgrade and I hope that there will be a higher model for WatchGuard. If not we will be looking into other high-performance firewalls, like Stormshield, where you have 20Gbps throughput.

The technical support here in our country is different vendors or resellers of the firewall WatchGuard. So you just have to choose the most reliable vendor for technical support.

We are a group of companies. One company said that their support, their vendor, is good in technical support, but we also have another company saying that their vendor supporting WatchGuard is not that reliable. So it's a 50/50.

We have used the antivirus and also the Data Loss Prevention for USB. But I don't think the antivirus can manipulate your emails, so in terms of a DLP with regards to emails, we have firewalls.

We chose firewall brands based on a group of concepts and brand proposals. We analyzed the best functionalities, not only for Data Loss Prevention but also for the firewall functionalities. I got WatchGuard because of its cost and functionality.

Initial setup is straightforward. They make the integrations simple and easy to understand. 

It is fast, only a day or two.

My advice for anyone is to get adequate knowledge. Whatever firewall brand you are going to use, you have to train one IT person for maintenance and support. Sometimes, or oftentimes, you don't want to have to rely on the vendor or the technical support, but to rely on your own IT by making them knowledgeable and capable of maintaining and monitoring the firewalls. Then you're good to go!

On a scale from 1 to 10 where 1 is the worst and 10 is the best, I would rate WatchGuard Data Loss Prevention an eight.

We primarily use the solution for our protection. We're currently concerned about our security and phishing scams, and we've employed this solution to help protect us.

The solution is very easy to use. 

It's very simple to find the information we need.

WatchGuard offers something called DNSWatchGo. It also is a cybersecurity offering. It can be added to Threat Detection and Response to make both stronger.

The solution isn't as efficient as a product like Palo Alto.

The pricing is expensive. Even compared to Palo Alto, it's quite costly.

Palo Alto provides more signature detections than this solution. WatchGuard TDR needs to be able to detect threats a bit better.

The reporting isn't so good. If they worked to improve this aspect of the solution, it would be much stronger.

I've been using the solution for about one year.

The solution is stable. We haven't experienced any bugs or glitches. There haven't been any crashes on it and our clients seem quite happy with it so far.

Technical support has been very good so far. We find them to be quite professional. We're satisfied with the level of service they provide to us and our clients.

The initial setup is easy. It's quite straightforward. There isn't any complexity involved. 

For one PC, deployment only takes about five minutes. It's very fast. However, we have to deploy it onto a few hundred PCs, so in that sense, it's a bit time consuming, simply because of the number of installs.

We used three technicians to handle the deployment of the solution.

We're an IT servicing company. We use our own teams for implementation and deployment of this solution.

We're a WatchGuard Silver Partner.

I'm not sure which version of the solution our organization is currently using.

Our company is quite small, but we service medium-sized organizations and have a large number of clients.

I'd rate the solution seven out of ten.

We have a web server on the optional network. Then, on the trusted side, we just run all our computers out through the Internet. We don't do anything too elaborate with it.

We do have some technicians and some design center salespeople who call in. This is best usage that we get out of the solution.

We don't host our website internally anymore. We used to host our website and it did help with that, getting everything set up. We have just recently removed that and gone to a third-party. But, that was something which was very useful, setting up our internal website and NATting IPs.

The solution has increased productivity with our outside salespeople being able to connect into their computers and use those remotely.

We are able to limit where users can go, what they can do, and what they can access, so they are not wasting time doing things that they shouldn't be doing. It does help to save time, e.g., limiting Facebook. 

We are able to segment our FTP website off on the optional, setting up the rules specifically. There are certain outside IPS coming into our computers where we have different machines out there setup where technicians can remote in, etc. Being able to set those up to specific IPS, not just allowing full access, is probably our main use for setup.

The usability is good. I like it. I don't have any issues. Most everything that we have tried to set up for what we use it for is pretty straightforward and easy to use.

We have probably had it for the last 10 years. I have been here the entire time.

The stability is very good. We haven't had any issues with ports or anything else. Everything has been very good as far as the stability and issues.

The performance and throughput that the solution provides is good. We haven't had any issues as far as when we have connections and things going on. So, it's very good.

