WatchGuard Firebox Reviews

It's our primary edge firewall at the home office. We have two M470s running Active-Passive. We have about 100 users in total here. Everything runs through the firewall, so the users run the gamut from analysts to accountants to executives.

It protects us from viruses and intrusions.

It has also saved me time, about an hour per month.

The most valuable feature is the ease of use of the interface. The usability is good. It's a firewall, it does its job and it does it well.

The throughput also seems to be good. I don't have any issues with throughput.

The management features are good.

The reporting is a little on the weak side. I would like to see a better reporting set and easier drill-down options.

I've been with the company for a year and they were already on WatchGuard when I got here.

The stability is good. It runs well.

I haven't had reason to scale it. It's the edge firewall and it's used extensively. We're a pretty small environment with a couple of hundred devices.

We pay yearly.

It's just me who is responsible for deployment and maintenance of the solution.

We use it both for VPN tunnels and as a firewall.

Our company runs group homes. There are 140 or so sites and employees are traveling to those sites on a daily basis. They use the VPN tunnels going back to the main office to access the file servers. We also have about 12 remote locations connected by WatchGuards on both ends to create a VPN tunnel, with SD-WAN to allow traffic to go between those two sites, both for the file servers and for the phone system.

It gives us a higher sense of security. There is an easier workflow as well.

I estimate that 50 percent more users use the WatchGuard VPN than use the SonicWall VPN tunnels. Those users are able to work on documents out of the site or increase their workflow and do work while they're onsite instead of doing it later. It saves us a couple of hours per person per week.

Once it's set up, we don't have to touch it that much.

We enjoy its usability very much. It's very easy to use, especially compared to similar products. A lot more users use the WatchGuard appliance now than use the SonicWall appliance because of the ease of usability.

As long as you're using the correct model, since different models have different numbers of allowed tunnels, the throughput is enough.

In terms of management features, we have a Dimension Server set up. It's nice to be able to see where people have gone to and when they have gone there. Overall, the solution makes it easier to manage on my side. Setting up new policies, new devices, and setting up tunnels to the current devices, is easier.

The firewall secures the external perimeter.

There is a slight learning curve.

Beyond that, the only issue we've had in the past two or three years had to do with the number of current tunnel connections, and that was just an issue with our size of Firebox. We got a bigger Firebox. The old one was able to handle the load. It was just that we ran into a licensing issue. We had hit our number of concurrent tunnels. We have a lot of tunnels with the phone system. We have tunnels to and from each site for the phones to be able to talk. It was a little bit of a surprise when we came across this situation, but it's present in the documentation.

It didn't take us long to figure out that that was the reason we were having an issue. It was just our not having the forethought to make sure that what we had was able to expand to meet our needs.

We've been using WatchGuard Firebox for about eight years.

Stability is excellent. We've had no issues with the firewall going down because of the Firebox.

We haven't run into a scalability issue yet. There are over 1,000 employees including several hundred office staff. There are 20-some sites that we have connected. We had to step up to a 470 for the current VPN connections, but as long as we're on the right size Firebox, everything goes pretty well.

Whenever there's a new office site coming up, we typically add a new Firebox. We're looking at putting more Fireboxes in all of the group homes, so that's probably going to be 115 more deployments in the coming years. We plan on continuing to use it, but I don't see any issues with expanding.

We don't work directly with Cisco tech support. We work with a third-party company to handle support that we can't figure out.

We used SonicWall Next or Dell. 

The setup is pretty straightforward. It takes 15 to 20 minutes per box. We have to set up current tunnels and get a static IP address at the sites where we're putting the boxes. It requires one person for deployment and there is very little maintenance needed.

Deploying it to distributed locations is a matter of setting the Firebox up. If it's a replacement Firebox, we set it up with the same policies and ship it to the location. They can take it, unplug the old wires from the old box, put the new wires in, turn it on, and it's up and going.

There were other options. We took a look at Dell but this was the best one at the time. The usability and setup of the WatchGuard were better. Also, the maintenance was very minimal. It's almost nothing.

The other solutions had their features that were nice, but there wasn't anything that really drew us or made it stand out from WatchGuard. We're pretty happy with WatchGuard right now.

There are updates pretty regularly. There haven't been any big changes over the past few years. They've kept working, rather than taking steps backward or making things harder.

We use this solution as an edge firewall and layer-3 routing internally.

