WatchGuard Firebox Reviews

We are WatchGuard partners, and we also use it on our own. We are using it for general firewall purposes and vulnerability management. We are also using some of the additional security stacks such as intrusion detection and so on.

We are one version behind the latest version. We have it on-prem at the moment, but some of our customers have private cloud solutions.

I like intrusion detection the most.

I'm pretty happy with it, but vulnerability management could improve a little bit in comparison to other parts, such as Cisco and so on.

There could also be better reporting. For example, there should be more out-of-the-box management reports. These two improvements would be nice.

I have been using this solution for around 10 to 15 years.

It's stable.

It's scalable, but I haven't compared it with others.

There are five people who are using it from an administrative perspective, but everyone is using WatchGuard because of the VPN.

I haven't interacted with them myself, but my colleagues state that their support line is good.

Its setup is of medium complexity. It's not super easy. Everything is in its right place, but it's not as complicated as other vendors. It's in the middle.

The deployment duration varies. Depending on your needs, it could take a few hours.

It's in the medium range. Its price is pretty good considering the functions and add-ons that are used.

I would advise having a proper look at the features because there are a lot of different versions, scales, and limits on different Fireboxes. You have to decide in advance which one is good for you in terms of performance, future needs, and so on. You shouldn't have too many changes in your landscape. 

I would rate it an eight out of ten.

I found several features valuable in WatchGuard Application Control such as the HTTP Proxy, DNSWatch, VPN, and HTTPS Content Inspection.

What could be improved in WatchGuard Application Control is its price. It could be cheaper. You always want the best price for any solution, but for security products, pricing is usually on the higher side.

I've been using WatchGuard Application Control for five years now.

WatchGuard Application Control is a stable solution.

WatchGuard Application Control is a scalable solution.

Whenever I need support for WatchGuard Application Control, I'm able to get it from the vendor.

The initial setup for WatchGuard Application Control is easy if you understand its UI and features. I would rate its setup as four out of five.

The licensing model for WatchGuard Application Control is based on the number of users. WatchGuard Application Control also has licensing models with several features.

On a scale of one to five, I would rate the price of this solution a five.

The number of users for WatchGuard Application Control is currently five hundred, in several locations, for several clients.

My advice to others looking into using WatchGuard Application Control is that it's a great solution. It has several features, and every year, WatchGuard implements another solution that complements its security functions. WatchGuard Application Control is always improving through the addition of new features.

My rating for WatchGuard Application Control is nine out of ten because it's a good solution for me.

My company is a partner of WatchGuard.

I mainly use Firebox for SSL, VPN, internet proxy, site-to-site tunnels, and intrusion protection.

Firebox's best feature is the access portal.

Firebox would be improved with integration for endpoint protection solutions.

I've been using Firebox for three years.

Firebox is generally stable, with only some glitches here and there, and its performance is okay.

Firebox is scalable.

WatchGuard's technical support is okay, but they could do more to push knowledge so the customer could solve their own problems.

Neutral

The initial setup was straightforward.

We used an in-house team.

Firebox is priced reasonably.

I would give Firebox a rating of seven out of ten.

I use WatchGuard Threat Detection and Response to protect our clients from ransomware, spam, and other threats. We want to make sure all their applications are secure.

I have been using WatchGuard Threat Detection and Response for approximately two years.

WatchGuard Threat Detection and Response is a reliable solution.

I have found WatchGuard Threat Detection and Response to be scalable.

We have approximately 30 people using this solution.

If we are not able to find answers to our questions about the solution from documents we can contact the support online through a portal on the application we have. They are able to help us when we have issues.

I was using a different solution previously to WatchGuard Threat Detection and Response.

The installation of WatchGuard Threat Detection and Response is straightforward. It did not take a lot of time, approximately 10 minutes.

There is a license required to use the solution and we pay annually. The price could be reduced because it is a bit expensive.

I would recommend this solution to others.

I rate WatchGuard Threat Detection and Response an eight out of ten.

Actually, we do not use WatchGuard Firebox, we just sell and sometimes deploy and install it for the customer. We usually set up a few basic policies then give it to them to continue on.

The features that I have found most valuable are the FireWall features. The management side of WatchGuard is quite easy because it supports two ways to manage it - by the web and the other one they call WatchGuard systems manager. I used to be familiar with WSM only, but they improved their GUI in the web browser and now it is much easier to do it within the web browser.

The other feature is the side to side VPN. We have a bank client and they use a WatchGuard device for their headquarters and other WatchGuard devices for their branches. Setting up those IP's and VPN's was quite easy because the relay was at the branch office where the VPN resides. So that was quite handy to set up.

In terms of what could be improved, I would say their web blocker feature. It is still quite a confusing setup, especially when you want to filter out a particular category for granularity. For example, you do not want to filter Facebook but you do want to filter Facebook games only. It can be done, but the process to do it is very confusing.

