WatchGuard Firebox Reviews

In Italy, small and medium-sized enterprises are prevalent, with fewer than 20 devices being used in most companies. As a result, we typically use entry-level routers such as the T25 or T45.

We sell security and management services for our clients' structures, which allows us to provide visibility into events and the flow of actions taken by both the users and our company. We are pleased to have this tool within the Firebox toolset, as it enables us to show customers what is happening during an incident, as well as to continually monitor the structure.

Management and visibility are the most valuable features.

Visibility with an app that could extract or connect the data without entering Firefox directly would be an improvement.

I am looking for tools that can improve mobile security because our Firebox router mainly focuses on physical perimeter security. While we can use VPN to connect laptops to the network, mobile phones, and tablets can only rely on wireless networks, which don't provide direct endpoint security. Therefore, I believe there is a need for additional measures to connect mobile devices securely to the Firebox router.

The price has room for improvement.

I have been using the solution for a couple of years.

The solution is generally stable, although we have encountered a few hardware issues that were promptly resolved by replacing the affected devices.

The support is great and specialized.

The initial setup is straightforward. Our deployment strategy is simple. We require a couple of people. First, we set up the structure and connect the Firebox, whether it's a new installation or a replacement for other devices. Next, we prepare the configuration, LAN, and rules. Then, we make a brief stop to switch the core device to the customer's structure. After that, we move to each endpoint and use VPN or other tools to complete the setup. The direct operation on the endpoint site takes less than an hour, and the preparing phase another two to four hours.

The implementation was completed in-house.

We are utilizing an MSP licensing model and are content with the minimal amount spent on the devices rather than committing to long-term licensing.

I give the solution a ten out of ten.

The maintenance of a simple structure is easy.

I recommend trying WatchGuard Firebox directly but keep in mind that the wireless devices can only be connected to the wireless network.

We use them for perimeter security and also to manage virtual LANs.

The main benefit for us is the ability to manage the VLANs. It allows us to monitor types of traffic and to actually review and determine what traffic we want to allow and deny. It also allows us to modify the categories of restrictions that need to be applied.

It has also simplified some of the processes that we have. For example, we were having some issues in identifying where most of our bandwidth was being used up, which devices and which users, and what they were using the bandwidth to do. Were they watching videos or were they looking at some other bandwidth-intensive site or application? We have been able to determine user behavior on the network.

We are quite happy with the Firebox. It really helps us with the ease of managing firewalls at other locations. It has really helped us save time by not having to go to other locations. We have devices at two smaller offices, where we don't have IT staff. It has allowed us to remotely manage and update the firewalls at those locations. It's saving us at least four hours a week.

I don't think it has helped improve productivity in terms of efficiency, but it has enabled us to improve the security of the network. We don't have to worry as much about where the users are going. And if a user was blocked, it will let us know why they were blocked, what category of trip was being blocked, or what policy it was blocked under. Even if our staff is going to a legitimate site, but the site is under a wrong category, it allows us to put that site on our exemption list to allow it.

It has also really helped us with our management and to monitor internet usage. Our department is just three people and it has made it very easy for us to manage.

• Two of the functionalities we use most are the traffic monitoring and the full panel dashboard. Those are two things that are very useful for us.
• It's very easy to use. The interface does not present a challenge for the user. It is a great device for small businesses with up to 500 users. It allows easy management of all devices from one central device and updates are very easy as well.
• The performance is also very good. The throughput is excellent. I've not had any issues with that so far.
• The reporting and management features are excellent. They're easy to navigate and very intuitive, and reports are easy to read.
• In addition, it provides us with layered security. It allows us to determine what types of access, to which networks, we want to allow or deny.
• We also like the site-to-site VPN that allows us to connect to and securely access devices at other locations.

I would like to have a little more control over access points and the ability to see the bandwidth that is passing through a specific access point. We are not able to see that. We can see what traffic is passing through the Firebox itself, but we can't identify if it is coming from a particular access point or not.

We have used WatchGuard Firebox for seven years.

The Firebox is very stable. We have not had a failure over the seven years we've used them.

