I have used WatchGuard Firebox for firewall testing purposes and setting up a couple of new projects for my company. I test the solution's efficiency in blocking IPs, role management and policy optimization.
Product Manager of IT Ops and Management at ManageEngine A division of Zoho Corporation.
Has an easy configuration and an intuitive user-interface with transparent licensing
Pros and Cons
- "WatchGuard Firebox offers a satisfying VM and hardware"
- "It's very difficult to find a reseller of WatchGuard Firebox to purchase a license"
What is our primary use case?
What is most valuable?
The product can be configured very easily. The license model of WatchGuard Firebox is also simple and transparent. A purchaser can effortlessly obtain the required features through the license system.
WatchGuard Firebox offers a satisfying VM and hardware. The performance of the solution differs when it's deployed as a VM and a physical appliance.
All basic firewall-based tasks, such as creating a policy or role, can be effortlessly implemented using WatchGuard Firebox. The user interface is simple and intuitive, allowing even a beginner to complete tasks without difficulty.
What needs improvement?
It's very difficult to find a reseller of WatchGuard Firebox to purchase a license. The number of resellers for the solution should be increased through partnerships. The solution's network observability should be improved. The observance adaptability of different WatchGuard devices is minimal and it should be improved. The information or guidance provided by the vendor for using APIs, syslogs and exports should be enhanced.
For how long have I used the solution?
I have been using WatchGuard Firebox for eight years.
Buyer's Guide
WatchGuard Firebox
October 2024
Learn what your peers think about WatchGuard Firebox. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
824,053 professionals have used our research since 2012.
What do I think about the stability of the solution?
I would rate the stability an eight out of ten. It's a fairly stable product.
What do I think about the scalability of the solution?
I would rate the scalability a seven out of ten. In our company, when we perform some load tests on one interface, there is a requirement for multiple packet drops at times, which the firewall might not be able to handle, and the other interfaces might go down as well.
There are some performance issues in WatchGuard Firebox when the load is high, but within limits the solution works perfectly. There are seven users of WatchGuard Firebox in our organization for the network administrator cycle. The solution is used daily in our company. There are no plans to increase the usage of the product any time soon in our organization as it is being used only for testing purposes.
How was the initial setup?
The solution has a seamless initial setup process. I would rate the initial setup a nine out of ten. All the deployment aspects of WatchGuard Firebox are straightforward, and all basic features are available, but for advanced features, many professionals might prefer other solutions over WatchGuard Firebox.
The deployment process of the solution took about an hour in our company, it was a step-by-step configuration process but there were some issues with the VM otherwise it would have taken much less time. One professional is enough to deploy WatchGuard Firebox. For maintenance of WatchGuard Firebox only one person is required and multiple professionals monitors the solution in rotational shifts.
What about the implementation team?
The solution was implemented completely in-house.
What's my experience with pricing, setup cost, and licensing?
I would rate the pricing as four out of ten. It's an affordable tool. The basic product license costs our company ₹400,000 per year. In our organization, we don't purchase any security add-ons with WatchGuard Firebox.
Which other solutions did I evaluate?
I am part of the research and development team, so I parallelly use competitor solutions from vendors like Palo Alto, Sophos and Check Point.
What other advice do I have?
Our company professionals claim that WatchGuard Firebox is competent with other firewall solutions in the market. For security purposes, our organization mostly relies on proxy software and other application firewalls.
Our company is majorly concerned with the application firewall and not the network security; this is why we choose application firewalls like WatchGuard Firebox, which can be used both as a VM and physical appliance. In our organization, we use the solution not only for testing purposes but also for data centers.
I would rate the product's performance and reliability for the remote workforce an eight out of ten. When I setup a data center and keep the solution as an entry point, then later on when I access it through a VPN, it will be flawless. It's very easy to configure a VPN using WatchGuard Firebox. The solution will showcase stability and easy accessibility even in remote functions.
For small and medium-scale networks, WatchGuard Firebox will be an ideal and cost-effective solution. I would rate the solution as eight out of ten. I would surely recommend the solution to others.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jun 13, 2024
Flag as inappropriateIT Manager at Prologica
Easy to configure and has a nice user interface
Pros and Cons
- "WatchGuard Firebox is easy to configure and has a nice user interface."
- "The solution's pricing could be improved."
What is our primary use case?
I used WatchGuard Firebox for small configurations and to give Active Directory access to some users so they could bypass the firewall. I also used the solution as a VPN.
What is most valuable?
WatchGuard Firebox is easy to configure and has a nice user interface.
What needs improvement?
The solution's pricing could be improved.
For how long have I used the solution?
I have been using WatchGuard Firebox for one year.
What do I think about the stability of the solution?
I rate the solution ten out of ten for stability.
What do I think about the scalability of the solution?
Around five users are using the solution in our organization.
I rate WatchGuard Firebox a seven out of ten for scalability.
How was the initial setup?
On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a six or seven out of ten.
What's my experience with pricing, setup cost, and licensing?
The pricing depends on the quality of the product we are buying and the support. WatchGuard Firebox has good quality, but it is expensive.
On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven or eight out of ten.
What other advice do I have?
The solution has some specific rules that detect multiple traffic from the same IP address. It will generate a report and send it to the administration's account email address so that we can analyze it and give the correct feedback for us to take action.
With the high competition in the market with AI, everything is done a lot faster, and all the companies are trying to lower the cost of their IT solutions. Companies that don't make the correct investments in their IT solutions face malware attacks and ransomware attacks. Every company needs security because any kind of disruption will be extremely costly for the company to get out of.
The solution's VPN capabilities have greatly improved our remote work security. It was very easy to configure and use. It was a bit tricky to configure on the remote computer, but everything was okay.
The solution's management interface eases the setup and ongoing maintenance of the solution. I did an update a couple of months ago, and it was very easy. I rate the solution's documentation a six out of ten.
