WatchGuard Firebox Reviews

We use it as a firewall. It protects us from security threats and uses a VPN tunnel.

WatchGuard Firebox made it so that I can connect to my remote offices without having to set up every computer to connect to our headquarters. Now, the remote offices can all just login to their system and work as if they are here at our headquarters.

The throughput and performance are excellent. I have never had a problem with them.

The solution provides our business with layered security. It gives us the ability to prevent traffic from coming in on certain ports and the ability to navigate certain traffic to different locations, not letting it just come into my system and do whatever it wants to do.

The VPN and tunnel between the two different clients. 

The ability to route Internet traffic to certain computers or IP addresses based on ports, etc. It provides me with ease of use, allowing navigation without having to do too much networking. It is all in a user friendly location.

The product is very usable. I haven't had too many issues with it. It seems to always run and be easy to make changes to, as long as you know what you want to do. There is plenty of documentation online to how to do what you need to do.

It simplifies my job because I can make any changes all in one location. I can login at the user-friendly site versus trying to do it in a programming or networking level site.

There is always room to get better, which is why I gave the solution a nine out of 10.

The stability is great. I have only had one go out on me, and it was because of my issue. 

We have one IT person for deployment and maintenance.

It is very scalable. I don't see an issue with scaling. I could always add another system by buying a new box and adding the connection. It would be easy.

I would assume anybody connected to the Internet is using WatchGuard, because they are using their block sites, etc. Everybody in our company is using the Internet, which is around 60 to 70 people. However, the people who are really using it are the people that work at different remote locations and login either via the tunnel or VPN. That is roughly around 15 to 20 people who do data entry and processing.

We do not have plans to increase usage for a couple years.

The technical support was good. Last year, I had an issue with one of the Fireboxes going down. It was overheated, because my server room became overheated and this fried it. However, the technical support was excellent. They got me a Firebox out as soon as possible, which helped me resolve the problem, getting it back up and running. They were great.

I didn't do the setup.

The deployment took about a couple of days, because when we were initially setting it up, we didn't understand everything to do with IPs. Now that we've played with it over time, we understand what it's doing and how it's working. It is definitely easier and faster now, but the first time building it was at least a couple of days.

When we deploy the product to other locations, we usually just get a box. On it, we make a copy of another box, importing the information into the new box, then change the settings that need to connect to the IP address on the incoming box. After that, we just run out and change the ports over, then go. It's not hard at all.

We set it up ourselves.

The solution saves us about an hour a month.

Read up about it. Understand what each of the settings are doing and use the resources that you have to get the best knowledge before implementing.

It's pretty simple to use. It's pretty simple to understand, and there's plenty of documentation. It does a pretty good job of what it is meant to do.

We are not using the solution’s Cloud Visibility feature.

The primary use case is it is a firewall solution. One of the major selling points was that WatchGuard does adapt in real-time as new threats are discovered, and they push out fixes in real-time.

A lot of our servers have been migrated to the cloud, so it is really our primary solution right now.

One of the things that it has done is we have been able to start cutting down on extraneous web traffic. We make sure that our bandwidth is being used for business functions rather than for downloading or streaming media files.

It very much simplifies my job. Before we got the WatchGuard solution, I was doing everything on a per machine basis. All of the security, firewall, and port security had to be done on the front-end before anything could go out. This could take hours to days depending on the system being used, and then it would have to be in the IT department getting provisioned. Now, the provisioning goes more toward what types of software are needed. We have it completely unified across locations with a security standard through the WatchGuard systems due to the roles that we've set up for the organization. We just set the same roles in place, then we are able to ensure that everything is uniform across all locations.

Productivity, especially within the IT department, has increased due to the time that we used to spend on each machine can now be spent on the network level. This allows us to turn our attention to other tasks, such as creating in-house systems, so we can roll out changes faster and be more responsive to the needs of our business.

One of the most valuable features is the Geolocation. Because we aren't a multinational corporation, it allows me to look at things which might be suspicious to make sure that they are legitimate transactions rather than people sniffing around the network.

I have found the reporting and management to be pretty useful a lot of times. When the reporting did come up short, it was due to a configuration error on my part. Anytime that I've had to look up historical information, I found that everything I have needed has been there and it has allowed me to piece together what happened.

We do a lot of work with cloud-based and Internet-based vendors. A lot of times when we are on the phone with them, I find that it is a bit more technical than they are used to when we are trying to set up specific exceptions to the firewall. We ask for the ports that it's going to use or the block of addresses that they're going to be going from. A lot of times the only thing that they have for us is the web address that they want me to whitelist. Unless I'm missing that functionality, it seems like it is looking more for those technical data points, essentially. A lot of times, I'm running into a problem where there's a lack of give and take between WatchGuard and me. We get it figured out eventually, but it would just be nice if there was a way to say, "We just want to whitelist this address."