This solution has provided ease and speed of rules. It has unparalleled troubleshooting with excellent reporting.

The most valuable features of this solution are live logging, rule setup and maintenance, and VPN creation.

We would like to see granular notification settings and more advanced filtering in traffic monitoring.

There is not a product that compares to this one.

Our primary use case for this solution is traffic management.

When the system recognizes that we are using something like VoIP, Skype, or Cisco Video Conference, then one can adjust the bandwidth. For example, we have it set so that VoIP has a limit of 120Kbps (Kilobits per second).

The most valuable feature of this solution is traffic management.

We like the diversity of categories for blocking and allowing traffic.

This solution is very easy to manage.

There is no message displayed for the user on the desktop informing them that access to a web page has been blocked by Application Control. Because of this, the administrator has to check the logs to find out. It would be better if the user could call the administrator and explain that the page has been blocked by Application Control, and give the details, like the category and the reason, at that time. In the Web Blocker module, you can define a message that is sent to the user on their browser.

This solution is very, very stable. We have never had a hardware failure, but the solution does require maintenance. You have to tune it because as more applications are developed and enhanced, there are new categories or applications that you have to allow or to block.

We use this solution on a daily basis.

This solution is scalable but within the limits already set by WatchGuard. You can edit categories but you cannot add a new category by yourself. Rather, it is a feature request. I would say that the main categories that are available at the moment are enough, but if something is missing then you cannot add it.

Every department is using this application, and each of them has a different configuration. For example, the sales department configuration is different from the management department, which is different from the service department. The Marketing department has to have access to social media, but the service department may not need to, and it might not be allowed because it can lead to wasted time.

We have approximately fifty users.

The technical support for this solution is prompt and very, very friendly.

The only issue that we have had is when a strange error happens that requires third-level support, we have to contact Seattle in the US from here in Germany. With the time difference, it means that it takes twenty-four hours to get a solution. That is just when we call. When we email, there is no problem with time difference because they have twenty-four-hour support that is not dependent on Seattle. It comes from India or Asia or somewhere else.

Prior to this solution, we used SonicWall, which was owned by Dell at the time. We switched to this solution because the configuration is more intuitive for the users. You can choose the GUI, or instead, as we prefer, you can use the WatchGuard client. With the client, you can do things like making an evaluation.

The initial setup of this solution is not complex because you can only choose certain options or categories. You have to mark the whole category, for example, business communication like Skype, Cisco Tandberg, or Microsoft Teams, or have it choose on its own. After the category has been chosen you mark the options that are allowed. You specify what is blocked and the traffic management options such as reserved or guaranteed bandwidth. At this point, it is only checkboxes and a start button.

It is very easy, but you have to tune it because sometimes things are blocked and they should not be.

Our deployment took approximately one hour and three people were involved.

Own our team handled the deployment and configuration.

You need to have one technical specialist to enter the configuration, but you also have to involve the departments. Each department manager can specify which categories are allowed, which are blocked, and perhaps the level of bandwidth that is required for each category in their department.

One person is required to maintain this solution, although there should also be a spare.

I would suggest that for mid-size companies of say one hundred users, you should choose different configurations. For example, Application Control group one, group two, group three. It could be a management group with more bandwidth and has fewer restrictions. Then ordinary users have more restrictions so you can give them a different configuration. You can specify the levels of restrictions, and in what categories. I feel this is something that is very important.

The only dynamic is increasing categories. If a department calls and says that they cannot access a particular webiste then the admin will check the logs to see why not. It will show the category, and the admin will have the choice to allow the whole category or just a single website. Social media might be a category where we do not allow sites like Facebook, but we do allow LinkedIn. In this case, the Social Media category is blocked but there is an exception checkbox for LinkedIn.

My advice for anybody researching this type of solution is to compare this with other products. The manageability in WatchGuard is very easy. I know other solutions and they are more complex and there is no traffic management capability included.

The biggest lesson that I have learned from using this solution is that things are dynamic. The internet is constantly growing, along with the categories. Startups like Zoom have a VoIP, so you would have to manage this application. The configuration is not static. It is dynamic, like everywhere in IT. You cannot just install it and leave it.

I would rate this solution a nine out of ten.

The primary use case is protection for my network from external access. We also use it for some VPN, but mostly it's for protection. It's mixed usage on about a dozen different connections, a dozen different workstations, and access points.

I don't really worry about individual workstation security as much, anymore. I can depend upon the firewall to control incoming viruses, incoming attacks, bad port usage.