I would recommend WatchGuard Firebox to other users because it's a well-known company that has been in the market for quite some time. It might have some vulnerabilities, like every other product in the market. Once the vulnerability is detected, it quickly makes patches for the system.
Overall, I rate the solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
WatchGuard Firebox
October 2024
Learn what your peers think about WatchGuard Firebox. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
824,053 professionals have used our research since 2012.
IT Manager at Invest Barbados
Useful VPNs, effective web filtering, and cost effective
Pros and Cons
- "The most valuables feature of WatchGuard Firebox are the VPNs, and web filtering where we can stop users from going to malicious sites."
- "The VPN aspect of the WatchGuard Firebox is an area that could potentially benefit from improvement. We encountered difficulties while attempting to integrate Windows 11 laptops into the system, which resulted in unreliable connections. After some research, we discovered that this was primarily due to compatibility issues with Windows 11 and required a patch. However, it was still a challenge as it seemed that even when we tried to keep the laptops on Windows 10, they still exhibited the same issues as Windows 11 machines. Despite WatchGuard attributing the problem to Microsoft, we were eventually able to find a solution and all the machines are now functioning seamlessly."
What is our primary use case?
The utilization of the WatchGuard Firebox system is as follows: the head office, located in Barbados, has two remote offices in New York and Toronto that utilize Cisco for their VPNs, which are running to these two locations for the branch offices. The email system has three locations for redundancy, two in the UK in Purley and London, and one in Toronto, Canada. Employees who work from home, access the office through mobile VPNs.
How has it helped my organization?
The WatchGuard Fire Box has greatly improved the functioning of our organization, especially in the wake of the COVID-19 pandemic. Prior to the pandemic, the use of VPNs was primarily limited to IT support. However, with the rollout of the WatchGuard Fire Box, all of our staff members in Barbados, Toronto, and New York were able to seamlessly transition to working from home. The WatchGuard Fire Box also provides a unified track for virus scanning, which enhances the security of our connections. Additionally, we have moved our email off-island, which has made the SPA filtering from WatchGuard redundant. Overall, the WatchGuard Fire Box has played a critical role in enabling our organization to adapt to the challenges posed by the pandemic and work efficiently from home.
What is most valuable?
The most valuables feature of WatchGuard Firebox are the VPNs, and web filtering where we can stop users from going to malicious sites.
What needs improvement?
The VPN aspect of the WatchGuard Firebox is an area that could potentially benefit from improvement. We encountered difficulties while attempting to integrate Windows 11 laptops into the system, which resulted in unreliable connections. After some research, we discovered that this was primarily due to compatibility issues with Windows 11 and required a patch. However, it was still a challenge as it seemed that even when we tried to keep the laptops on Windows 10, they still exhibited the same issues as Windows 11 machines. Despite WatchGuard attributing the problem to Microsoft, we were eventually able to find a solution and all the machines are now functioning seamlessly.
The solution comes with a web interface that facilitates configurations, but it doesn't have the same level of functionality as the installed client or system manager. The web UI could be further improved.
In a future release, the detection of ransomware would be helpful. Ransomware is our biggest fear.
For how long have I used the solution?
I have been using WatchGuard Firebox for approximately 20 years.
What do I think about the stability of the solution?
I rate the stability of WatchGuard Firebox a nine out of ten.
What do I think about the scalability of the solution?
Approximately thirty individuals are currently utilizing the Watchguard Firebox solution. This includes a diverse range of individuals from the CEO and directors, to managers, secretaries, clerks, and even our receptionist. Given the recent trend of remote work, it has become increasingly necessary for all individuals within the company to have access to the firewall for their daily job duties.
As a government agency, our budget has been impacted by the current economic circumstances, which has resulted in a reduction in funding. Consequently, it would not be feasible to allocate additional resources toward increasing usage within the next year or two. Nonetheless, we will strive to maintain the current level of functionality and make any necessary updates to ensure a smooth operation.
I rate the scalability of WatchGuard Firebox a nine out of ten.
How are customer service and support?
There is a time difference when I have tried to receive support causing some challenges.
I rate the support from WatchGuard Firebox a seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We used Check Point previously.
How was the initial setup?
The deployment took us a couple of hours and it was simple.
The deployment process for the WatchGuard Firebox in our department was a rather straightforward one given the size of our team. Being the head of the department and the sole person responsible for handling firewalls, I was in charge of conducting the entire process from start to finish. This involved a considerable amount of research to determine the most suitable option, followed by cost analysis to ensure that we were making the most cost-effective decision. Ultimately, I was responsible for making the selection, conducting the implementation, and overseeing the entire process, which required me to take on a multitude of tasks and responsibilities.
I rate the setup of WatchGuard Firebox an eight out of ten.
What about the implementation team?
We did the deployment of the solution in-house.
What was our ROI?
We have seen an ROI from using the solution.
I rate the ROI of WatchGuard Firebox a nine out of ten.
What's my experience with pricing, setup cost, and licensing?
Despite the fact that there is always room for improvement, the current pricing of the solution is still lower compared to its competitors.
I rate the price of the WatchGuard Firebox an eight out of ten.
Which other solutions did I evaluate?
We have evaluated SonicWall and Cisco, but the choice to choose WatchGuard Firebox was based on cost and reputation.
What other advice do I have?
We use two people for the maintenance of the solution.
I would recommend it and tell them to try it. It is a cost-effective, reliable solution.
I rate WatchGuard Firebox a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Manager at a engineering company with 11-50 employees
Geolocation allows us to lock down certain policies to only U.S. IPs
Pros and Cons
- "One of my favorite features is the Geolocation service, where you can actually block specific activity or IP addresses registered to certain countries. For example, I don't want any web traffic from Russia or North Korea. I may even lock down certain policies down to 'I only want U.S. IP addresses.' I find that very useful."