The stability is good as far as our use. I feel like we do have room. We have extra ports on it. We can set them up if we need to, but we don't need to use them. However, I feel we have room to expand and grow, if needed.

We have probably 75 users setup. Mostly, they are authenticating through to get out to the Internet. We do have some protections on it: virus stuff and different websites that users can and can't get to. We have groups setup for that. That is our main use from the inside with most of our users going out. Then, we have five or six users who remote into computers and other things.

There are not necessarily plans on expanding anything at the moment. We are pretty much set where we are. Usage is not too heavy, as it's mostly users getting in and out with us restricting what they can get to.

I have only had to call once or twice for anything in any of the time that we have had the solution. Most of the time, if I do have a question or something, I can hop onto the forum and there is an answer, then away we go. As far as my experience with the forum and just a few calls, it has been very good. We haven't had anything that has hung us up for a long time.

WatchGuard was pretty much our first solution like this. We did not use anything else before it.

The initial setup was straightforward. It walked through everything as far as the configuration. Everything that we needed was right there. So, I didn't have to search for anything. It was easy set up.

We went from a different version to this version. Even from that to this version, it was probably up and running within an hour.

I usually set it up.

We didn't consult anyone. We didn't really have an implementation strategy per se. We just set it up (like the old one), then went through and looked at some of the new features and things we might want to use.

I maintain it and and set up whatever needs to be set up. The other IT guys can come in and do stuff if I'm not here. Generally, it doesn't take too much time to get anything set up that we need.

It saves us a couple hours a week.

We don't have any other costs other than the licensing stuff.

We did look around at a few different things. We just kind of settled on WatchGuard. It seemed to have the features that we needed, so we went in that direction.

I'd give it a 10 (out of 10). I haven't had any issues. The few issues that we have had, such as not knowing where to go, they have been answered quickly. I am going to give it a 10 because of its easy to use. If we have a question, it's easy to get an answer. Also, it's very simple. For most of everything that we do, we have been able to do them pretty easily. We are very happy.

If we were to ever look at something else, I would look for something that has ease of use, simplicity, and ease of setup. That is what I like about this. Everything is pretty straightforward and easy to find. The interface being easy to use and find has been very helpful.

We don't use a lot of the logs. Generally, we don't need to. If we do need to go look at something or pull something up, the information is there in HostWatch or the logs. I have been happy with it.

We're not using the cloud.

We have four locations and at every one of them we use WatchGuard. We use them as firewalls and for UTM. They provide protection in terms of detection and prevention. And we also use them for site-to-site VPN, as well as for direct connect, VPN to AWS, and to AWS using VLAN tagging.

One of the main ways it has helped is that we use site-to-site VPN a lot, as well as remote access ACLs and client-to-VPN. Prior to WatchGuard, for example, we used to use Remote Desktop, which is not very secure, or RD Web, which is also not very secure. We installed the client VPN on everyone's remote computer and they can access our local area network. That is much better than using the other solutions. It's an improvement for the user and it's less risky for us. It gives us peace of mind that we're using the proper channels to access our network.

It's hard to pick one feature over another. But if I had to pick one, the UTM would be the most valuable because of the notification. I get notified via email if there is any type of threat detection or alert, telling me something is wrong.

For me personally, because I'm Cisco-Certified, it was very easy to take this over. I think it's a lot easier to work with because it's a GUI and not a CLI. I cannot speak for other users or other administrators, but it's pretty simple.

Based on our needs, the throughput is pretty solid. We haven't had any issues as far as the throughput is concerned. This particular box maxes out at 2 GBs and we only have 1 GB so we haven't had any latency.

I manage it using the System Manager, based on the firewall access control that I have. I've been able to manage it and use it without any problems.

Websense is an application that monitors and filters internet traffic. Websense was derived from WatchGuard. But when you go to WatchGuard to actually implement that particular feature, you have to use some type of additional feature and you have to pay for it, unfortunately. I think it should be free or free in the WatchGuard box itself, as an option. It would be nice if they didn't charge us for that.

And if they won't offer it for free, they should offer something better. It definitely needs a big improvement because it's very unfriendly. It's called Dimension Basic and there is a reason they call it basic, because it gives you very basic information. Let's say you want to track someone's internet activity or where they've been going. Websense gives you detailed information as far as the source. But this one only gives you very basic information and, on top of that, it's a free version for only a few months and then you have to pay for it. So not only is the version very basic but you still have to pay for it. That, in my opinion, has room for improvement.