In terms of scalability, we would need to add another device to the M300 that we have right now. I know there are models of Firebox that you can actually add hardware to, to get them scaled up and for additional portals. But the one that we have, in terms of subscription, is very scalable in terms of features, and it integrates with WatchGuard's central interface where it can update our firmware as the updates come out.

What we want to do is put in some more redundancy in our network access. We want to have a second Firebox at each location. We have two ISPs at each location, so instead of both ISPs going to one Firebox, we want to split the ISPs between the two Fireboxes and have load balancing through the internet on firewalls.

We have 100 employees at our head office, and we have 10 employees at our sub-offices. In terms of devices, we probably have about 150 devices, including printers and computers at our head office, and about 12 devices at each of our sub-offices.

We used the technical support once, when we had some issues with employees trying to access legitimate sites. That is when we learned about setting exemptions for certain sites. A company might be a travel site, for instance, but due to the amount of advertising they do, it might be flagged as an advertising site. To resolve that issue, when it's a legitimate site that does a lot of advertising, you can go to support for help in figuring that out, and also for help in putting necessary exemptions in place. 

The support was very professional. They were very patient, and they explained the issues and the solutions fully.

I don't have a lot of experience with other firewalls. There was a Cisco Certified office that I was exposed to before we moved to the WatchGuard Firebox. It felt like the WatchGuard was a lot easier to use, and easier to set up than the Certified Office device.

The primary reason that we went with Firebox was its cost. It is very economical and it provided us with all the security functions that we were looking for at the time. And the throughput was more than what we required, so it was a very cost-effective device to deploy on our network.

The initial setup of Firebox was straightforward. It was not complex.

For our deployment we configured all three access points at one location, our head office, and tested them in that one environment. Then, at the various offices, it was just a matter of changing the IP address. We had one technician go to one office and another technician go to the other office to install the Fireboxes and connect them to the network. As they were plugged in, they connected and it provided the service that we wanted from day one. We didn't have to do too many reconfigurations. The policies that come with it out-of-the-box provide adequate network protection, and we just had to put in special policies to allow various types of traffic, either both ways or one way, to various ports on the firewall. We didn't have many problems in getting them up and running at each office.

Deployment took one day at each location. Overall, we were able to prepare the Fireboxes and test them in less than a week. We prepared everything at one location, did the testing on the second day, and on the third and fourth days we went to the other two office locations to install them.

With the Firebox solutions we have had a lot more accessibility, in the network, to our third-party vendors and suppliers. Prior to that, we did not have a direct connection to those companies, but with the Firebox we were able to configure a DMZ, and that allowed us to apply the granular restrictions that we really wanted. It allowed us to reduce the number of devices that we have on one desk, at certain workstations. Instead of having the supplier's computer and our computer, we were able to use just one computer, and connect to the supplier.

Going with the Firebox is a no-brainer. It provides the necessary security, out-of-the-box, for your configuration of the policies. It's very easy to use and it also gives you a reporting dashboard that can be customized. It makes a lot of sense out of all the data. It's very easy to read. We use a 40-inch display in our office and have it connected to the Firebox so that we can see what's going on on the network. We can look at it and see how the traffic is going through it.

WatchGuard Firebox is our edge firewall.

Currently, we are using the M470 and we have used many models in the past.

The solution provides our business with layered security. An example would be the intrusion protection on anything that is internet-facing. We host our own mail server and I regularly see that WatchGuard has swatted away attempts to get in from bad actors. I have to have that open because people have to connect on their cell phones. Obviously they have to send and receive mail. So I sleep a lot better knowing that something is watching the few things that I do need to present to the internet. I feel much better having something protecting and monitoring all traffic that passes through.

We have an interesting environment. There is actually a completely separate computer domain, an entirely separate network that belongs to a regulatory body. We work at a casino and our gaming commission has to be able to get into some of our systems and monitor some of our activities. Obviously we don't want them to just plug directly into our network, so we have created a DMZ where they can come into our network via the WatchGuard. That way, I get to see all of their activity as well and monitor what they can get to. We give them access to what they need and nothing more.

The solution also simplifies aspects of my job by having automated reports generated weekly, for review. I like the fact that they get delivered and I get to see the actual metrics of what the box is doing. The reporting features reassure me that it is working.