- "They've done a lot of work with their SD-WAN, which we do use, to have our old internet service with our new internet service. If anything goes down on a particular interface, I can have different rules applied. Most of my users don't even know when our primary internet goes down anymore... I don't have to be here to do anything to switch it to our backup internet or to switch it back."
- "Reporting is something you've got to set up separately. It's one of those things that you've got to put some time into. One of the options is to set up a local report server, which is what I did. It's not great. It's okay... Some of the stuff is a little complicated to get up and running. Once you do, it becomes very user-friendly and easy to work with, but I find there are some implementation headaches with some of their stuff."
What is our primary use case?
It's our primary firewall. It's also our UTM device, so we have multiple security layers enabled on it.
We're using an M270 firewall with version 12.5.
How has it helped my organization?
With WatchGuard, I've got a lot of WebBlocker rules set up which help quite a bit, blocking a lot of suspicious and parked domains. Between WebBlocker, the Botnet Detection, the website reputation filters going, and IPS - which is one that is essential, but nobody really talks about a whole lot; between all those things working together, and even the antivirus, I feel our network is pretty clean. And if there is some suspicious activity, I think I have a better chance of being alerted to it. I've even been able to set up Application Control rules, so that something like Windows Update doesn't deplete too much bandwidth. There are whole bandwidth controls you can set up which aren't necessarily security-related, but they can help make sure that one particular function doesn't take up so much bandwidth that the users are affected. WatchGuard has layered security, but I also have other layers beyond that.
I wouldn't necessarily say it has simplified my job but I am very happy to have it. I'm very glad we went with WatchGuard. I was impressed with WatchGuard for a lot of other reasons like their education and training videos. They do a lot of little security announcements about what's going on with other companies in the industry, so that part has made my job easier. I wouldn't say it's made my job more difficult either. It has definitely made me feel more comfortable about the security here, but I wouldn't say it simplified things. We had a very simple firewall which was almost a small-business router. It had a little firewall screen with four settings on it that really didn't do a whole lot. So, I can't say WatchGuard simplified things for me. It's just we're much more secure and it hasn't overly complicated things.
What is most valuable?
One of my favorite features is the Geolocation service, where you can actually block specific activity or IP addresses registered to certain countries. For example, I don't want any web traffic from Russia or North Korea. I may even lock down certain policies down to "I only want U.S. IP addresses." I find that very useful. That was not a feature that was initially there for us. It was something WatchGuard released after we bought our first device with them and it is one I am very happy with.
I may want to only allow U.S. IPs onto a specific interface that I share files with, for security reasons, or I may know of a security issue in a particular country. I can just block that whole country for all my users. Or maybe I'm seeing a lot of malicious links coming out of South Korea, even, and I just say, "We don't go on a lot of websites there, let me just block that country completely," and if we do need to get on a website, I'll just make an exception. It improves security and helps block malicious links.
There's a little bit of a learning curve in getting everything working. But once you understand how all the pieces work, and the fact that you're using physical hardware with a web interface alongside a piece of software installed on your computer, and you learn what to do in each location, it's very user-friendly.
I like the management. There are some nice dashboards and other things to keep an eye on things. There are email alerts, once you get those configured. Once again, they're a little complicated to get set up, but once they work, they work well. Management is pretty easy.
The version I'm on, 12.5, came out last week. I try to stay pretty current and they do add features and improve usability and functionality often. It's one thing I've been happy with. It's not like they say, "Here are the modules you bought with it four years ago and that's all you have." They're constantly adding, developing, improving.
They've done a lot of work with their SD-WAN, which we do use, to have our old internet service with our new internet service. If anything goes down on a particular interface, I can have different rules applied. Most of my users don't even know when our primary internet goes down anymore. It does run slower on our backup, but they don't know the difference unless they're doing some kind of bandwidth-intensive function or streaming. I don't have to be here to do anything to switch it to our backup internet or to switch it back. They've developed that feature even more, to allow you to have different rules for different policies or different interfaces to behave differently, depending on what happens with either packet-loss or latency, with multiple internet sources. That is pretty helpful.
What needs improvement?
Reporting is something you've got to set up separately. It's one of those things that you've got to put some time into. One of the options is to set up a local report server, which is what I did. It's not great. It's okay. I've heard their Dimension control reporting virtual machine is supposed to be a lot better, but I haven't had the time our resources to set that up. Some of the stuff is a little complicated to get up and running. Once you do, it becomes very user-friendly and easy to work with, but I find there are some implementation headaches with some of their stuff.
I wish I had a contact at WatchGuard because there are a few things I'm not using. I'm not doing packet inspection because I know it's pretty intensive to install certificates on all my computers and have it actually analyze the encrypted traffic. That's something I'd like to do but I'd really like to talk to somebody at WatchGuard about it. Is that recommended with my number of users with my piece of hardware, or is that going to overload everything? I'm not using Dimension control. I'm not using cloud. If I had a sales rep or a support person that I could just check in with, that would help. Maybe they could do yearly account reviews where somebody calls me to say, "What are you using? What are you not using? What would you like more information about?" That sort of thing could go a long way.
They do a lot of education, but it's sent out to the masses. They have really good emails they send out which I find very valuable, talking about the industry, security events, and other things to be aware of. But there's not too much personal reaching out that I've seen where they're say, "Hey, how can we help your company use this device better? What do you feel you need from us?" That's my main recommendation: There should be somebody reaching out to check in with us and help us get more out of our device.
For how long have I used the solution?
We've been using WatchGuard for over four years.
What do I think about the stability of the solution?
It's very stable.
I've only even had one update that I applied that caused problems, that I had to roll back. I don't recall any kind of issue where I had to reboot the device to fix something. Somewhere along the line, WatchGuard, with their free training and free training videos, had recommended setting up an automatic reboot once a week just to keep everything clean, fresh, and healthy. I set that up during to reboot every week during off-hours on the weekend and I've had almost zero problems with it. Even with the updates, as I said, I can only think of one instance where there was a problem. I had to roll the update back, which was very easy to do, and then wait until the update patch came out and fixed the problem. That only happened once.