It is a very stable solution. 

Once we had it set up the way we wanted, it seemed to be running extremely well.

For deployment and management, it's just me along with the reselling group (POA).

We have not reached any scalability issues, so far. We have used it in clinics as small as a few practitioners and ones that have more than 30 providers. We have never experienced any issues with the product slowing down or failing in any way.

There are five different users, I'm the main power user of it, and I essentially set up the rule sets and work to ensure that the system is delivering what is needed. The other users are more of administrative users who are viewing the web traffic within their own departments.

So far, I haven't needed to go to the solution's technical support.

We were just using on system firewalls. We were getting to the point where we needed to consider a network-based solution of a physical firewall. WatchGuard came highly recommended from our consultants when we partnered with POA.

At first, I did the guided set up where I chose the rules of what to block and what not to block. That was fairly simple. There are a few things that I had to go in and change. That took me a little bit of time to figure out. Overall, it was pretty simple. 

When logging in and registering it, I did run into an issue where I had to spend about an hour reading to try and figure out why I couldn't activate it. I contacted my reseller and they helped me with it.

The deployment took about two and a half hours.

Implementation strategy was more about my bosses wanting to get in, then set it up afterward. It was more about let's get it in place, get it working, and then we'll lock things down as we need to.

We have hubs in multiple locations. Our strategy for implementing these was once the first one was installed in our main location, then we had the role set up the way we wanted it for the entire organization. We used that to order additional Fireboxes and took them to our other locations. Those were preloaded with the same role sets and put online.

We used Pacific Office Automation. We had a very good experience with them. With the few bumps in the road that we had following the setup, we called them. We let them know what was going on and they helped us resolve the issues quickly.

It saves a lot of time. On a weekly basis, without having to do a per machine basis, it probably saves me about three and a half to four hours a week.

I think we might be subscribed to one or two of the premium features.

We were evaluating a Cisco solution as well. 

Take a look at the needs of your business and how reactive you need to have your firewall solution be. One of the major selling points for our corporate board was: As new threats come up, WatchGuard is constantly taking the information coming in and looking for a solution, then pushing it out. That was one of the major selling points for us. The field that we're in takes security very seriously. We wanted to make sure that we were protecting our client's information. When it came down to it, that was a major selling point for us.

There was a bit of a learning curve. Once I was in it for about a week or two, I found it simple and intuitive to use.

With the throughput, the only issues that we found were at the very beginning, and that was due to a misconfiguration on my part. There hasn't been a noticeable change in slow down from the throughput the way that some firewall solutions might cause. Now, my end users don't even realize that it is there.

We are not using the solution's cloud visibility feature.

Right now, we are on the base usage. It's a firewall solution for us and we haven't really had the chance to dig into the advanced features that much. I plan to expand how we use it in the future, as time allows.

I'm very happy with it so far. I need some more data points to really firm that up. However, at this time, what I'm basing the eight (out of 10) off of is the ease of use, the ease of setup, and its learning curve. Once you learn how to use the system, it is very well-organized. It does save us so much time. The drawbacks are just sometimes not having the technical information that we need in order to easily make connections with all of our Internet-based clients, but we can put the work in and still get it done.

It's our primary firewall. It's also our UTM device, so we have multiple security layers enabled on it.

We're using an M270 firewall with version 12.5.

With WatchGuard, I've got a lot of WebBlocker rules set up which help quite a bit, blocking a lot of suspicious and parked domains. Between WebBlocker, the Botnet Detection, the website reputation filters going, and IPS - which is one that is essential, but nobody really talks about a whole lot; between all those things working together, and even the antivirus, I feel our network is pretty clean. And if there is some suspicious activity, I think I have a better chance of being alerted to it. I've even been able to set up Application Control rules, so that something like Windows Update doesn't deplete too much bandwidth. There are whole bandwidth controls you can set up which aren't necessarily security-related, but they can help make sure that one particular function doesn't take up so much bandwidth that the users are affected. WatchGuard has layered security, but I also have other layers beyond that.

I wouldn't necessarily say it has simplified my job but I am very happy to have it. I'm very glad we went with WatchGuard. I was impressed with WatchGuard for a lot of other reasons like their education and training videos. They do a lot of little security announcements about what's going on with other companies in the industry, so that part has made my job easier. I wouldn't say it's made my job more difficult either. It has definitely made me feel more comfortable about the security here, but I wouldn't say it simplified things. We had a very simple firewall which was almost a small-business router. It had a little firewall screen with four settings on it that really didn't do a whole lot. So, I can't say WatchGuard simplified things for me. It's just we're much more secure and it hasn't overly complicated things.