In terms of saving time, I have used Cisco firewalls in the past and I would say that it is easier to construct policies with WatchGuard than it is in Cisco, particularly Cisco's ASDM (Adaptive Security Device Manager). It probably takes about half the time with WatchGuard. Usually we're just modifying something, adding or removing somebody from a web blocker category. It's very easy to maintain.

As a casino, we have one site and that's it. There are no mobile workers. We usually don't have any remote access and we don't need collaboration tools because we all work in the same building. But now that we're trying to get some people to not come in [due to the Corona virus situation] and we're running on a skeleton crew, we are able to maintain productivity by leveraging the native VPN clients and access provided by WatchGuard. We didn't have to buy anything. We had all the infrastructure ready to go and then I slapped a policy together last Tuesday and we've been using it ever since. It was very easy.

• One of the most valuable features is the Gateway AntiVirus. We scan all traffic as it's coming through.
• We also use spamBlocker to scrub spam.
• We use content filtering, which is critical in any corporate environment to make sure that people don't surf things they're not supposed to.
• WatchGuard has a very easy VPN and branch office VPN setup, so we use those pretty extensively too.

It's very easy to use.

And our internet bandwidth does not exceed its throughput, so it is probably still a little overbuilt. It's definitely not a bottleneck. There is no problem with throughput.

In terms of performance, WatchGuard has always worked well for us. We've gone through about six different models in the last nine years, not all at our primary site. We had a couple of satellite offices that were using smaller models. They have all worked very well. There was only one time that we had a performance issue and it turned out that it was due to a hardware replacement being required, and that was handled expeditiously.

Regarding the reporting, I was in the Dimension server earlier today. It's very powerful. I like it. And the management features are easy to use. I like the fact that I can open up the System Manager client or I can just do it through the web if I'm making a quick change.

WatchGuard could be a little more robust in reporting. I get requests a lot to figure out people's internet traffic. We want to know what people are doing when they are on the internet. There is still a little bit of fine-tuning that can be done to that process.

I took over the admin role here back in 2011, so I've been using it for close to 10 years.

It's very solid. We don't reboot it very often and we don't seem to need to.

We went from a single appliance to a high-availability cluster, just last year. Managing the cluster is just as easy as it was to manage one unit.

It is doing everything we've asked of it so far, but we do plan on increasing usage. There are a few features that came out last year or maybe a little bit before that, features that we want to start using, such as WatchGuard's DNS. That will make sure that we're not asking for any bad players. At the moment we're still using Google DNS. And we haven't rolled out the endpoint security that came with it, but we are going to start using that as well.

I've never had to use their technical support. I've only used their online help. I've been able to find everything I need in the forums and the Knowledge Base.

The initial setup is straightforward. The wizards walk you through it, and I have found an answer to anything that I've ever had a question about in the Knowledge Base online. I don't think I've ever had to call for support personally. The documentation is awesome.

As for setup time, I usually have traffic passing through it within an hour or two. 

I know what traffic I want to allow out and I always start with just the stuff that I need to. I always start with the most restrictive, as far as policies go. The first thing I do is get rid of all the Any-Any rules and then I start locking it down. I love the way that it integrates with Active Directory. I base my internet usage and my web blocker policies on Active Directory security groups, and I can have all of that stuff set up ahead of time before I ever get ready to roll out the appliance itself.

Back in the day, we used to have a warehouse. We used to have a uniform shop that was offsite and I was responsible for setting up the tunnels of those sites. We recently relocated some administrative offices for the tribe that owns the casino that I work for, and we decided when they were moving that we would upgrade the firewall that they had. We purchased a WatchGuard so that it would be manageable, because we were already familiar with it from using it at our site. We dropped it right into place and I had traffic passing through it within minutes. I was done with it, doing all the other rules, within a couple of hours. I was onsite for all of those. I've never preconfigured one and then sent it out into the wild.

We use Variable Path, out of San Francisco. Our rep is Jason Chang. Our experience with them was very good. I would recommend them.

It's hard to measure ROI. But I've never had to go in front of upper management and tell them that we were breached. That is probably the conversation I would least like to have with them.

