WatchGuard Firebox Reviews

It's a perimeter device and I use it as a DNS server for my domain, but I'm not the typical user for this type of device. I'm a hobbyist when it comes to this type of product and I use it in a small office environment.

It's competent. There's really nothing technically wrong with it. This is just a small device, and I don't use it for intrusion monitoring. I am only using it as a basic front-end and I have port-forwarding for services behind the network.

I use it to give access to some remote users. I give them access to their desktops with RDP and I have a client so they can register on the domain network with dynamic DNS. The ports that I have assigned appear to be unattainable to outside "mal-actors," unless they have an address registered on the internet that this thing is expecting. That's a layer of security.

I don't think I can get a full-blown DNS client from it. I've been trying to have DNS services. It has forwarding, but I don't get the services of a full DNS client. My main difficulty with it is that I can't run a complete service. I need NTP. I need DNS. I need DHCP for my domain, but I only get forwarding. As far as I can tell, I don't get caching and the kinds of reporting and registration needed to host a DNS for a domain. I have to have a separate solution for that.

I also struggle with its usability a little bit. I come from an open source background, so I'm accustomed to BIND and DHCP from Linux builds. With their tools I'm struggling to have a web interface. I'm not getting a third-party web interface, so I'm using Webmin, which I have become accustomed to. You have to relearn or find services that you know are there. You have to figure out what they mean by an alias. Setting up a network interface or port-forwarding isn't necessarily using the language that I'm accustomed to. Every time you deal with a new user interface, they structure things differently. Where do you go and how do you maintain it and how do you document it?

So I'm frustrated often when I get involved in vertical software where they start to brand or rename things, or they've adopted terminology. An example with WatchGuard is that every time I want to find a log, I have to search forever to find just basic logging. It's in there someplace, consistently. It's just that there isn't a button that says "logging."

I've been using Firebox for two or three years.

The stability seems perfect. The last time I rebooted it was a half a year ago. 

Hardware-wise, it's comparable to a Linksys consumer perimeter device. It's obviously got more bells and whistles behind it. It's some sort of ARM processor. I'm sure it's pretty low power. It sits there and idles and I can always get on it, and I can set it up with additional security to keep the ports safe. 

The DNS works fine, although it's a little clumsy to find, and get at, and get set up. And I can set up some sort of VPN on it. I haven't at this point, but I've got a couple of licenses for VPN if I needed that for my home office.

In terms of scalability, I would imagine they know what they're doing. I would imagine you could make it as big as you want it. I've seen some of their devices, with the intrusion detection, that are designed for large networks. We've got 15 or 20 devices here. At any given time, I have five active users, and they're mostly just getting Gmail or streaming music to their desktops. Our needs are really small, but I would imagine that a company like WatchGuard knows what it's doing and that they could scale it up as much as you need it to. 

There's also WatchGuard Cloud. I think it's part of a subscription service and it maintains some sort of a threats database or maybe prevents users from getting on certain items. But those things are frustrating. You set them up and then people can't get where they want to go, and you have to crack the cloud on that. It's one thing if you're administering hundreds of desktops, but I can see all of mine. I know where my security problems are.

When I first got the device I was thinking, "Oh, I could at least, just out of curiosity, dig into the intrusion detection and traffic monitoring stuff." I was reading some of the guides. It has the power, but it's going to start to slow network traffic at a certain point. So I just didn't pursue it anymore. My impression was that you would want to buy models that are two steps larger than this if you wanted to actually do any effective stuff. 

For my purposes, I would just fire up a virtual machine, install pfSense and Snort, and figure out how that works. I could have as much hardware as I needed anytime I needed it.

I had an inexpensive perimeter device, a $100 Linksys product. Behind that, I had DNS, DHCP, NTP, print servers, and my domain management. I use Samba for that. I just used whatever firewall was there.

I switched to WatchGuard because I was experimenting with this VAR—he's a friend—to see if I could take what I've done and to get to know some of his tags and put some sort of a service agreement on my infrastructure, through his resources. We talked about it and they were seemingly interested. They do documentation or I might bring them in to do some of the coding projects I suffer with.

My experience has been, in my unique situation, that when I end up bringing somebody in from a third-party, it's more work to train them. You're training somebody from a VAR and they are going to charge $150 an hour or so. That's a pretty healthy investment. The training would take a lot of my time. If I take that time and just solve my problem on my own, I get a two-for-one. I don't have to pay for it outside the company.

But that's why I was bringing in this WatchGuard device in my particular situation. I was just experimenting and seeing if I could find a guy at this VAR whom I felt was worth investing more in, and having him be a third-party to maintain my system if it goes down or I get hit by a bus.