One of my favorite features is the Geolocation service, where you can actually block specific activity or IP addresses registered to certain countries. For example, I don't want any web traffic from Russia or North Korea. I may even lock down certain policies down to "I only want U.S. IP addresses." I find that very useful. That was not a feature that was initially there for us. It was something WatchGuard released after we bought our first device with them and it is one I am very happy with.

I may want to only allow U.S. IPs onto a specific interface that I share files with, for security reasons, or I may know of a security issue in a particular country. I can just block that whole country for all my users. Or maybe I'm seeing a lot of malicious links coming out of South Korea, even, and I just say, "We don't go on a lot of websites there, let me just block that country completely," and if we do need to get on a website, I'll just make an exception. It improves security and helps block malicious links.

There's a little bit of a learning curve in getting everything working. But once you understand how all the pieces work, and the fact that you're using physical hardware with a web interface alongside a piece of software installed on your computer, and you learn what to do in each location, it's very user-friendly.

I like the management. There are some nice dashboards and other things to keep an eye on things. There are email alerts, once you get those configured. Once again, they're a little complicated to get set up, but once they work, they work well. Management is pretty easy. 

The version I'm on, 12.5, came out last week. I try to stay pretty current and they do add features and improve usability and functionality often. It's one thing I've been happy with. It's not like they say, "Here are the modules you bought with it four years ago and that's all you have." They're constantly adding, developing, improving. 

They've done a lot of work with their SD-WAN, which we do use, to have our old internet service with our new internet service. If anything goes down on a particular interface, I can have different rules applied. Most of my users don't even know when our primary internet goes down anymore. It does run slower on our backup, but they don't know the difference unless they're doing some kind of bandwidth-intensive function or streaming. I don't have to be here to do anything to switch it to our backup internet or to switch it back. They've developed that feature even more, to allow you to have different rules for different policies or different interfaces to behave differently, depending on what happens with either packet-loss or latency, with multiple internet sources. That is pretty helpful.

Reporting is something you've got to set up separately. It's one of those things that you've got to put some time into. One of the options is to set up a local report server, which is what I did. It's not great. It's okay. I've heard their Dimension control reporting virtual machine is supposed to be a lot better, but I haven't had the time our resources to set that up. Some of the stuff is a little complicated to get up and running. Once you do, it becomes very user-friendly and easy to work with, but I find there are some implementation headaches with some of their stuff.

I wish I had a contact at WatchGuard because there are a few things I'm not using. I'm not doing packet inspection because I know it's pretty intensive to install certificates on all my computers and have it actually analyze the encrypted traffic. That's something I'd like to do but I'd really like to talk to somebody at WatchGuard about it. Is that recommended with my number of users with my piece of hardware, or is that going to overload everything? I'm not using Dimension control. I'm not using cloud. If I had a sales rep or a support person that I could just check in with, that would help. Maybe they could do yearly account reviews where somebody calls me to say, "What are you using? What are you not using? What would you like more information about?" That sort of thing could go a long way.

They do a lot of education, but it's sent out to the masses. They have really good emails they send out which I find very valuable, talking about the industry, security events, and other things to be aware of. But there's not too much personal reaching out that I've seen where they're say, "Hey, how can we help your company use this device better? What do you feel you need from us?" That's my main recommendation: There should be somebody reaching out to check in with us and help us get more out of our device.

It's very stable.

I've only even had one update that I applied that caused problems, that I had to roll back. I don't recall any kind of issue where I had to reboot the device to fix something. Somewhere along the line, WatchGuard, with their free training and free training videos, had recommended setting up an automatic reboot once a week just to keep everything clean, fresh, and healthy. I set that up during to reboot every week during off-hours on the weekend and I've had almost zero problems with it. Even with the updates, as I said, I can only think of one instance where there was a problem. I had to roll the update back, which was very easy to do, and then wait until the update patch came out and fixed the problem. That only happened once.

I've been very happy with the stability and reliability of not just the device and the software, but WatchGuard as a company.

With my needs and my network, I feel we could add bandwidth and add users for a while, before we would run into any issues. It's scalable for my needs with my device.

I don't think I have used WatchGuard's technical support. If I did, it might have been once.

I haven't really needed it too much. As I said, they have some good YouTube videos that they put out themselves on setting up stuff. That's my first resource when I want to get into a new feature I'm not using. They've got pretty good notes in there, so when I update software on the device itself, I go through their installation guide or their admin guide for that version of the software and it's all pretty straightforward. It lays out the new stuff they changed and what you need to be aware of, so I haven't needed to bug them.