Otherwise, regarding return on investment, having the infrastructure already here and having more capabilities than we're using right now allow me to react very quickly. As I said, I was able to get some people working from home last week. It literally took us a day from going from zero people with remote access to a core group of about 12 people having remote access.

Getting a WatchGuard for the first three years pays for the hardware. I think it's cheaper to keep doing hardware upgrades at every software renewal, rather than just pay for maintenance to keep a piece of hardware going. I usually tell people that it's really affordable as well, particularly compared to Cisco.

In addition to the standard cost, we usually get the Total Security Suite. We go top-shelf on all of the subscription services.

WatchGuard was brought in by one of my predecessors. I left this company for a little while and went to go work for a credit union, and that was a completely Cisco shop, so I got to experience both of them at different times.

I don't think I've actually used anything other than the Cisco ASA. With the WatchGuard it's easier to create policies, that's for sure. I like the flexible stability of being able to leverage objects in Active Directory. I also like being able to not have to create all my policies using IP addresses, and that I can actually do web domain name lookups every time. That's very handy for large, distributed stuff where you have no idea where the actual source is going to be coming from. The cloud bounces traffic from all over nowadays. So crafting rules with fully qualified domain names, FQDN, is definitely something that I did not have in my Cisco ASA.

The Cisco was a little less confusing and more straightforward. It didn't do all of the things that the WatchGuard does, so in that sense it was a little bit easier to understand. That is particularly true once you start getting into proxy actions and setting up: "Okay, cool. Once this rule gets triggered, what actions have to happen?" I do know a few people who use WatchGuard and they still have to get assistance when they look at that. So I would file that as a con for WatchGuard. Proxy actions can be a little bit complicated.

Invest in some Professional Services. Although you can absolutely pull it out of the box and deploy it — and we've done that before — it's always good to have somebody that you can ask about best practices and run a few scenarios by them. We ended up purchasing four Professional Services from our local reseller. It was good. Although they didn't really provide any answers, they were there to say, "Oh no, you're doing the right thing." It was more reassurance than anything. But I would definitely recommend springing for some Professional Services. That will make the whole process go a lot easier.

A small subset of my staff, maybe three or four people, is involved in deploying and maintaining the solution. They're all IT administrators.

At a specific client location, we are using the WatchGuard Firebox M470 to control all of the security protocols, routing, VLANs, and traffic. We have a 1GB internet circuit coming into the M470 firewall, and SFPs going out to the Netgear M4300-96X modular switch. From this switch, it goes out to the Netgear GS110 devices through SFPs.

WatchGuard Web GUI is one of the best consoles I have worked with. It makes each step very simple, while you can get granular too. It made the installation process extremely easy and simple for each step to program into the Firebox. The Firebox works well with other brands and also has the capabilities to use an SFP module to use fiber connections instead of Ethernet. We were able to remove over seven devices and replace them with two devices: Firebox M470 and Netgear M4300-96X. What a cost saving and less equipment to troubleshoot. 

Here are just some of the valuable features: 

• WebGUI
• Spam blocker
• Website filtering
• Internet security
• Tech support is amazing.
• Routing and setting up VLANs. 

These are just some; there are so many more to go over. Depending on the customer's budget, I would always recommend WatchGuard Firebox and their other security products. They have some of the best customer service in the industry.

I don't think that WatchGuard would need to improve on their product. They have some of the least expensive appliances and software out there. They are extremely easy to use, the GUI is great through the web and on the desktop. That's why I feel WatchGuard has outdone themselves on their security products. Hands down, it's one of the best firewalls I have ever worked with.

This Firebox M470 is a true workhorse and has been flawless. It has not crashed yet and has been on for over a year now.

This product is very scalable: from the Total Security Suite to adding an extra module, to getting an extended tech support contract.

Their customer service is one of the best and is extremely knowledgeable about their products. They are very responsive when calling and or if they need to call you back. They have been a key part of this major installation.

I used a Sophos firewall that was already installed when we took over the account. The Sophos Web GUI is not that easy to navigate and completely different from most of the other firewalls out there. We switched because I professionally feel that the WatchGuard security products are superior over most of the other brands out there and their Web GUI is extremely easy to navigate and use. 