It simplifies my job because I don't have to worry about it on a day-to-day basis, the way I otherwise would. I'm not checking and monitoring each workstation on a minute-by-minute basis. I can check what's going on with the firewall and see how it's being used and where, and if there are any things coming through the logs.

I've built my process around the WatchGuard. I can't say it has saved me time because it's become the defacto process. I don't have anything against which to compare it.

• Intrusion Prevention is my primary focus so that's what I find most useful. The why is straightforward: It's to prevent intrusion.
• The usability is pretty good. 
• The throughput of the solution is also pretty good. I think there is some throttling that occurs.
• It provides me the layered security I need.

There are some features I'd like to see, although they are not standard in any of the products in this class; for example, better monitoring.

I'd like to have better access to workstation monitoring, connection monitoring, and the amount of time an address is being used, to better gauge proper network utilization. If I knew that something was connected to a particular external location for an extended period that seems abnormal, I'd be able to act upon it. It comes down to overall monitoring and reporting for the class of services that I have.

The solution's reporting and management features, based on what I have, are fair. I'd like to see an easier way of managing, controlling, and viewing usage at an IP-address-based level.

It's very stable.

WatchGuard's product line is very scalable, but this particular product is not.

Technical support is pretty good. The online knowledge base is usually the best way to go. But I have had some telephone support as well.

I had been using SonicWall for about ten years. I got a little frustrated with them at around the time that Dell purchased them. The WatchGuard UI is easier to manage and easier to work through. I ultimately became dissatisfied with the service and ongoing costs of the SonicWall devices.

The initial setup was straightforward. They walked me through it. I have enough knowledge to be able to walk through the setup and then tweak it the way I need it. I was able to find anything that was unusual, pretty easily, on the web.

The initial deployment took under an hour. I've spent dozens of hours tweaking it over the years, but nothing out of the ordinary.

The implementation strategy was to set up something that allowed for VPN access, to grow VPN access, and that would protect my workstations against viruses and attacks, as well as my servers. The goal was to simplify everything with one box.

For deployment and maintenance, it's just one person who handles the network, and that is me.

I did it myself.

I'm not sure I could establish a numerical return on investment. It's mostly peace of mind. I could probably do well with a lesser product, but I'm afraid a lesser product would provide significantly less protection.

It costs me about $800 a year. There any no costs in addition to the standard licensing fees.

I looked at some Cisco products. I only upgraded to this latest T35 last year, from the previous WatchGuard item. I also looked at SonicWall and a couple of others.

It's used extensively. Do I plan to increase usage? If I can get better reporting, perhaps. But it's fully deployed and static at this point.

I would rate WatchGuard a seven out of ten. A perfect ten would come from lower costs for small installations for the service licensing, and improved reporting. And maybe some better awareness of what it's capable of doing. It's hard to figure out what I could do. That's a big thing. It's hard to figure out what is possible. What am I not taking advantage of? I've tried to work with people on that, and that's the biggest thing.

We primarily use the solution for protection.

All of the features in the current version of the solution are quite good.

The solution needs to improve the interface. I'm not able to easily find things using it. In the future, it would be nice if they could offer deadlock with an addition of desk geolocation. 

The solution is very stable. We've never had any problems with stability. Once a year we do a reboot just as a precaution. The solution never stops running otherwise.

Technical support has been very good from the start. We've been very satisfied with them over the years. 

A few years ago, when opening a case, there was a really long wait time. That has been reduced now. It may have been because we were in Belgium and the support was coming from America, so we would have to wait at least eight hours until we got a reply, due to the time difference. This isn't the case any longer.

The initial setup was straightforward.

I handled the implementation myself.

We're quite satisfied with the pricing model.

We use the on-premises deployment model.

It's a great product. 

I have the capability to have control over multiple devices and play with it before putting it into live mode. For others, I would suggest they just make sure they have at least played with the solution for a few days so they know all the ins and outs of the product before putting it live themselves.

I would rate the solution nine out of ten.

Our primary use case of this solution is high tech intrusion prevention and detection in
Building Automation and Control Networks (BACnet).

I cannot really remember any hacker attack at our WatchGuard customers due to successful intrusion over years.

Just a few days ago one of our customers had a brute force attack detected and prevented and for us, it is very important that we get alarmed beforehand from the included feature WatchGuard Dimension. 