We didn't have anything like this before, so it's not necessarily saving me time, but it did add a whole other level of security to our network, which we really appreciate.

We had a small-business Cisco basic solution. They called it a security router, but it was just a small device that sat on the shelf and which mostly provided internet access. It had very simple firewall controls: two or three check-boxes to do basic filtering. So we did have something, but it was nowhere near the level of the WatchGuard.

We switched to WatchGuard because we did not have a UTM device like we do with WatchGuard. We needed to upgrade the old device because it wasn't performing well anyway. I suggested that we needed something more appropriate, or with more layers of security than what our other small, entry-level device was offering. We did review solutions from a few other firewall vendors and WatchGuard offered, in my opinion, the best protection for the cost.

The initial setup was a little bit of both straightforward and complex. I'm a technical person. I read an instruction manual before I do something, whether it's putting a piece of gym equipment together or implementing something like a WatchGuard firewall. I had gone through all of their admin guides and getting-started guides and recommendations. So it was pretty straightforward, but there were a lot of steps and a lot of things to work through.

Something as simple as email wasn't just set up by specifying the IP address of your email server. I had to enable a bunch of things on the web interface and then install the software on my computer and set it up as an email relay. That was the only way to get email alerts, which I found a little shocking because email alerts should be critical on these things. I guess bigger companies may have alert servers or Syslog servers or other things they're using. But we're smaller and we don't. So that was one thing that I found was a little more complicated than it should have been for the importance of the feature. And now I have a computer and a firewall and if one or the other isn't working, those email alerts don't work.

Our deployment did not take long. It was no more than a week or two. I did it pretty quickly. I convinced the owner why we needed it and why this was the right move. I wanted to make sure I implemented it quickly and that we got some benefits out of it right away. I didn't want to let it sit around. It took less than two weeks.

My implementation strategy was mostly what I mentioned above: Review all of the guides, all of the walk-throughs, a couple of tutorial videos, get a baseline of what I wanted to enable and how. Then I did it offline, as you would expect. I brought the device into my office, got it updated, got everything baselined and set up the way I needed it to start with. From there it was just switch out early in the morning before users were in the office. It was nothing too out of the ordinary.

For deployment and maintenance of the product, it's just me.

I did it myself.

I believe there has been ROI, with the level of protection and things that are being blocked that we're aware of. And there is just the peace of mind of knowing certain things.

Some of this I'm simplifying a little bit because, again, a lot of these things have been implemented over the last four-and-a-half years. I'm thinking now of other features I've implemented that I'm very proud of, like locking down remote access software so people can't just come and use any remote access software to get in or out of our office. There's a sense of security because I only allow the remote-access software that we pay for and use. I don't allow any other protocols to get through. It is making sure we don't have people who work here doing weird things, but it also makes it harder for other people to break in. Just that peace of mind and all the other layers we have working is worth the money, in my opinion.

We had a trade-in offer at the end of our first three-year term. As a result, we pretty much got a free device by buying the three-year subscription. It was around $3,000 for the three-years.

We probably looked at SonicWall and ForcePoint, but it's been a number of years so I don't recall much of that process.

Do your research. It's not impossible. Do things in a logical order and make sure you understand what you're doing and how you're going to do it. Once you understand it and get everything working the way you want, it does get very easy to use and work with from there. Once you get over the learning curve of how all the pieces work together, it's very easy, very user-friendly, very easy to update, and very easy to make changes and document those changes - all that good stuff.

I tend to buy the hardware platform that's like one level above where we think we absolutely have to be at a minimum, so the performance has been adequate or good. I've yet to hit an issue where I feel the device is slowing us down or causing any issues because of the performance of the device, itself. We're usually limited more by our actual bandwidth. It's been great as far as our network and needs go.

In terms of the extent to which we're using the product, six months ago when I renewed the second three-year term, the subscriptions had changed quite a bit from when I had my first three-year term. Now, I have a whole list of new subscription services or modules or layers that I have not started implementing. I got a couple of the new ones implemented, to get some of the benefit, when I first got this new device. But there are a few more I want to implement. One of them, is packet inspection, which is difficult because that can really bog down your device. I'd like to have Dimension control to get better reporting. There are a couple of other ones that I have not implemented because they're new for me and I just haven't had the time to work on them. Threat Detection and Response is one I'm interested in which I haven't time to implement yet. It involves me setting up a client in each one of my endpoints and it keeps track of unusual activity there. That's probably where I want to go next. Maybe even the Access Portal could be useful for me, to have a place for vendors or customers go to access things inside our network.