I've been very happy with the stability and reliability of not just the device and the software, but WatchGuard as a company.
What do I think about the scalability of the solution?
With my needs and my network, I feel we could add bandwidth and add users for a while, before we would run into any issues. It's scalable for my needs with my device.
How are customer service and technical support?
I don't think I have used WatchGuard's technical support. If I did, it might have been once.
I haven't really needed it too much. As I said, they have some good YouTube videos that they put out themselves on setting up stuff. That's my first resource when I want to get into a new feature I'm not using. They've got pretty good notes in there, so when I update software on the device itself, I go through their installation guide or their admin guide for that version of the software and it's all pretty straightforward. It lays out the new stuff they changed and what you need to be aware of, so I haven't needed to bug them.
Which solution did I use previously and why did I switch?
We didn't have anything like this before, so it's not necessarily saving me time, but it did add a whole other level of security to our network, which we really appreciate.
We had a small-business Cisco basic solution. They called it a security router, but it was just a small device that sat on the shelf and which mostly provided internet access. It had very simple firewall controls: two or three check-boxes to do basic filtering. So we did have something, but it was nowhere near the level of the WatchGuard.
We switched to WatchGuard because we did not have a UTM device like we do with WatchGuard. We needed to upgrade the old device because it wasn't performing well anyway. I suggested that we needed something more appropriate, or with more layers of security than what our other small, entry-level device was offering. We did review solutions from a few other firewall vendors and WatchGuard offered, in my opinion, the best protection for the cost.
How was the initial setup?
The initial setup was a little bit of both straightforward and complex. I'm a technical person. I read an instruction manual before I do something, whether it's putting a piece of gym equipment together or implementing something like a WatchGuard firewall. I had gone through all of their admin guides and getting-started guides and recommendations. So it was pretty straightforward, but there were a lot of steps and a lot of things to work through.
Something as simple as email wasn't just set up by specifying the IP address of your email server. I had to enable a bunch of things on the web interface and then install the software on my computer and set it up as an email relay. That was the only way to get email alerts, which I found a little shocking because email alerts should be critical on these things. I guess bigger companies may have alert servers or Syslog servers or other things they're using. But we're smaller and we don't. So that was one thing that I found was a little more complicated than it should have been for the importance of the feature. And now I have a computer and a firewall and if one or the other isn't working, those email alerts don't work.
Our deployment did not take long. It was no more than a week or two. I did it pretty quickly. I convinced the owner why we needed it and why this was the right move. I wanted to make sure I implemented it quickly and that we got some benefits out of it right away. I didn't want to let it sit around. It took less than two weeks.
My implementation strategy was mostly what I mentioned above: Review all of the guides, all of the walk-throughs, a couple of tutorial videos, get a baseline of what I wanted to enable and how. Then I did it offline, as you would expect. I brought the device into my office, got it updated, got everything baselined and set up the way I needed it to start with. From there it was just switch out early in the morning before users were in the office. It was nothing too out of the ordinary.
For deployment and maintenance of the product, it's just me.
What about the implementation team?
I did it myself.
What was our ROI?
I believe there has been ROI, with the level of protection and things that are being blocked that we're aware of. And there is just the peace of mind of knowing certain things.
Some of this I'm simplifying a little bit because, again, a lot of these things have been implemented over the last four-and-a-half years. I'm thinking now of other features I've implemented that I'm very proud of, like locking down remote access software so people can't just come and use any remote access software to get in or out of our office. There's a sense of security because I only allow the remote-access software that we pay for and use. I don't allow any other protocols to get through. It is making sure we don't have people who work here doing weird things, but it also makes it harder for other people to break in. Just that peace of mind and all the other layers we have working is worth the money, in my opinion.
What's my experience with pricing, setup cost, and licensing?
We had a trade-in offer at the end of our first three-year term. As a result, we pretty much got a free device by buying the three-year subscription. It was around $3,000 for the three-years.
Which other solutions did I evaluate?
We probably looked at SonicWall and ForcePoint, but it's been a number of years so I don't recall much of that process.
What other advice do I have?
Do your research. It's not impossible. Do things in a logical order and make sure you understand what you're doing and how you're going to do it. Once you understand it and get everything working the way you want, it does get very easy to use and work with from there. Once you get over the learning curve of how all the pieces work together, it's very easy, very user-friendly, very easy to update, and very easy to make changes and document those changes - all that good stuff.
I tend to buy the hardware platform that's like one level above where we think we absolutely have to be at a minimum, so the performance has been adequate or good. I've yet to hit an issue where I feel the device is slowing us down or causing any issues because of the performance of the device, itself. We're usually limited more by our actual bandwidth. It's been great as far as our network and needs go.
In terms of the extent to which we're using the product, six months ago when I renewed the second three-year term, the subscriptions had changed quite a bit from when I had my first three-year term. Now, I have a whole list of new subscription services or modules or layers that I have not started implementing. I got a couple of the new ones implemented, to get some of the benefit, when I first got this new device. But there are a few more I want to implement. One of them, is packet inspection, which is difficult because that can really bog down your device. I'd like to have Dimension control to get better reporting. There are a couple of other ones that I have not implemented because they're new for me and I just haven't had the time to work on them. Threat Detection and Response is one I'm interested in which I haven't time to implement yet. It involves me setting up a client in each one of my endpoints and it keeps track of unusual activity there. That's probably where I want to go next. Maybe even the Access Portal could be useful for me, to have a place for vendors or customers go to access things inside our network.