The initial setup was straightforward, but there is always a learning curve on all devices.

We used WatchGuard's team to help implement our programming into the firewall as our implementation was a one-off. 

Our ROI has been over 35% just on the equipment and the job.

The setup cost is extremely low for what you get with the Firebox M470. The cost of the Firebox M470 was a third of the cost of a Barracuda and a high-end SonicWall.

I loved that I could add an SFP module to the firewall and use both Ethernet and fiber connections. 

You will need licensing for the security features like Total Security Suite, etc.

We evaluated SonicWall, Sophos, Barracuda, and Fortinet for our firewall needs. WatchGuard not only was a great price point but also comes with so many great features without having to pay too much.

If you want a robust firewall that has a great price point, this is the best way to go.

We have all kinds of customers, including schools, colleges, institutes, and organizations. We do not work in a specific area, and we have a wide range of customers in various sectors.

The Firebox offers valuable features such as network security, URL filtering, UTM features, intrusion prevention and detection, and authentication. It also supports VPN, IPsec, and point-to-point communication. I did not encounter any problems after configuring threat detection and protection, intrusion prevention systems, and intrusion detection systems.

The only problem I have with Firebox is the grouping issue. When implementing a rule using a group of IPs, it is not possible to do that directly. I have to manually add all the IPs, and this is where I think WatchGuard should improve.

I have been using this solution since 2016.

The support system is similar to EPDR and EPP. They will register my case and either call me back, email me, or send me an article or key bulletin if things are sorted out. 

Otherwise, they will take a remote session to resolve the issue. They have a centralized portal where I can get support for EPP and EPDR.

Neutral

Setting up Firebox is not an easy task for everyone. To set up Firebox, one should have at least professional knowledge. Not everyone can do a Firebox setup because it is executed based on protocols. 

One cannot simply pick up Firebox and go through a basic configuration. For Firebox setup, having knowledge equivalent to Cisco CCNA associate level plus professional level is essential. 

Additionally, understanding basic routing and switching is necessary. Having knowledge of IPs and professional skills is crucial. Unlike Sophos, which is easy with a 'next' approach, configuring Firebox requires deep knowledge about protocols and how they work.

My only issue with Firebox is the grouping issue. I recommend Firebox since this device will not let anyone down. If someone drives a Volkswagen, they may find it challenging to switch to another car. It is the same with WatchGuard; once someone adopts this device, they will likely not buy another.  

I rate the overall solution a nine out of ten.

I have used WatchGuard Firebox for firewall testing purposes and setting up a couple of new projects for my company. I test the solution's efficiency in blocking IPs, role management and policy optimization. 

The product can be configured very easily. The license model of WatchGuard Firebox is also simple and transparent. A purchaser can effortlessly obtain the required features through the license system. 

WatchGuard Firebox offers a satisfying VM and hardware. The performance of the solution differs when it's deployed as a VM and a physical appliance. 

All basic firewall-based tasks, such as creating a policy or role, can be effortlessly implemented using WatchGuard Firebox. The user interface is simple and intuitive, allowing even a beginner to complete tasks without difficulty. 

It's very difficult to find a reseller of WatchGuard Firebox to purchase a license. The number of resellers for the solution should be increased through partnerships. The solution's network observability should be improved. The observance adaptability of different WatchGuard devices is minimal and it should be improved. The information or guidance provided by the vendor for using APIs, syslogs and exports should be enhanced. 

I have been using WatchGuard Firebox for eight years. 

I would rate the stability an eight out of ten. It's a fairly stable product. 

I would rate the scalability a seven out of ten. In our company, when we perform some load tests on one interface, there is a requirement for multiple packet drops at times, which the firewall might not be able to handle, and the other interfaces might go down as well.

There are some performance issues in WatchGuard Firebox when the load is high, but within limits the solution works perfectly. There are seven users of WatchGuard Firebox in our organization for the network administrator cycle. The solution is used daily in our company. There are no plans to increase the usage of the product any time soon in our organization as it is being used only for testing purposes. 

The solution has a seamless initial setup process. I would rate the initial setup a nine out of ten. All the deployment aspects of WatchGuard Firebox are straightforward, and all basic features are available, but for advanced features, many professionals might prefer other solutions over WatchGuard Firebox.