I had to learn it. I had to find where they put stuff.

It took minutes to get the thing up and operating. I started to configure DHCP and puzzle through what they meant by that, and find ways to identify what leases were there and if it was able to register with this other DNS server I have on it.

I've fussed with it any number of times, setting up the port-forwarding for the RDP clients. I knew where to go and what to do, and I got that working pretty quickly. But that was one of the situations where I needed to see a log to see what was happening—it wasn't answering—and to find out what the function was, I had to find the log. It took me an age to find the log. Once I found out what was being rejected, then I figured it out. I've had a couple of bouts of that.

The VAR came in—they charged me plenty, a couple of hundred dollars—to set the thing up. He put the thing down. I said, "How do I get onto it?" He made an account for me on it, but it wasn't, by design, to be user-configurable. Normally, they would configure it from their side and every time I would want to make a change I would have to call them.

Then I asked him about the DNS , and he said, "Well, is this it?" He didn't really know it very well. He was just a mid-level tech for a VAR who can set the things up in their base configuration, but he couldn't answer any questions.

From there, it was me. I can't get support from the WatchGuard group itself because they work through the VARs. So I'm looking at those websites that have server guys who talk about things that frustrate them, to find where the DNS is. Even now, I can't easily find logging. I have to search for it every time I want to see a log. The frustration I have with these devices is that they're put together in a certain way and you've got to learn where they want you to go to get what you want.

I spent $600 or $800 on this product and I'm paying a couple of hundred dollars a year in a subscription service to keep the lights on, on it. I imagine there's some aspect of it that I won't be able to utilize if it goes off of support.

For what it is—for example, for a doctors' office building or a situation with remote offices and no tech guy on staff—it's perfect. It has antivirus subscription services, IPS, web blocker, file exception, spam blocker, application control, reputation defense, botnet detection.

It works out to $100 or $200 a year if you buy several years at once. It's fair. But when you get into the intrusion detection and gateway stuff, it can be fairly expensive and you're going to need more expensive hardware.

I looked at a lot of stuff. I'm familiar with pfSense. I have used that a little bit here and there over the years, so if I went to an open-source solution I would go straight to that. And I looked at the professional versions and this one had a $700, three-year service contract on it and it handled VPN. The VAR supported it and they like it.

I don't really feel that it improves anything compared to a more common firewall device. It's certainly less capable or less configurable compared to something like a pfSense, an open source perimeter device that can be integrated with intrusion detection and network monitoring on a computer or on a virtual machine-type of setting.

The thing that the Firebox adds is it's managed and a VAR can support it. It's a known entity. It's supportable, whereas it's more difficult to support a pfSense-type of setup. You pretty much have to maintain the latter yourself.

It's there for a reason. It's there for VARs to be able to put in a known device that they can train on and the user doesn't need to manage it much. In my circumstances, I'm the IT guy of the company, and it's a small company. I'm also the owner and I understand this stuff. It's somewhat of a hobby for me to be able to configure and have a competent domain, without having to pay a VAR tens of thousands of dollars a year, and without having to pay subscription services. I'm not the targeted client for it. I'm more like the hobbyist and the super-geeks who use open source, freely available tools. The types of people who need this sort of service shouldn't listen to me. A hobbyist would never touch this product.

Use it. It's very unlikely that a perimeter device is going to be cracked unless you leave something really crazy open. Most consumers are going to have some sort of perimeter device involved with their internet delivery and they're going to have some sort of a reasonably clean plug, with some port forwarding for their outbound connections coming into their network. And then if they're geeks, they're going to set up a pfSense virtual machine or get a little ARM processor.

I wanted to have a physical device at the network that I could just glare at. But you can set up a perimeter device with hardware, pfSense, or virtual pfSense, in the back of a 20-year-old computer. As long as you're careful about how you set up your routing, it's as effective as anything.

In terms of its throughput, we barely use it. All we're really doing is using it as a perimeter device and gateway. It's just fine. It's a tiny little thing. It has two interfaces plus the WAN interface. It's fine for what I do. I trust it being maintained. And until I got to the point of wanting to use it for domain monitoring, and traffic shaping or IDS-type of stuff, it really didn't require any processing power. It's competent for that.

It's a firewall so it provides my business with layered security. But it's got additional options, many of which you have to pay for. My device is too low-powered to efficiently host any of that stuff. I'd probably have to upgrade hardware in order to do the layered security types of things, and I would probably have to pay a fairly expensive subscription.

For the cost, if I got to the point where I was going to make a change, I would probably go to an open source tool, and suffer through that too, but get it to the point where I could do pretty much anything I wanted with it.