We have seen other products like Sophos, Checkpoint and Palo Alto that were much easier to set up their web built setting than it is with WatchGuard. So aside from all other features, including the VPN security policies, the only feature that is quite confusing is the web block feature.

They could make the web blocker much easier to set up.

In terms of scalability, they have models like the 5,000 series and 6,000 series. We have not reached that yet. We are only a small company and our customers are only small and medium businesses. So no enterprise companies yet. But I think if we need a bigger box, we would go with the 5,000 series.

Right now we're only at about 200 hundred users. Sometimes we are trying to push for the 300 series or 500 series, but not yet.

We require a staff of one or two for deployment and maintenance.

I think technical support is okay. When I log a case, they usually respond within a day. Then, if they need to do some things for the client, they are quite flexible and do it based on the client's schedule. So no problem with the support. They are good. So far all our issues we have raised, and we have large cases, have been resolved. So their tech support is quite good.

We switched because WatchGuard is cheaper. An old product that we previously sold was quite expensive, especially the security renewal after every year, but WatchGuard offered quite a competitive price and in a bundle that was much easier to understand. Cyberoam, for example, was quite complex to set up under licensing. Cyberoam was bought by Sophos. So we switched to WatchGuard for the price.

The main highlight is price. The client has quite a tight budget so we can offer much more with WatchGuard.

Setup was easy because the manual was there and it was quite easy to connect to a particular port. It's very understandable. Setup was very straightforward, nothing complex.

Deployment could take only a few minutes or up to an hour and we can already set up a few basic policies. But the thing that drags longer is teaching the client to use it and to set up their own security policies. Sometimes they don't have enough experience at setting up WatchGuard, it's still new to them. But maybe after a few hours of lectures from us they get it. We still continue to support them after initial set up, for example if if they want to set up a policy we can assist them with that.

I have seen a return on investment, especially for the client. They have less problems in the bandwidth because the users are not going to unnecessary sites. So productivity should be better. Clients would not be tempted to browse unnecessary sites, games, download movies, because there is a firewall with restrictions in the policies. So therefore, the users would be performing at their best.

The box costs 180,000. One third of the price of the box goes to the yearly renewal fee, around 50 or 60, for the basic. There is the advanced feature which is half of the box, but the basic is quite enough for most of our brand, which is why we have not used the TDR yet.

And the response comes free for the advanced features and advanced licensing.

The advice I would give to anyone considering WatchGuard Firebox is that it is a good product, despite what they say about it not being in the Gartner quadrant leaders. It performs well. It's fast. The only downside would be the web filtering side of things. If the client wants a good web filtering device, they have to go to another vendor, but just for Firewall IP and VPN, I think WatchGuard will be good.

I'm not saying that the web filtering for WatchGuard is really bad, just confusing. Some clients don't want to do something that's confusing for them, they prefer something easy, but if they can live with a little confusion, then it's okay. But it is good to have a good partner, someone like us, in case the client has a problem setting up their policies, especially in the web filtering, we can help.

Speaking on behalf of the client, I think they are okay with the solution. They are still continuing to use it past a year already, and they continue to renew. They are satisfied with its performance and what it is capable of doing.

On a scale of one to ten, I'll give WatchGuard Firebox an eight.

We are a solution provider and WatchGuard is one of the product lines that we implement for our customers. I am the person in the company that is responsible for WatchGuard products.

We do not use this product in my organization. I'm enabling partners and providing training for them on how to use this technology and how to sell it.

I assist customers with implementing PoC installations in different environments.

My client that recently implemented WatchGuard Firebox is running an ERP that is used by clients that are in different countries from around the world. They are using Firebox to protect the ERP from outside threats. Essentially, they need to protect the perimeter because users come to the server from different environments.

This solution protects the cloud-based server from incoming and outgoing traffic. In this regard, it acts as a web application filter for the server.

This product offers great protection using the default settings.

The vendor needs to address customer concerns and develop more according to requests, instead of prioritizing based on the existing roadmap. This is a great product and offers great protection but they don't hear the customers' needs. They don't make improvements as per the customers' requests. This is especially true in cases where the feature is common among competitors.

In the future, I would like to see better integration with Active Directory. It should depend on the user's login. This is a feature in big demand and most competitors do not deal with it the right way. Making this change would make sense with customers.

I began using WatchGuard Firebox approximately two years ago.

This is a very stable product.

Scaling this solution requires a migration plan. For an on-premises deployment, there can be challenges related to extending the hardware appliances. A single box is not scalable itself. Rather, you need to migrate to a bigger appliance. But, there is an amazing feature for this called offline configuration.

The offline configuration capability lets you migrate settings from one box to another in minutes. After five minutes, everything will be migrated to the other Firebox and it will scale smoothly without any interruptions.

Technical support for this product is perfect. If you open a ticket with them, even with the slowest SLA, they reply to you within four hours. You can also request that they open a remote session with you.