We've gotten more features for our money because there's a new security package which wasn't available when I first subscribed, and that included pretty much everything. I had paid separately for APT, Advanced Persistent Threat protection, on my old subscription. To get that now, it was cheaper to bundle it with their total threat package. That included a lot of things like DNSWatch, which I did set up to look for malicious DNS access requests throughout my network. It gave me intelligent antivirus. I believe there's some kind of DLP module, which is one I haven't spent any time on. Network Discovery is another one I haven't spent time on that I need to work on. All of those came as new features with the new hardware and with that new subscription. The Threat Detection Response is definitely something I didn't have access to before. For sure, in this second three-year term, we got a lot more value for the money with what WatchGuard offered us.

I would give WatchGuard an eight out of ten. There's a little bit of room for improvement but I'm very happy with WatchGuard. I think it's a good fit for me. I won't often give a ten, just on principle, unless I feel they deserve a 12. That's when I give a ten.

I've definitely said positive things about WatchGuard to other people in the industry, people I talk to or know. I'm a promoter of WatchGuard, to be honest. I haven't seen anything I like better, but I haven't had a lot of experience with other devices. I've said good things to people on a regular basis, especially about WatchGuard's education, the emails and videos and other stuff they put out to try and help people, even when it's not related to WatchGuard products.

I use it as my firewall. 

We are using it to filter our email.

It roadblocks most everything, as far as viruses and stuff like that, from getting into my network and does a good job of that.

If there is any conflict, the reporting feature will kick out all types of information, which is great.

The most valuable feature is if I need to control spam. I can control everything with it, anything coming in or out of my network. The controllability is phenomenal.

You can control how you want things to go in and out of it. So, it is great for that.

The software in it could be a bit more friendly for an amateur user. I look at it and don't understand what half the stuff is. Looking at the interface, it is all mumbo-jumbo to me. It's not a simple interface. You have to be an IT guy to understand it. It is not for your average person to use, then walk away from it. It is much more entailed. It could be a bit more user-friendly, but my IT guy knows what he's doing with it. I just let him do most everything.

They need to make it so you have a step-by-step guide which goes through and sets it all up for you. However, they don't have that. You have to know what you're doing with it.

It seems to be stable.

There are always updates for it. So, they are always improving it. We are always putting updates into it all the time. They do a good job of trying to keep up on everything.

I just have a consultant who comes in every so often to do deployment and maintenance.

I haven't seen any restrictions as far as the scalability is concerned, so it seems to be just fine.

All of our users are just office workers. 

Our IT guy talks highly of the technical support, saying that they are pretty knowledgeable. He never complains about them. 

I've had WatchGuard ever since I put my network together. All I've used is WatchGuard.

They were discontinuing support for the last one that I had. Therefore, I had to upgrade to the M200.

The initial setup is complicated. Unless you know what you're doing with it, you can make mistakes, which are really difficult to recoup from. You have to know what you are doing with it. Otherwise, you'll screw it all up.

It only took our IT guy probably an hour to set it all up, but he knows what he's doing with it. He works with them everyday.

I just used an integrator for the deployment, who was good. I have worked with him for years.

There is an additional cost for support on top of licensing. When I bought my new unit, I received additional time added to my support. 

I just went by what my IT guy recommended, so I didn't really evaluate any others because he's very knowledgeable on all of these type of things. I just went off of his recommendation.

The functionality of the unit is great. However, you have to be pretty knowledgeable on how to work with its interface.

I don't any plans to increase usage. The product is always on and always being used.

I use it for protecting my network and for routing. Also, if my network connection goes down with CenturyLink, it automatically switches over to my Verizon cellular.

It protects me against malicious websites, as well as malicious downloads, as a perimeter anti-virus. I've also seen it blocking a lot of pings and different probes. 

A file wasn't opening on one of our mobile devices, so the owner said, "Hey, open it on your computer," and WatchGuard stopped it. I didn't have to try to remove a virus from my accountant's computer because WatchGuard stopped it. 

It has also saved me time by not having to rebuild because of damage to the network due to nefarious situations. Since I installed WatchGuard, it has probably saved me 20 hours a year thanks to increased uptime as well as not having any issues with viruses on computers. It's protecting my network and I don't have to deal with downtime.

It has increased productivity in security management.

I've also had very good uptake time. I would have to reboot my previous routers once a month or so or try to figure out what was wrong with them. With WatchGuard I've had zero problems. If I ever have an issue with connecting to the internet, it's always due to my internet provider.

As the person who manages IT for the business, it saves me thousands of dollars.

• Safety
• Uptime

The solution's reporting and management features are good.

I would like to see more simplified management of the firewall. It's something that I've had to bring in outside support for - for setting up the firewall - because I don't fully understand it yet. I've been learning it. Some of that is my fault, but it's a complicated system to use. I don't know if it can be simplified much, because of the nature of what it's doing. But it's very complicated.