Integration of additional cloud services to be even more effective.

The hardware is very, very stable. We've had no hardware defect in the past ten years. The software is also very stable. 

The technical support is very good because when our customer has a problem, they are very dependent on the cloud services and on the WatchGuard as a gateway to the internet. So we are very, very much dependent on good support. This is really good.

We used a dedicated solution but switch to WatchGuard because it is more comprehensive due to the Unified Threat Management (UTM) approach, where IPS is included and it focuses on our SMB customers.

The initial setup was straightforward and, because we only need intrusion detection and prevention, we needed only about four hours to deploy it. We used a template, so it was very effective.

The best is, that the Intrusion Detection and Prevention Module is included in Standard Security. Bu the solution has two suites, the Basic and the Total Security Suite with comprehensive and powerful UTM features. I only regret that one cannot buy single modules out of the Total Security Suite, and that makes it a bit expensive for some SMB customers. But WatchGuard offers a managed service license model for this cases, too.

I have a request for a feature in the next version and that would be to not only have detection and prevention but also action, for example, to shut down the whole system over an application programming interface (api), for example that would be nice. My advice, however, is always to backup as often as you can. Because when it's a particle component, one has to have an effective backup strategy.

You cannot compare this solution to dedicated intrusion prevention systems like Proofpoint or other programs that act only for intrusion detection prevention. WatchGuard is a Unified Threat Management (UTM) system and it's for midsize market customers.

So in the future, I would like to see threat management and intrusion prevention in a single module. I rate this an eight out of ten. 

We use it to keep people out and we use it for a VPN.

The only thing that we care about is that we're kept safe from any attacks. That is important. The VPN is very secure and that's of huge importance because we have remote users who depend on it to do their jobs. So that's crucial.

The improvement it's provided is to our security. We don't have issues with rogue access, with people coming in here, or having access to our, data who shouldn't. That is huge, of course.

The solution simplifies my job. I don't even have to think about it. Everything is set and I leave it alone. And it just does its job. I would estimate it saves me at least 20 hours a month because I don't have to worry about things. It's set and it just runs.

WatchGuard has increased productivity because our VPN is stable. It's up. It doesn't go down. We used to have an issue with remote connectivity but that's no longer a problem. Having a VPN is very big for us.

• We have firewall policies in place to keep safe from malware and we rely heavily on it for our secure VPN.
• In terms of usability, the web interface is great.
  
• The throughput is great. It's perfect. We have no issues whatsoever.
• The management features are very powerful, although I don't use the reporting features at all.

The software base, the management piece that goes onto a server, is not as user-friendly as I would like. There are three different pieces that you have to manage, so it's a little bit convoluted, in my opinion. For people who use it all the time, it's great. But I don't use the management interface all the time.

Overall, it's powerful enough, so that is something that we can overlook.

It's very stable and it meets our needs. The stability is huge. It's rock-solid.

It's been able to handle anything we've thrown at it so far. We've never had an issue.

We upgrade as the models we have become obsolete. We upgrade to newer ones and they're usually on a three-year rotation, which is fine for us.

I haven't had to use technical support very often, but when I have they've been great.

We tried a software-based solution. I don't even remember what it was now.

The initial setup wasn't too bad. We didn't have any problems with it. It took a couple of hours.

We planned ahead of time, put the policies in place on paper and then tested them out. We then went live with it and fine-tuned it as necessary.

Our reseller helped with deployment. Our experience with them was great. We still use them.

We pay about $3,500 every three years. There are no costs in addition to the standard licensing fees.

We looked into offerings from Dell EMC, from Fortigate, and Cisco. But it was just going to be too much of a nightmare.

Rely on your vendor.

For us, it's in use every day. it's 24/7.

We're not using the solution's cloud visibility feature. That's something you have to pay for, and we haven't. I would love to, but there's a wireless piece and it's just too expensive. They have a wireless product that integrates perfectly with the WatchGuard appliance. But that's just not a reality for us because of the cost of those appliances. We would love to but just can't.

In terms of users, we've got about 15 people worldwide. They do support, testing - all of them use remote access. And then we have our internal users as well. It keeps us safe internally and our remote users are able to work with a reliable connection. It's very reliable.

I'm the only one who manages the firewall. If I need any help, there is a local vendor that helps me out as well. We're a small company but it's been great for us. I'm not that technical but I just know it works.

WatchGuard is a ten out of ten for me, because of its reliability.