When it comes to feature requests, however, the vendor takes too long to reply.

Quite some time ago, I had experience with Sophos products as a distributor in Egypt.

I also have experience with products by Fortinet. I have been evaluating Fortinet because they are one of our competitors.

The initial setup is very easy and straightforward. They have a great wizard and it has a great default protection setting. Anyone that is setting it up for the first time, or has not even used a network security product, doesn't need an expert to configure it. The default protection for threats is great.

This is always deployed in a virtual environment, either on-premises or on the cloud. The deployment can be completed in six to ten minutes.

I deploy this product for my customers.

The staff required for deployment and maintenance depends on the project capacity. For a small or medium-sized project, one person is enough. For the smoothest deployment, this should be an engineer or an experienced technician that is aware of network security.

My advice for anybody who is implementing WatchGuard Firebox is to follow the guidelines and best practices that are available on the WatchGuard help center.

I would rate this solution a nine out of ten.

The big issue with data-loss protection is the end-to-end encryption between the user and whatever site they're connecting to. And that diminishes the effectiveness of the data loss protection because it can't inspect all of the data contents. Formatting is still reliant on numbers, letters, and sequences recognizable as credit cards, driver's license birthdays, etc. There's a lot of other sensitive material that could be at a client site, for example, that doesn't have a known methodology. It can be challenging to set it up to recognize instances of information unique to an environment. Unfortunately, it's even the case with a company like Microsoft. I would compare it to the data loss protection within Office 365 and say that it has the same inherent problems that you see with any encrypted email.

WatchGuard Data Loss Prevention catches so little. When I've implemented it, it just can't look at the traffic in a thorough enough manner to capture as much as it should. And I find that I'm disenchanted with all data loss protection solutions I've tested and looked at. WatchGuard certainly is not any better or worse than the others. It's just not a technology I have much faith in. 

You can get awfully granular in the setup, but it reminds me of antivirus software. True antivirus software catches very little. It's rare that antivirus software identifies a true virus. Everything's becoming more complicated, so now you need to look at detection and correlated threat response systems that are more effective than traditional antivirus. Data loss protection, I'm afraid, is kind of in that space.

We've used Watchguard Data Loss Prevention off and on for several years depending on the client's needs.  

Overall, I have utilized WatchGuard solutions for at least 20 years. I have been with them as they switched from private to public ownership and back again. So I've been a pretty faithful user for an excessive amount of time.

I find that their tech support is excellent. And as a reseller, my relationship with my point of contact is also strong. WatchGuard does a good job of maintaining that. So even if you are not getting the best response from support, you have a method to escalate it. I have so few incidents where I need to reach out to support. My most recent incident was handled very quickly, but with my experience, I don't have to call them often. At most, I maybe contact them once or twice a year. I have a lot of WatchGuard devices in service with my clientele.

It's a very simple setup.

I've never licensed it as a separate solution. It's always included in the licensing that would be appropriate for a medical facility, so I've never purchased DLP as an add-on to their basic licensing. I wouldn't say that I can give you a straight answer. It's never even come up in conversation to license it as a standalone solution.

I would rate WatchGuard five out of 10, but all of the data loss protection solutions I've looked at would be in that five range. I haven't found one that I would put much faith in.

Honestly, I think that data loss protection is just part of a whole configuration. Let's say you need granular control, reporting, and things of that nature. In that case, you need to do an extensive job configuring the firewall. It's probably insufficient to run the quick setup wizard and say that's good enough. So if you're looking to implement a feature like data loss protection, you probably need to have a relatively advanced technical person doing that configuration. So it's not difficult. But conceptually, to be effective, you need to have an excellent understanding of firewalls and firewall methodology.

We provide the solution to our customers. It's primarily used for security.

The reporting aspect of the solution is what is most valuable to us.

The solution is very easy to configure.

The product has been very easy to use.

We've found the stability to be very good.

The scalability is excellent.

The pricing of the product is reasonable.

We've been in touch with technical support and found them to be very helpful.

There are many fantastic features.

Often, customers don't end up using a lot of the features.

They should move more towards integration with other OEMs such as web application firewalls, et cetera. There should be better integration and a way to configure multiple vendors into the same data center in order to offer more flexibility. 

We've been working with the solution for about seven to eight years at this point. It's been a while. 

The stability of the solution is very good. There are no bugs or glitches. It doesn't crash or freeze. It's quite reliable in terms of performance.

We've found the scalability to be very good. There are no limitations. If a company needs to expand it, they can.

We've contacted technical support in the past. We've found them to be very good. They are helpful and responsive. I would say that we are quite satisfied with the level of support we've received.

The pricing of the product is pretty good. I would describe it as fair. It's not overly expensive.

One of our customers wanted us to compare this solution against Azure Firewall to see which would be better. We're still looking into that.

We are resellers.

I'd rate the solution at a ten out of ten. It's a pretty fantastic solution overall.