I should be in a situation where I have somebody else maintaining this stuff and not doing it myself. If that was the case, I would use a device just like this. But if I'm still playing around with the nuts and bolts of IT management in my company, then I'm probably going to revert to an open source tool again.

Firebox is 10 out of 10 at what it does. In terms of usefulness and reducing frustration, at my level, it's a three. It's not targeted for me, but it's good at what it does. Overall I would rate it at eight. I don't have a bad thing to say about the hardware and the software, for what it is. It's just frustrating for my particular use case.

We have had some difficulty introducing the brand on the market because, in Angola, we have another brand with a more aggressive approach than WatchGuard. The end users prefer other brands like Sophos and Check Point over WatchGuard Firebox. We will soon be an expositor of WatchGuard Firebox. We have some customers that use Panda Security just for endpoints. We have some customers that use WatchGuard Firebox directly or indirectly.

WatchGuard Firebox is the most powerful firewall for Wi-Fi security.

The scalability of the solution needs improvement.

I have been using WatchGuard Firebox for more than one year.

WatchGuard Firebox is a stable solution.

I rate WatchGuard Firebox ten out of ten for stability.

At the moment we are providing support to five customers.

I rate WatchGuard Firebox a nine out of ten for scalability.

The solution’s technical support team is very good. We have always received quick responses from the support team.

WatchGuard Firebox’s initial setup is very easy. The configuration is easy since the solution is user-friendly and has an intuitive platform and dashboard.

The solution is not expensive and customers pay for a yearly license.

We have a direct relationship with the master distributor of WatchGuard Firebox in Angola and Africa. WatchGuard Firebox is the only solution we work with for firewalls and cybersecurity.

When we start WatchGuard Firebox's deployment, we redirect it to the cloud.

Overall, I rate WatchGuard Firebox ten out of ten.

The WatchGuard Firebox is our version of a firewall. It has several use cases. 

WatchGuard Firebox's two-factor authentication feature is particularly useful and provides an added layer of protection. It's been a reliable and stable solution for us.

When working with WatchGuard, specifically in configuring Panda Security on the portal for the first time, it was challenging for me. Creating the partner center and setting up the account in Panda Security was not straightforward. Although working with the Panda Security part itself is easy, I faced difficulties in creating the partner center. So, maybe this could be an area of improvement. 

Another area of improvement is the license. The price could be cheaper. 

We currently use WatchGuard Firebox T20 model.

There are around 26 users using this solution. In terms of user capacity, the T20 model can support up to 20 users.

WatchGuard Firebox is easy to use and set up. I work with the solution every day, so I'm quite familiar with it. In my experience, setting up WatchGuard has been straightforward. It didn't require much effort. 

Although I have spoken to others who mentioned that implementing it for the first time can be challenging, I personally found it easy. I had no issues with the setup.

Whether it was deployed in the cloud or locally, it took a month. I maintain the solution and provide technical support. 

I recall when I bought the first Firebox; someone advised me to start by seeking assistance from the WatchGuard support center. I found all the necessary information to implement the solution. That's why I believe it was relatively easy for me to implement it the first time. However, I am aware that many people find it challenging to implement WatchGuard on their first attempt.

Currently, we use an internal lead to sell WatchGuard to our clients. So, the price varies. However, it's worth mentioning that our internal use of WatchGuard includes Panda Security as well.

We do pay for a license. It's a three-year license. It is an expensive solution. The price could be lower.

WatchGuard is not a widely known solution in my country. People here tend to use CheckPoint, Fortinet, and Palo Alto more. However, I believe WatchGuard is a good solution that more people should be aware of and consider. We are actively working to promote it in Angola. In fact, there might be more companies in our country that could benefit from using the WatchGuard solution.

Overall, I would rate the solution an eight out of ten.

WatchGuard integrates with our firewall to provide threat detection and remediation. 

I like WatchGuard's network segmentation features. It's easy to configure user policies.

WatchGuard should offer more visibility into user activity. For example, we should have more details when WatchGuard denies a user access to a port. 

I have used WatchGuard for about 10 years.

I rate WatchGuard nine out of 10 for stability. 

I rate WatchGuard nine out of 10 for scalability. 

WatchGuard is easy to set up.

We have seen an ROI. 

The price is excellent. 

I rate WatchGuard Threat Detection and Response nine out of 10. I recommend it. 

We primarily use the solution to secure our networks in branch via SSL and VPN. We also use it for our web pages hosted on our servers. This product handled everything UTM.

The solution has benefitted us by offering a secure connection. We don't spend as much time analyzing when traffic goes somewhere. We have clearance capabilities. We see what happens in our network.

The hardware is quite good.