The deployment process of the solution took about an hour in our company, it was a step-by-step configuration process but there were some issues with the VM otherwise it would have taken much less time. One professional is enough to deploy WatchGuard Firebox. For maintenance of WatchGuard Firebox only one person is required and multiple professionals monitors the solution in rotational shifts. 

The solution was implemented completely in-house. 

I would rate the pricing as four out of ten. It's an affordable tool. The basic product license costs our company ₹400,000 per year. In our organization, we don't purchase any security add-ons with WatchGuard Firebox. 

I am part of the research and development team, so I parallelly use competitor solutions from vendors like Palo Alto, Sophos and Check Point. 

Our company professionals claim that WatchGuard Firebox is competent with other firewall solutions in the market. For security purposes, our organization mostly relies on proxy software and other application firewalls.

Our company is majorly concerned with the application firewall and not the network security; this is why we choose application firewalls like WatchGuard Firebox, which can be used both as a VM and physical appliance. In our organization, we use the solution not only for testing purposes but also for data centers. 

I would rate the product's performance and reliability for the remote workforce an eight out of ten. When I setup a data center and keep the solution as an entry point, then later on when I access it through a VPN, it will be flawless. It's very easy to configure a VPN using WatchGuard Firebox. The solution will showcase stability and easy accessibility even in remote functions.

For small and medium-scale networks, WatchGuard Firebox will be an ideal and cost-effective solution. I would rate the solution as eight out of ten. I would surely recommend the solution to others. 

We run education organizations. We have students and staff working on campus. We wanted to be protected within the campus as well as outside the campus.

I am using WatchGuard Firebox XTM 850, and I have its latest version.

In terms of users within the campus, the policy-based usage helps us where we allow something during the daytime, something after school hours, and something during the night. In terms of outside the campus, it helps us in monitoring our mail services. All our deployments are protected from external users.

Policy VPN, site-to-site VPN, traffic monitoring, anti-spam filters, and all other advanced features are valuable.

The way Secure Sign-On authentication is happening needs to be improved. When the Secure Sign-On portal is turned on, anybody who comes into the campus, whether he or she is a staff member or a guest, has to go past the initial portal. One of the shortcomings is the username. It shouldn't allow permutations or combinations with upper or lower cases. For example, when there is a username abc, it shouldn't allow ABC or Abc. It should not allow the same username, but currently, two separate people can go in. Therefore, its authentication or validation should be improved, and the case sensitiveness should be picked up. If I have restricted someone to two devices, they shouldn't be able to use different combinations of the same username and get into the third or fourth device. It shouldn't allow different combinations of alphabets to be used to log in. 

I have been using WatchGuard solutions for the last ten years.

It is very stable.

It is scalable. We have about 1,200 users at this point in time, but the number of devices exceeds 2,200. There are multiple devices per person in today's world. A staff member is using three or four devices, and students are using at least two, which makes it 2,500 or 3,000 devices.

Their technical support is very good. You get a response within 15 minutes to an hour at the max.

We had Cisco ASA Firewall. It was a very simple firewall.

Its initial setup is very straightforward. It took 30 minutes.

A consultant from WatchGuard was there. He showed it once, and our people could do it easily. They have deployed it again and again. It is pretty simple. 

You just need one person for its deployment and maintenance. Security personnel is the one who manages it.

They have an annual subscription license. Initially, we had opted for three years. After that, we went for another three years, and after that, we have been doing it yearly. They also have a license for five years.

We evaluated SonicWall, Palo Alto, and Cisco, but this was the best.

I would rate this solution a nine out of ten.

We primarily use WatchGuard Firebox like a typical firewall, to protect ourselves from outside and inside threats. 

I have the WatchGuard Firebox M270, deployed on-premise. 

WatchGuard Firebox improved our organization by acting as a firewall, with all the specific components of one. If you have an antiviral solution, you can see how many were blocked; from where they were blocked; what the statistics are on the areas that the attacks came from; and if there are attempts, or if they do get through the firewall, where they came from and where they went. You know exactly what to look for, to see if there is any kind of penetration inside your system, or if anything has been compromised, and you can take any measurements against these threats. 