We've gotten more features for our money because there's a new security package which wasn't available when I first subscribed, and that included pretty much everything. I had paid separately for APT, Advanced Persistent Threat protection, on my old subscription. To get that now, it was cheaper to bundle it with their total threat package. That included a lot of things like DNSWatch, which I did set up to look for malicious DNS access requests throughout my network. It gave me intelligent antivirus. I believe there's some kind of DLP module, which is one I haven't spent any time on. Network Discovery is another one I haven't spent time on that I need to work on. All of those came as new features with the new hardware and with that new subscription. The Threat Detection Response is definitely something I didn't have access to before. For sure, in this second three-year term, we got a lot more value for the money with what WatchGuard offered us.
I would give WatchGuard an eight out of ten. There's a little bit of room for improvement but I'm very happy with WatchGuard. I think it's a good fit for me. I won't often give a ten, just on principle, unless I feel they deserve a 12. That's when I give a ten.
I've definitely said positive things about WatchGuard to other people in the industry, people I talk to or know. I'm a promoter of WatchGuard, to be honest. I haven't seen anything I like better, but I haven't had a lot of experience with other devices. I've said good things to people on a regular basis, especially about WatchGuard's education, the emails and videos and other stuff they put out to try and help people, even when it's not related to WatchGuard products.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Allows us to self-manage our network and branch office VPNs while saving money
Pros and Cons
- "The firewall aspect and the branch office VPNs are the most valuable features... We don't have any issues with it. We don't have to spend a lot of time maintaining it."
- "We use WatchGuard to manage our failover for internet. If a primary internet goes down, it does a failover to the secondary the internet. However, what it doesn't do so well is that if the primary internet has a lot of latency but it's not completely down, it doesn't do a failover to the backup in a timely manner."
What is our primary use case?
We use it for our firewall as well as for our branch office VPNs.
How has it helped my organization?
The WatchGuard devices allow us to self-manage our network and our branch office VPNs. As a result, we've saved ourselves a lot of money, without compromising our security. It provides a much more economical and effective solution. We used to have an MPLS network which was a cloud-based firewall system and it cost us a small fortune every month. But when we implemented all these firewalls and got it all configured, up and running, we literally saved ourselves $10,000 a month.
It makes managing the network a lot easier. It takes care of our network for us.
Once it was set up and running, it began to save us time. It works, and we spend very little time managing it. We have very few issues with it. We might spend an hour a month managing it, if that.
What is most valuable?
The firewall aspect and the branch office VPNs are the most valuable features. They just plain work. We don't have any issues with it. We don't have to spend a lot of time maintaining it. You set it up and, for the most part, you can forget about it.
In terms of the usability:
- It's user-friendly with an easy user interface.
- It has a lot of features.
The throughput the solution provides is good.
In addition, WatchGuard provides our business with layered security. It certainly protects our network, blocks unwanted incoming traffic and, at the same time, can manage outbound traffic too.
What needs improvement?
We use WatchGuard to manage our failover for internet. If a primary internet goes down, it does a failover to the secondary the internet. However, what it doesn't do so well is that if the primary internet has a lot of latency but it's not completely down, it doesn't do a failover to the backup in a timely manner.
For how long have I used the solution?
We've been using WatchGuard for about three years.
What do I think about the stability of the solution?
The stability is great.
What do I think about the scalability of the solution?
We don't really have any experience with the scalability. We implemented the appropriate devices for our size and we haven't really grown to the point that we've had to upgrade devices. The scalability is fine in the sense that we have some locations with more people, and WatchGuard has a slightly beefier device than we use at some of our smaller locations. All in all, it works well.
All of our networks are managed by WatchGuard. If we add locations we'll be using it for them as well in the future, although we don't have new locations on the horizon. We use it every day because it manages our network. Because all of our network traffic runs through WatchGuard, everybody uses it. But they're not using it for a specific function, other than to communicate between locations.
How are customer service and technical support?
The customer service is good. If we have an occasional issue there are helpful. They help us resolve problems. Overall, I'm pleased.
Which solution did I use previously and why did I switch?
We had a third-party MPLS network that managed all of the cloud-based software but it was very expensive. It was similar in effect, but it was a third-party, as opposed to WatchGuard which is self-managed. The main reason we switched was the pricing.
How was the initial setup?
The initial setup was a little complex. But once we understood how it works and after we got the first one configured, the rest of the firewalls were pretty easy. It is pretty straightforward. It is just a matter of learning it initially: understanding the nuances of the application and the user interface, understanding how to set it up and understanding what does what and the naming of features. That initial learning curve was a little steep, but once we got into it, it made a lot of sense.
Company-wide, our deployment took about 30 days.
Our initial implementation strategy was to do a backup to the internet and ultimately remove our MPLS and use the branch office VPN to manage it ourselves.
What about the implementation team?
We were helped by an authorized WatchGuard reseller on the initial setup. Once we got through the first one, we took over from them internally. The reseller was NetSmart. Our overall experience with them was very good.
We still have a relationship with them. We do a lot of our stuff in-house, but if we have something that we need a little bit of help with, we do reach out to them from time to time. But doing so, for us, is pretty rare at this point.
What was our ROI?
We have absolutely seen return on investment. We saved a small fortune switching over. It paid for itself, literally, within the first couple months.
What's my experience with pricing, setup cost, and licensing?
When we bought them we got a three-year license for each device. The two larger devices are about $1,000 each and the smaller ones are about $500 or $600 each.
There are some additional software features that you can add on and pay for, but we don't use them.
Which other solutions did I evaluate?
We didn't evaluate other options. The WatchGuard reseller was a company we had done business with before and they recommended it right out of the gate. We went with that.
What other advice do I have?
It's worth it, depending on your current network environment. If you are in the same situation we were in, it's really a no-brainer going from the MPLS network to self-managing it with simple broadband internet. It works great. To be honest, you'd be crazy not to do it. The advantages of WatchGuard over MPLS are that it's cheaper and you have more control because it's self-managed. The only con is that it does require a little bit of maintenance that you wouldn't otherwise have to do, but it's minimal.
In terms of distributed locations, we have a firewall at all of our locations. Once we got it set up we'd visit a branch, install it, test it, and implement it.