It's very stable. I haven't ever had a product that is this stable.

It appears to be scalable. Scalability doesn't apply to me very much. I did have to buy a new router since the last one wasn't powerful enough. But it was not too bad because I was able to upload all my previous settings to this new one. It handles our entire network, but I don't have any plans on increasing usage.

We have 15 employees and everyone uses it for some sort of connection, whether it be for their phones to connect to our server for our time-tracking system, or for our office computers. I'm the only person who takes care of its maintenance.

I would rate their technical support very highly. They are very knowledgeable.

I used Ubiquity. I switched because it was not stable and it would not provide a lot of the services that I needed.

It was complicated, but it's hard to say that it's the fault of the device itself, and not the complexity of what I was doing. It's managing my internet connection. I eliminated my internet provider's modem from my network. It's doing all of the routing and the work of the modem for my fibre internet connection. So it was complicated to set that up with my internet provider, but I don't know if that's due to the appliance itself.

The deployment took less than a day. It's hard to say exactly how long it took because I do woodworking as well as maintaining our network. It's hard for me to give it my full attention but I would say it took about four hours.

I purchased it through Last Mile Gear, a reseller. One of their techs assisted me in installing it. He was pretty helpful. I also called WatchGuard's helpline and they were very helpful.

The service seemed fairly expensive, but when I saw it stopped a malicious file and saved our computer from having to be rebuilt, I upped it to their Security Suite. It definitely showed itself to be useful, and I'm glad that I have it.

It's prevented network intrusions, which is invaluable. Having 100 percent uptime so far has made it a great value.

The cost three years ago was about $800. There were no additional costs beyond the initial purchase.

The reseller recommended WatchGuard, so that's what I went with.

If you can understand the way the firewall works, the logic of the firewall, it will serve you really well. It's a very stable, great product.

I started with a T10. I ended up needing a more powerful version, so I bought the T30 about two years ago. I've been very happy with it. The usability is difficult but it's a complicated system. It's a professional solution. I wouldn't recommend it to my friends for their homes, but for business, I think it's a fantastic solution.

I'm happy with the throughput on the T30. The T10 was definitely lacking. It was definitely slow.

I would rate it a nine out of ten. The way to make it a ten would be to make it easier to use for a novice.

We really don't use the firewall too much, we use it more as a VPN. We've got several different networks that we're joining through WatchGuard.

It has made firewall configuration really simple. It doesn't take years of training or certificates to go in and manage it. That's a big deal. We set up our firewall, operating as a VPN. It's bringing several networks together and it made that process easy.

In terms of my job, it's taken so little of my attention. I have worked with Cisco firewalls and they were complex. WatchGuard is easily understood and managed. It's easy to watch traffic go through the network, to look for ports that are closed or open, and to see what's actually moving through the network and what's not. It has made it easy to understand network traffic.

The learning curve is very small in comparison to the Cisco firewall. Within two hours, I was managing WatchGuard, whereas with Cisco it might have taken a month to accomplish that same level of proficiency. As far as the control of traffic is concerned, I spend one or two hours a week on WatchGuard, as compared to about eight hours with the Cisco firewall. It has freed up my time to do other things.

What I like most is the analytical side. It's pretty simple to understand when you want to do any diagnostics on your network. If you want to go in and see what packages are having trouble getting through, what's being held, stalled, etc., it's very easy to use in that way.

In terms of the usability overall, it's pretty simple but, at the same time, it's pretty full-featured in terms of what it can do. We only use part of it, only because that's where we're at right now. But for a small network, for a small organization, especially, it's a complete solution to your firewall needs. It's relatively simple for me to get into and to work with when I need to; if I need to set up an ARP table or to create different reports. For a smaller network with lesser-trained IT people - if they're lucky, they've got one IT guy trying to do it all - it's an excellent size. Whether you've got a few machines or several hundred, it's pretty simple.

One of the things that is always valuable is workshops. It's really hard to get away and do webinars, but what I would like is a selection of webinars. I see WatchGuard comes forward with a webinar where they're going to introduce this or that. I'd like to see a lot more of those and a lot shorter.

On lynda.com I can just point to a video to show me something I need to know how to do; for example, how to merge contacts in Outlook. But it is a ten-minute video. I would like to see more of that kind of learning. I'm sure WatchGuard has got all these videos, has got the webinars and the training sessions. But when I need to know something, I need to be able to get to it quickly. I want an indexed learning system very close to what lynda.com might use. I also want to be able to put questions forward either in a "frequently-asked-questions" forum or by sending them up to the support team for quick reply. 