All of the features have been valuable. There's nothing on my M270 that I'm not using. If you have remote access, you can see how many users are coming from the outside world to be connected to the systems, through the virus systems that we have behind the firewall, in order to gain access to their files and do their work. We can also see how long they stay online and whether these connections are closed forcefully or for any other reasons, such as a glitch or some kind of misbehavior, to see if internet traffic is optimized and if that particular traffic is under company policies, concerning which websites were visited. 

There's always room for improvement, especially if the threats are getting more sophisticated and the IT department cannot sufficiently meet this kind of sophistication with their own knowledge and experience. Knowing that this solution can get up to the level of addressing a lot of these threats is something that everybody wishes for. If we look at the dark web and the lawful web, they are two opposites, and if these two good and bad collide in the world of the internet, you want the best possible product—especially if you cannot get to that point of knowledge. I am just an individual and end user, with limited knowledge of usage. That's why I say there's always room for improvement, from their side and also from mine, because by knowing exactly what they can achieve and the knowledge that they can get on an everyday basis, and the portion that is understandable to me, it's an improvement for them as well. 

Most of the features that I have right now are more than okay with me, but something like a better interface is always worth suggesting. Also, things like computer-based training on firewalls and specific solutions—especially in things that have been deployed on every new version—is usually something that we need to see in order to understand what, exactly, these people have created for us. 

I have been a WatchGuard user since 2004. 

This solution is stable. 

I am the only one who maintains the firewall—we don't have a team to handle it. 

This solution has been scalable to the level that my company wants. 

Behind the firewall, we have 60 users. On a daily basis, there are approximately 40 to 45 users in the office: they are people from the purchasing department, technical department, accounting department, operation department, etc. 

In general, their support is okay, and nothing fancy. We have had a few chats and a few cases on several things that I wanted to do by myself, but needed some guidance on. The speed is not the speed of light, but we are getting through to what we want to have within a day or so. 

I don't have any comparison to make with a solution that's on the same level as WatchGuard Firebox. We had some experience with all of the Cisco firewalls, but they didn't have the same level of security that we have with our existing firewall. Those were quite old, so I cannot really compare that old technology with something that is so new. 

The initial setup was quite straightforward because we are a small company. We have 50 people working at this company, so it's a rather small installation with no fancy or complex configuration. The deployment took an hour or so, but from that point on, there have been numerous hours of work to get up to the point we're at now with our firewall solution. 

It's quite easy to deploy because the initial installation doesn't involve many fancy things. Out of the box, it's quite clear that it has features that need to be blocked, and these features have already been blocked by default, to help anybody deploying this solution. It's like having 35%-40% of your configuration ready, so you only need to add another 25%-30% to reach approximately 70% of your full configuration, which takes no more than a couple of hours. The additional 30% are the small, exact things and the prediction correction, the things that are usually done on a firewall solution in the following hours, days, months, years by the users of the device. However, you can reach the level that you personally believe in, 100%, within a matter of days if you know exactly what you need to do. 

I implemented this solution all by myself, since I was lucky enough to have basic firewall knowledge. Our implementation strategy was to get to the level, as fast as possible, where I could meet the minimum requirements of the company, concerning its firewall policy. 

I have definitely seen a return on investment. To be exact, you cannot really value the return of investment on this kind of product because an IT product usually delivers services that cannot really be measured in money. Rather, it can be measure in things that we can do and things that we cannot do. So, money-wise, you cannot really measure it, but if I'm measuring it on things that I wanted to achieve with a device, there was a 100% return back. 

The licensing contract we have is on a three-year basis. There aren't any costs in addition to the standard licensing fees—usually, every three years, we just purchase or renew the same license and we are okay. Every six years, we completely change the firewall, but that's the usual schema. So after three years, we just renew the licenses for another three years, and then after that particular period of time, we just purchase another firewall equivalent to the ones that we currently use.

I rate WatchGuard Firebox an eight out of ten. 

This is a solid device and it delivers what it says. It doesn't do fancy or extraordinary things, but it does delivery exactly what it's supposed to deliver.