As for maintenance, it requires just one person, a network administrator. We manage it ourselves and there's not a whole lot to it.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Regional Pre-Sales Engineer at Roundrobin Tech
Efficient bandwidth management and secure network access with a strong firewall
Pros and Cons
- "Some of the most valuable features of the Firebox include web blocking, application control, protection against brute force attacks, load balancing, SD-WAN, and VPN support. These features help us manage and secure our network efficiently."
- "One area for improvement is the limitation in the product portfolio compared to competitors like Fortinet, which offers a broader portfolio including Authentication, VPNs, FortiMail, Sandbox, and Email Security."
What is our primary use case?
The primary use case of the Firebox mainly revolves around bandwidth management, unnecessary web blocking, application control, and protection against brute force attacks. It is also implemented for load balancing, SD-WAN, and branch-to-branch connectivity from one location to another. We also use it for securing access through VPN and enforcing network security policies.
How has it helped my organization?
The WatchGuard Firebox has helped in securing our network by implementing a strong firewall with various features like VPN support, gateway antivirus, and application control. It has aided in preventing brute force attacks and managing our bandwidth effectively.
What is most valuable?
Some of the most valuable features of the Firebox include web blocking, application control, protection against brute force attacks, load balancing, SD-WAN, and VPN support. These features help us manage and secure our network efficiently.
What needs improvement?
One area for improvement is the limitation in the product portfolio compared to competitors like Fortinet, which offers a broader portfolio including Authentication, VPNs, FortiMail, Sandbox, and Email Security. WatchGuard's focus on UTM solutions may not meet the needs of all enterprise customers.
For how long have I used the solution?
We have been using the WatchGuard Firebox for approximately five years.
What do I think about the stability of the solution?
The stability of the WatchGuard Firebox can vary depending on the customer network environment. The performance and latency may differ from customer to customer and infrastructure to infrastructure.
What do I think about the scalability of the solution?
The scalability of the Firebox depends on the specific model and the number of concurrent users it can support. Different models offer different VPN capacities and can be tailored to fit the needs of various sizes of organizations.
How are customer service and support?
Customer service and support are not explicitly mentioned in terms of rating, but overall feedback seems positive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have previously used various solutions including CyberRooms, Sophos, Fortinet, SonicWall, and other competitors. We largely switched to WatchGuard to integrate their UTM solutions and later their acquired endpoint security portfolios.
How was the initial setup?
The initial setup of the WatchGuard Firebox is straightforward and time-saving. It is designed to be user-friendly even for those with basic IT knowledge, making it easy to deploy and manage.
What about the implementation team?
Implementation can be done by internal IT teams. WatchGuard also provides support for implementation, ensuring that the configurations are appropriately pushed as per the model and requirements.
What's my experience with pricing, setup cost, and licensing?
WatchGuard offers cost-effective solutions, especially beneficial for economically-constrained customers. Pricing and discounts are deal-dependent and vary based on customer requirements.
Which other solutions did I evaluate?
We evaluated multiple products, including Fortinet, SonicWall, Sophos, CyberRooms, and various others in the market.
What other advice do I have?
To maintain the efficacy of the Firebox, it is crucial to renew the subscription to get security updates and additional support features. Ensuring the subscription is up-to-date is necessary for ongoing product support.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Last updated: Sep 17, 2024
Flag as inappropriateControls internet access and offers DNS protection and geofencing features
What is our primary use case?
The solution controls who can connect to the Internet and who cannot and which protocols and services are allowed to pass through. It manages VPNs, including back-office VPNs. It also provides web-blocking features for users who want to restrict access to certain types of content.
How has it helped my organization?
Compared to competitors in the same segments, WatchGuard Firebox is an excellent firewall to implement.
What is most valuable?
WatchGuard Firebox offers DNS protection along with geofencing features. Additionally, the SSL VPN combined with multifactor authentication is excellent and a standout feature.
What needs improvement?
The product is expensive. The pricing could be improved.
WatchGuard Firebox offers various models, each designed to meet different needs. While it's true that the models share many features, consolidating the lineup into fewer models could be beneficial. For example, they could have distinct models for small, medium, and large enterprises, each capable of scaling according to the number of users or throughput requirements. This approach would streamline their offerings, making it easier for customers to choose the right Firebox for their needs.
For how long have I used the solution?
I have been using WatchGuard Firebox for 25 years.
What do I think about the stability of the solution?
The solution is very stable. I rate the solution’s stability a ten out of ten.
What do I think about the scalability of the solution?
The solution’s scalability is good. 20 customers are using this solution.
I rate the solution’s scalability an eight out of ten.
How are customer service and support?
WatchGuard support is highly effective. They maintain an excellent support and help desk service.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Once, I had to connect with a Cisco device on the remote side, which also went smoothly. It was between a customer and a third-party firm conducting business with my customer. They needed to establish a connection to their Cisco Firewall, and the implementation process was as smooth as setting up the back-end VPN.
How was the initial setup?
The initial setup is straightforward. A simple installation for a small business takes about four to six hours. One IT guy is enough for the deployment.
What's my experience with pricing, setup cost, and licensing?
I rate the product’s pricing an eight out of ten, where one is cheap, and ten is expensive.
What other advice do I have?
The solution is transparent and easy to set up and maintain.
WatchGuard Firebox has always been very effective for many customers who use Firebox to connect their remote sites. Additionally, many customers log in to a Firebox using the WatchGuard Mobile VPN with multi-factor authentication. This setup has proven to be very stable, high quality, and easy to configure.
Customers find WatchGuard Firebox to be an expensive solution, but some of them recognize its necessity. However, some customers initially fail to see the need for a firewall. Yet, when it comes time for renewal, after a year or three, they begin to understand its importance, often aided by a chart explaining its benefits. Just like a car requiring periodic servicing, a firewall also necessitates attention.