I want to be able to go to a portal and put in my problem and have WatchGuard bounce back to me with, "Well, this is how we can do it," or "We don't have a solution for that." And then I can go to other vendors to look for a solution.

The more targeted learning system I can have, the better. If I have to schedule a webinar that might take 30 minutes, there's a good chance I'll miss it. I sign up for webinars and it happens that I'm not available because I've got other fires going. The learning has to be there almost at my whim: "I've got a fire burning, I've got to figure out how to put it out. I need a ten-minute video to show me." Those learning sessions have to be available and easily found, when I need them. I have so little control over my schedule on a daily basis, and I'm sure I'm like many others.

One other shortcoming is that there is no backup for it. We really haven't figured out how we might solve that problem. We may want to put a duplicate in. With Cisco, it's not uncommon to have dual firewalls with something our size. That way, if one were to fail, we've always got the other. With WatchGuard, we just have the one box. If that were to fail, we'd probably be really hurting.

I haven't had to look at it in nine months. It just works pretty painlessly. It's very stable. It's kind of invisible.

We haven't hit a limit. We have the wireless running through it, a camera system running through it. There are 50 workstations running through it, as well as servers. I don't have any problems with it whatsoever. 

Tech support is everything for any product. WatchGuard's technical support is up there at eight or nine out of ten. That's really what you're looking for in a product; more than the product itself, it's that support. If it's not there, you can just frustrate yourself to death on solutions. WatchGuard is support is easily available and know what they are talking about.

We were looking for a solution. The engineer that I had knew of WatchGuard and thought it was probably a good idea, and that was the whole strategy. He had worked with it before and he was the lead engineer when we implemented it. He was right about WatchGuard, it is a good product.

We were using Ciscos. They were aged and out of date. They were pretty well done. Our options were to get new Ciscos and get them configured. Of course the deployment and hardware were expensive. And the maintenance or the management, in the long run, was much more expensive.

With the WatchGuard, the initial hardware was less expensive. And the implementation, because it didn't require as much training, was much less expensive. And the management is much less. When I say "much less," I'm talking about 25 percent of the cost of what the similar Cisco would be.

I remember it being somewhat complicated. There were some complications we ran into; it didn't seem to be quite as easy as what we'd hoped. We did have really good support though, from WatchGuard, on the other end, assisting with the setup. That made all the difference in the world. That made it pretty painless. That was the key. 

When you're configuring a new piece of hardware, there's always some little switch that you miss or that just doesn't make sense. When you've got that support on the other end they know exactly where to go... WatchGuard had that.

At first, we were running into some issues configuring it to meet our needs. It was throwing us for a loop for a while. The issue was setting up the correct rules. But from the time we got that done, it just sits there and runs. We've had it 15 months and I haven't seen it in nine months. We got it configured and set up, and it just operates. 

We had it running on the first day, literally within hours. We had a lot of configuration to be done over the next six months, twists here and there. But as far as actually being able to set it up and have a firewall in place, that was done within two or three hours.

There are no costs in addition to the standard licensing fees. It was pretty much, "Get the license and you're good to go for the year."

We looked at Cisco in addition to WatchGuard. We didn't look at anything else.

I wouldn't hesitate to implement this solution. Particularly if you're down to an IT staff of one, this is a really good solution. If you're that small and your IT staff is very limited, then you're probably lacking the onsite expertise to move to a more expensive solution anyway. I would strongly recommend it.

We've got three people who sign in to WatchGuard, me and two others. Beyond that, everybody else is just an end-user. I'm the only full-time IT person we have on staff. We do have a vendor that we use for a lot of our engineering solutions and design. They spend about 12 hours a week on our network.

As for increasing our usage of it, I don't know what all its capabilities are. I deal with problems all the time and I have to come up with solutions for them. I don't foresee any expanded use of WatchGuard. However, it may be that it can solve some of my problems much more simply than some of the other solutions I'm thinking about. But I don't really know how it could at this point, so I'm not seeing us using more of it than we are now.

I would give WatchGuard a ten out of ten. It's simple, easily managed, and it has good tech support compared to other products out there. Because it is a full-functioning firewall, it does everything with full support. You're not buying a cheaper quality of firewall at all. It's full quality, fully functional and has good support.

We use it for our firewall as well as for our branch office VPNs.

The WatchGuard devices allow us to self-manage our network and our branch office VPNs. As a result, we've saved ourselves a lot of money, without compromising our security. It provides a much more economical and effective solution. We used to have an MPLS network which was a cloud-based firewall system and it cost us a small fortune every month. But when we implemented all these firewalls and got it all configured, up and running, we literally saved ourselves $10,000 a month.

It makes managing the network a lot easier. It takes care of our network for us.