The solution is fast. When we commit and change items in Firebox. It just works and it is simple. When you drop a connection, it gets dropped in a second. The speed is important to us.

It has everything we need in terms of functionality.

The solution is scalable.

It is stable and reliable. 

Pricing is reasonable. 

The UI and web view aren't nice. The fonts are too small, for example. 

I've been using the solution for three years. 

It is very stable. I haven't seen any issues with it. There are no bugs or glitches. It doesn't crash or freeze. It is reliable. I'd rate it nine out of ten in terms of stability.

The solution can scale quite well. If a company needs to expand, it can. I'd rate the ability to scale at an eight or a nine out of ten. It's easy.

I've never directly reached out to technical support.

When we need to make something really good, we need to take the time to ensure that's the case. However, the configurations are simple.

We had a business help us implement the solution. 

So far, the solution has been worth the cost.

The product isn't necessarily expensive to acquire. The pricing is reasonable. 

There are no extra costs or hidden fees. 

I'd rate the solution nine out of ten. We've been pleased with the product overall. 

The main use case is to avoid zero-trust attacks because, from Application Control, I can only run known applications. Every unknown application is placed on hold or blocked.

Zero-trust and threat-hunting services are most valuable.

It is easy to use, and with the features it has, you feel that you are being protected.

The time they take to classify an application once they find that it is unknown can be better.

I have been using this solution for three years.

It is very stable. I would rate it a nine out of ten in terms of stability.

It is scalable. I would rate it a nine out of ten in terms of scalability.

Their technical support is very good. I would rate them a ten out of ten.

Positive

I would rate it a nine out of ten in terms of the setup. The duration depends on the number of computers. For less than a hundred computers, it can take one or two days. We have one engineer for its deployment and maintenance.

Our clients have seen an ROI. Because of its ease of use, they don't have to invest a lot in human resources to maintain this solution.

Its cost is okay. It is not too expensive, not too low. I would rate it a nine out of ten in terms of pricing.

To those who are planning to use WatchGuard Application Control, I would say that you can use it with confidence.

Overall, I would rate it a nine out of ten. 

Our primary use cases for WatchGuard Firebox are routing and VPN, including the integrated firewall. We do not use the SSO system or any other router features.

WatchGuard Firebox was able to help our organization during the pandemic as we were obligated to work from home. We were working remotely, so the VPN feature of WatchGuard Firebox allowed remote work.

The most valuable feature of WatchGuard Firebox is the VPN. It's easy to connect to the VPN.

The user interface for WatchGuard Firebox has room for improvement. Right now, it's a bit complex to work with and could be easier. I like Fortigate better because its user interface is nicer and easier to work with than WatchGuard Firebox, so improving the user interface would be great.

I've used WatchGuard Firebox for two to three years and still use it at work.

WatchGuard Firebox is a nine out of ten in terms of stability.

In terms of scalability, WatchGuard Firebox is an eight out of ten.

I didn't have to call the WatchGuard Firebox technical support team, but the support on the website is a six out of ten.

Neutral

The company used Fortinet before using WatchGuard Firebox, though I don't have information on which Fortinet product and why the company switched to WatchGuard Firebox.

I wasn't involved in the deployment of WatchGuard Firebox because I wasn't there when the company chose the product. I just learned to love it.

WatchGuard Firebox was great for remote working, but I have no information on its ROI.

I have no information on WatchGuard Firebox costs.

My company uses WatchGuard Firebox. There's a Watchguard router for the internet and three sites on WatchGuard.

I'm using WatchGuard Firebox M440.

The product is deployed on-site.

I can recommend WatchGuard Firebox to anyone looking into implementing it, but I cannot advise on how to implement the product for your network or environment.

My rating for WatchGuard Firebox is eight out of ten.

My primary use case is for my network security even when I am out of the office.

WatchGuard Firebox has improved our organization one hundred percent from before we started using it.

I have found the DNS Watch feature for intrusion and prevention response and APT Locker most valuable to me.

I would like to see more training become available for us. I would like to see the port conflicts improved.

I have been using WatchGuard Firebox for the past five years.

The stability is good.

There is excellent scalability and we are using it at full capacity.

The initial setup is quite complex and difficult, especially for first-time users. You need to go on the website and study it before you start using the policy manager. Once you start using the policy manager it becomes easier.

We used a third party and the deployment time takes less than ten minutes.

The return on investment is that it saves us a lot of time from intruders creating problems.

The licensing can be a one-time purchase unless you need the extra services for example twenty-four seven support.

I did try pfSense and FortiGate and decided WatchGuard Firebox was what I needed.

I would rate WatchGuard Firebox a nine on a scale of one to ten.