I recommend WatchGuard Firebox to others because it's a very good product. Firstly, it boasts numerous nice features. It's straightforward to implement, maintain, and understand. One particularly appealing feature is the real-time traffic monitoring.
Overall, I rate the solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Last updated: Jun 16, 2024
Flag as inappropriateOwner at a construction company with 51-200 employees
Competent, basic front-end; the ports that I have assigned appear to be unattainable to outsiders
Pros and Cons
- "The ports that I have assigned appear to be unattainable to outside 'mal-actors,' unless they have an address registered on the internet that this thing is expecting. That's a layer of security."
- "I don't think I can get a full-blown DNS client from it. I've been trying to have DNS services. It has forwarding, but I don't get the services of a full DNS client. My main difficulty with it is that I can't run a complete service. I need NTP. I need DNS. I need DHCP for my domain, but I only get forwarding. As far as I can tell, I don't get caching and the kinds of reporting and registration needed to host a DNS for a domain. I have to have a separate solution for that."
What is our primary use case?
It's a perimeter device and I use it as a DNS server for my domain, but I'm not the typical user for this type of device. I'm a hobbyist when it comes to this type of product and I use it in a small office environment.
What is most valuable?
It's competent. There's really nothing technically wrong with it. This is just a small device, and I don't use it for intrusion monitoring. I am only using it as a basic front-end and I have port-forwarding for services behind the network.
I use it to give access to some remote users. I give them access to their desktops with RDP and I have a client so they can register on the domain network with dynamic DNS. The ports that I have assigned appear to be unattainable to outside "mal-actors," unless they have an address registered on the internet that this thing is expecting. That's a layer of security.
What needs improvement?
I don't think I can get a full-blown DNS client from it. I've been trying to have DNS services. It has forwarding, but I don't get the services of a full DNS client. My main difficulty with it is that I can't run a complete service. I need NTP. I need DNS. I need DHCP for my domain, but I only get forwarding. As far as I can tell, I don't get caching and the kinds of reporting and registration needed to host a DNS for a domain. I have to have a separate solution for that.
I also struggle with its usability a little bit. I come from an open source background, so I'm accustomed to BIND and DHCP from Linux builds. With their tools I'm struggling to have a web interface. I'm not getting a third-party web interface, so I'm using Webmin, which I have become accustomed to. You have to relearn or find services that you know are there. You have to figure out what they mean by an alias. Setting up a network interface or port-forwarding isn't necessarily using the language that I'm accustomed to. Every time you deal with a new user interface, they structure things differently. Where do you go and how do you maintain it and how do you document it?
So I'm frustrated often when I get involved in vertical software where they start to brand or rename things, or they've adopted terminology. An example with WatchGuard is that every time I want to find a log, I have to search forever to find just basic logging. It's in there someplace, consistently. It's just that there isn't a button that says "logging."
For how long have I used the solution?
I've been using Firebox for two or three years.
What do I think about the stability of the solution?
The stability seems perfect. The last time I rebooted it was a half a year ago.
Hardware-wise, it's comparable to a Linksys consumer perimeter device. It's obviously got more bells and whistles behind it. It's some sort of ARM processor. I'm sure it's pretty low power. It sits there and idles and I can always get on it, and I can set it up with additional security to keep the ports safe.
The DNS works fine, although it's a little clumsy to find, and get at, and get set up. And I can set up some sort of VPN on it. I haven't at this point, but I've got a couple of licenses for VPN if I needed that for my home office.
What do I think about the scalability of the solution?
In terms of scalability, I would imagine they know what they're doing. I would imagine you could make it as big as you want it. I've seen some of their devices, with the intrusion detection, that are designed for large networks. We've got 15 or 20 devices here. At any given time, I have five active users, and they're mostly just getting Gmail or streaming music to their desktops. Our needs are really small, but I would imagine that a company like WatchGuard knows what it's doing and that they could scale it up as much as you need it to.
There's also WatchGuard Cloud. I think it's part of a subscription service and it maintains some sort of a threats database or maybe prevents users from getting on certain items. But those things are frustrating. You set them up and then people can't get where they want to go, and you have to crack the cloud on that. It's one thing if you're administering hundreds of desktops, but I can see all of mine. I know where my security problems are.
When I first got the device I was thinking, "Oh, I could at least, just out of curiosity, dig into the intrusion detection and traffic monitoring stuff." I was reading some of the guides. It has the power, but it's going to start to slow network traffic at a certain point. So I just didn't pursue it anymore. My impression was that you would want to buy models that are two steps larger than this if you wanted to actually do any effective stuff.
For my purposes, I would just fire up a virtual machine, install pfSense and Snort, and figure out how that works. I could have as much hardware as I needed anytime I needed it.
Which solution did I use previously and why did I switch?
I had an inexpensive perimeter device, a $100 Linksys product. Behind that, I had DNS, DHCP, NTP, print servers, and my domain management. I use Samba for that. I just used whatever firewall was there.
I switched to WatchGuard because I was experimenting with this VAR—he's a friend—to see if I could take what I've done and to get to know some of his tags and put some sort of a service agreement on my infrastructure, through his resources. We talked about it and they were seemingly interested. They do documentation or I might bring them in to do some of the coding projects I suffer with.
My experience has been, in my unique situation, that when I end up bringing somebody in from a third-party, it's more work to train them. You're training somebody from a VAR and they are going to charge $150 an hour or so. That's a pretty healthy investment. The training would take a lot of my time. If I take that time and just solve my problem on my own, I get a two-for-one. I don't have to pay for it outside the company.
But that's why I was bringing in this WatchGuard device in my particular situation. I was just experimenting and seeing if I could find a guy at this VAR whom I felt was worth investing more in, and having him be a third-party to maintain my system if it goes down or I get hit by a bus.
How was the initial setup?
I had to learn it. I had to find where they put stuff.