Everything else that we have, the live security services and network discovery and all the spam blocking, threat protection, and the web blocker, is included.

We've been using Firebox for as long as I can remember. I inherited this position close to 13 years ago and they'd been using it before that.

For the most part, everything seems to be working without any issues. That's why we've had it for this long, close to 17 years for the company and, under me, for 13 years. There are more pros than cons.

We haven't had any issues. I always buy an additional box as a Hot Standby. I have never had to use it, and thank God for that. So it's been very stable. We keep them for a maximum of three to four years and then we upgrade to a newer one. For the time that we keep the box active, we don't have any issues.

In terms of scalability, as far other features go, we're stuck with what we have on the physical appliance. For example, we had one that was set to 300 MBs for throughput and when we wanted to upgrade, we couldn't obviously use that same box. It wasn't really scalable. So we had to upgrade to a newer version.

We have four locations and approximately 400 users. We don't have any firm plans to increase usage. The owner of our company just acquired another company and that may make a difference. WatchGuard is the main component that we use. The subscription for all four of the WatchGuards that we currently have ends in 180 days. We're just going to upgrade to the newer version, if it's available. 

There was an incident, back in the day, where I called for support and the guy sort of brushed me off. It was very uncomfortable but it could have been an isolated incident. I don't want to say that all the support engineers are the same. But this particular guy was either drunk or rude.

Other than that, it's been very smooth sailing for us, as far as support goes.

We have always been using Cisco. They decided that WatchGuard would be beneficial to keep because it's GUI and it's a lot easier to work with than other products, especially for junior admins.

I set it up all the time and it's very straightforward. It's very easy to set up and very easy to migrate over to a newer version. It's really simple. I've only done a new deployment once. 

For upgrades, you save the configuration and you upload it to a new file, or you just open a new file and browse to the configuration file that you saved. It usually takes 10 minutes at the most.

But the first deployment, because it was obviously more involved, took a few hours. Setup included the site-to-site VPN, the client VPN, the actual interfaces, the static NATs, a lot of the firewall policy, the internet certificates, and the policy routing; the basic components of any router.

Deploying WatchGuard to distributed locations is mainly the same. Obviously, there are differences in the IP addressing and the network addresses. And you have to take care of the VPN connection between the two, to be able to communicate using the site-to-site VPN. There is also web blocking. We have certain policies for denying access to certain sites or certain applications. We don't allow, for example, weapons or sex or any of those kinds of solicitation sites. We then set the external and internal interfaces and then do the routing. In the some of those locations we use the WatchGuard as a DHCP server, so we set that up as well. The rest is all pre-configured.

We have had two-year deals in the past, but recently we decided to go with annual. The cost was somewhere in the vicinity of $2,000 to $3,000 for each one, depending on if they had a special at that time or if they were doing an in-place upgrade or with the same router.

They figured if they were going to get something different then it would have to be something very user-friendly for the administrators, because I'm the only one who is certified to work on Cisco. We evaluated the Barracuda NextGen Firewall. We also looked into Juniper and the Meraki firewall, because all our switches are Meraki switches. 

But we decided to stay with the WatchGuard. The prices were a little bit better than Meraki and, since everything was pre-configured, to upgrade to a newer WatchGuard all we had to do was just save the config file and upload it to the new one, and that was the end of that.

Educate yourself. Read documentation and watch videos online. Since the administrators are going to use it, they should educate themselves on WatchGuard. Keep a cheap, old box for training. I train my administrators on an older box and I give them a network to train on.

We have been attacked with ransomware in the past, and it was kind of disappointing because, when I talked to Cisco support they said that they recommended purchasing end-point protection with a ransomware interceptor, so we ended up getting Sophos. So alongside the WatchGuard, we have Sophos' ransomware interceptor and end-point protection. We use them, on top of the WatchGuard, as a secondary line of defense.

It has been smooth sailing as far as the product itself is concerned. That's why we keep renewing it. We either renew it or we upgrade to the newest version if they have a special. We also use it for Hot Standby. It's been good.