Once it was set up and running, it began to save us time. It works, and we spend very little time managing it. We have very few issues with it. We might spend an hour a month managing it, if that.

The firewall aspect and the branch office VPNs are the most valuable features. They just plain work. We don't have any issues with it. We don't have to spend a lot of time maintaining it. You set it up and, for the most part, you can forget about it.

In terms of the usability:

• It's user-friendly with an easy user interface.
• It has a lot of features.

The throughput the solution provides is good.

In addition, WatchGuard provides our business with layered security. It certainly protects our network, blocks unwanted incoming traffic and, at the same time, can manage outbound traffic too.

We use WatchGuard to manage our failover for internet. If a primary internet goes down, it does a failover to the secondary the internet. However, what it doesn't do so well is that if the primary internet has a lot of latency but it's not completely down, it doesn't do a failover to the backup in a timely manner.

The stability is great. 

We don't really have any experience with the scalability. We implemented the appropriate devices for our size and we haven't really grown to the point that we've had to upgrade devices. The scalability is fine in the sense that we have some locations with more people, and WatchGuard has a slightly beefier device than we use at some of our smaller locations. All in all, it works well.

All of our networks are managed by WatchGuard. If we add locations we'll be using it for them as well in the future, although we don't have new locations on the horizon. We use it every day because it manages our network. Because all of our network traffic runs through WatchGuard, everybody uses it. But they're not using it for a specific function, other than to communicate between locations.

The customer service is good. If we have an occasional issue there are helpful. They help us resolve problems. Overall, I'm pleased.

We had a third-party MPLS network that managed all of the cloud-based software but it was very expensive. It was similar in effect, but it was a third-party, as opposed to WatchGuard which is self-managed. The main reason we switched was the pricing.

The initial setup was a little complex. But once we understood how it works and after we got the first one configured, the rest of the firewalls were pretty easy. It is pretty straightforward. It is just a matter of learning it initially: understanding the nuances of the application and the user interface, understanding how to set it up and understanding what does what and the naming of features. That initial learning curve was a little steep, but once we got into it, it made a lot of sense.

Company-wide, our deployment took about 30 days.

Our initial implementation strategy was to do a backup to the internet and ultimately remove our MPLS and use the branch office VPN to manage it ourselves.

We were helped by an authorized WatchGuard reseller on the initial setup. Once we got through the first one, we took over from them internally. The reseller was NetSmart. Our overall experience with them was very good.

We still have a relationship with them. We do a lot of our stuff in-house, but if we have something that we need a little bit of help with, we do reach out to them from time to time. But doing so, for us, is pretty rare at this point.

We have absolutely seen return on investment. We saved a small fortune switching over. It paid for itself, literally, within the first couple months.

When we bought them we got a three-year license for each device. The two larger devices are about $1,000 each and the smaller ones are about $500 or $600 each. 

There are some additional software features that you can add on and pay for, but we don't use them. 

We didn't evaluate other options. The WatchGuard reseller was a company we had done business with before and they recommended it right out of the gate. We went with that.

It's worth it, depending on your current network environment. If you are in the same situation we were in, it's really a no-brainer going from the MPLS network to self-managing it with simple broadband internet. It works great. To be honest, you'd be crazy not to do it. The advantages of WatchGuard over MPLS are that it's cheaper and you have more control because it's self-managed. The only con is that it does require a little bit of maintenance that you wouldn't otherwise have to do, but it's minimal.

In terms of distributed locations, we have a firewall at all of our locations. Once we got it set up we'd visit a branch, install it, test it, and implement it.

As for maintenance, it requires just one person, a network administrator. We manage it ourselves and there's not a whole lot to it.

WatchGuard Gateway AntiVirus is a firewall solution. We use it for internet access for our employees and network security in business operations.

WatchGuard Gateway AntiVirus is just a firewall. It's a very good solution for network security automation, but it does not improve our business work.

I value the stability of the product most. WatchGuard Gateway AntiVirus also has great scalability. But for us, it's only about ten people who use it.

I would recommend the solution. It's a good and stable product. Nothing is too difficult. 

The solution was very good with the anti-virus. I haven't a problem with anti-virus stability using WatchGuard for over two years.

My company is not big. Since we purchased the solution, it's been normal. No problems.

WatchGuard technical support requires a license. We never called them because the solution is working correctly and conveniently.

The setup is easy if experienced. The web interface is no problem. It takes only one hour. 

The solution is a pop-in installation. I did it by myself.

WatchGuard Gateway AntiVirus has VPN access for all systems. It's a firewall and an anti-virus agent. It's fully complete for my company.

I would recommend the solution. On a scale from one to ten, I would rate it at ten.