It took minutes to get the thing up and operating. I started to configure DHCP and puzzle through what they meant by that, and find ways to identify what leases were there and if it was able to register with this other DNS server I have on it.
I've fussed with it any number of times, setting up the port-forwarding for the RDP clients. I knew where to go and what to do, and I got that working pretty quickly. But that was one of the situations where I needed to see a log to see what was happening—it wasn't answering—and to find out what the function was, I had to find the log. It took me an age to find the log. Once I found out what was being rejected, then I figured it out. I've had a couple of bouts of that.
What about the implementation team?
The VAR came in—they charged me plenty, a couple of hundred dollars—to set the thing up. He put the thing down. I said, "How do I get onto it?" He made an account for me on it, but it wasn't, by design, to be user-configurable. Normally, they would configure it from their side and every time I would want to make a change I would have to call them.
Then I asked him about the DNS , and he said, "Well, is this it?" He didn't really know it very well. He was just a mid-level tech for a VAR who can set the things up in their base configuration, but he couldn't answer any questions.
From there, it was me. I can't get support from the WatchGuard group itself because they work through the VARs. So I'm looking at those websites that have server guys who talk about things that frustrate them, to find where the DNS is. Even now, I can't easily find logging. I have to search for it every time I want to see a log. The frustration I have with these devices is that they're put together in a certain way and you've got to learn where they want you to go to get what you want.
What's my experience with pricing, setup cost, and licensing?
I spent $600 or $800 on this product and I'm paying a couple of hundred dollars a year in a subscription service to keep the lights on, on it. I imagine there's some aspect of it that I won't be able to utilize if it goes off of support.
For what it is—for example, for a doctors' office building or a situation with remote offices and no tech guy on staff—it's perfect. It has antivirus subscription services, IPS, web blocker, file exception, spam blocker, application control, reputation defense, botnet detection.
It works out to $100 or $200 a year if you buy several years at once. It's fair. But when you get into the intrusion detection and gateway stuff, it can be fairly expensive and you're going to need more expensive hardware.
Which other solutions did I evaluate?
I looked at a lot of stuff. I'm familiar with pfSense. I have used that a little bit here and there over the years, so if I went to an open-source solution I would go straight to that. And I looked at the professional versions and this one had a $700, three-year service contract on it and it handled VPN. The VAR supported it and they like it.
I don't really feel that it improves anything compared to a more common firewall device. It's certainly less capable or less configurable compared to something like a pfSense, an open source perimeter device that can be integrated with intrusion detection and network monitoring on a computer or on a virtual machine-type of setting.
The thing that the Firebox adds is it's managed and a VAR can support it. It's a known entity. It's supportable, whereas it's more difficult to support a pfSense-type of setup. You pretty much have to maintain the latter yourself.
It's there for a reason. It's there for VARs to be able to put in a known device that they can train on and the user doesn't need to manage it much. In my circumstances, I'm the IT guy of the company, and it's a small company. I'm also the owner and I understand this stuff. It's somewhat of a hobby for me to be able to configure and have a competent domain, without having to pay a VAR tens of thousands of dollars a year, and without having to pay subscription services. I'm not the targeted client for it. I'm more like the hobbyist and the super-geeks who use open source, freely available tools. The types of people who need this sort of service shouldn't listen to me. A hobbyist would never touch this product.
What other advice do I have?
Use it. It's very unlikely that a perimeter device is going to be cracked unless you leave something really crazy open. Most consumers are going to have some sort of perimeter device involved with their internet delivery and they're going to have some sort of a reasonably clean plug, with some port forwarding for their outbound connections coming into their network. And then if they're geeks, they're going to set up a pfSense virtual machine or get a little ARM processor.
I wanted to have a physical device at the network that I could just glare at. But you can set up a perimeter device with hardware, pfSense, or virtual pfSense, in the back of a 20-year-old computer. As long as you're careful about how you set up your routing, it's as effective as anything.
In terms of its throughput, we barely use it. All we're really doing is using it as a perimeter device and gateway. It's just fine. It's a tiny little thing. It has two interfaces plus the WAN interface. It's fine for what I do. I trust it being maintained. And until I got to the point of wanting to use it for domain monitoring, and traffic shaping or IDS-type of stuff, it really didn't require any processing power. It's competent for that.
It's a firewall so it provides my business with layered security. But it's got additional options, many of which you have to pay for. My device is too low-powered to efficiently host any of that stuff. I'd probably have to upgrade hardware in order to do the layered security types of things, and I would probably have to pay a fairly expensive subscription.
For the cost, if I got to the point where I was going to make a change, I would probably go to an open source tool, and suffer through that too, but get it to the point where I could do pretty much anything I wanted with it.
I should be in a situation where I have somebody else maintaining this stuff and not doing it myself. If that was the case, I would use a device just like this. But if I'm still playing around with the nuts and bolts of IT management in my company, then I'm probably going to revert to an open source tool again.
Firebox is 10 out of 10 at what it does. In terms of usefulness and reducing frustration, at my level, it's a three. It's not targeted for me, but it's good at what it does. Overall I would rate it at eight. I don't have a bad thing to say about the hardware and the software, for what it is. It's just frustrating for my particular use case.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free WatchGuard Firebox Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
OPNsense
Cisco Secure Firewall
Sophos XG
Palo Alto Networks NG Firewalls
Azure Firewall
Check Point NGFW
SonicWall TZ
Juniper SRX Series Firewall
Untangle NG Firewall
SonicWall NSa
Sophos XGS
Fortinet FortiOS
KerioControl
Buyer's Guide
Download our free WatchGuard Firebox Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How does Fortinet FortiGate compare with WatchGuard Firebox?
- How does WatchGuard Firebox compare to other solutions?
- WatchGuard Firebox T55 vs Sophos XG 135 FullGuard Plus with Enhanced Support
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
- Sophos XG 210 vs Fortigate FG 100E
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- Cyberoam or Fortinet?
- Fortinet, Palo Alto or Check Point?