WatchGuard Firebox Reviews

We use the solution as an internet gateway. With its help, we can establish the connection between our company's HQ and branch.

The solution provided us with site connections and internet policies.

The solution's valuable feature is its pricing which is better than other competitors.

The performance of the solution's processor needs to be faster than other vendors. Also, it is time-consuming to configure it whenever multiple policies are involved. This area needs improvement as well.

I have been using the solution since 2012.

The solution is highly stable. I rate its stability a nine.

We have around 200-300 solution users in our organization. I rate its scalability a nine.

The solution's technical support is excellent.

Fortinet is faster to configure and access policies than WatchGuard.

The solution's initial setup process was simple, as I already have experience using it. It takes a month to complete. The process involves setting up the solution in a lab. Later, deploying it in a production environment once it meets all the configuration requirements.

Initially, we took help from a third-party vendor to deploy the solution. Afterward, we did it in-house. It requires three to four network administrators for deployment and two network administrators for maintenance.

The solution is worth buying.

I rate the solution's pricing as an eight.

I rate the solution as an eight. It offers more variable license bundles and has high availability than the other products.

The primary use case is protection for my network from external access. We also use it for some VPN, but mostly it's for protection. It's mixed usage on about a dozen different connections, a dozen different workstations, and access points.

I don't really worry about individual workstation security as much, anymore. I can depend upon the firewall to control incoming viruses, incoming attacks, bad port usage.

It simplifies my job because I don't have to worry about it on a day-to-day basis, the way I otherwise would. I'm not checking and monitoring each workstation on a minute-by-minute basis. I can check what's going on with the firewall and see how it's being used and where, and if there are any things coming through the logs.

I've built my process around the WatchGuard. I can't say it has saved me time because it's become the defacto process. I don't have anything against which to compare it.

• Intrusion Prevention is my primary focus so that's what I find most useful. The why is straightforward: It's to prevent intrusion.
• The usability is pretty good. 
• The throughput of the solution is also pretty good. I think there is some throttling that occurs.
• It provides me the layered security I need.

There are some features I'd like to see, although they are not standard in any of the products in this class; for example, better monitoring.

I'd like to have better access to workstation monitoring, connection monitoring, and the amount of time an address is being used, to better gauge proper network utilization. If I knew that something was connected to a particular external location for an extended period that seems abnormal, I'd be able to act upon it. It comes down to overall monitoring and reporting for the class of services that I have.

The solution's reporting and management features, based on what I have, are fair. I'd like to see an easier way of managing, controlling, and viewing usage at an IP-address-based level.

It's very stable.

WatchGuard's product line is very scalable, but this particular product is not.

Technical support is pretty good. The online knowledge base is usually the best way to go. But I have had some telephone support as well.

I had been using SonicWall for about ten years. I got a little frustrated with them at around the time that Dell purchased them. The WatchGuard UI is easier to manage and easier to work through. I ultimately became dissatisfied with the service and ongoing costs of the SonicWall devices.

The initial setup was straightforward. They walked me through it. I have enough knowledge to be able to walk through the setup and then tweak it the way I need it. I was able to find anything that was unusual, pretty easily, on the web.

The initial deployment took under an hour. I've spent dozens of hours tweaking it over the years, but nothing out of the ordinary.

The implementation strategy was to set up something that allowed for VPN access, to grow VPN access, and that would protect my workstations against viruses and attacks, as well as my servers. The goal was to simplify everything with one box.

For deployment and maintenance, it's just one person who handles the network, and that is me.

I did it myself.

I'm not sure I could establish a numerical return on investment. It's mostly peace of mind. I could probably do well with a lesser product, but I'm afraid a lesser product would provide significantly less protection.

It costs me about $800 a year. There any no costs in addition to the standard licensing fees.

I looked at some Cisco products. I only upgraded to this latest T35 last year, from the previous WatchGuard item. I also looked at SonicWall and a couple of others.

It's used extensively. Do I plan to increase usage? If I can get better reporting, perhaps. But it's fully deployed and static at this point.

I would rate WatchGuard a seven out of ten. A perfect ten would come from lower costs for small installations for the service licensing, and improved reporting. And maybe some better awareness of what it's capable of doing. It's hard to figure out what I could do. That's a big thing. It's hard to figure out what is possible. What am I not taking advantage of? I've tried to work with people on that, and that's the biggest thing.

We use them as our firewall in every location. It's extensively used and our locations for it are ever-expanding. Right now, we have 14 locations with them. We have everything from the M300 to the T50-W to the T30-W.

Like any other firewall, if it goes down, it's going to cause problems but these don't go down.

If I had to spend half my day fighting the stuff that it's keeping out, in that sense, it's increasing productivity. But if I was having to do that, I would find something else.

There are a lot of features I really like.

One of them is that the interface is more intuitive for us. And the success rate has been very good for us. It's easier to use than a SonicWall. There's a learning curve with every firewall, but this one is a lot more intuitive than some of the other ones I've used.

We've been very happy with the throughput and the performance the solution provides.

The Dimension control, the one-spot reporting and control, has been nice. It's been easy to go in and make sure people are doing what they're supposed to be doing and that only the right stuff is getting in.

It provides us with layered security.

It's got a global map where you can block IP based on which country it's coming from. I haven't seen that on anything else.

They work. We don't have to boot them. 

The only time they get booted is if there is a major, extended loss of power. Otherwise, they just stay up and running. The location I'm at has been up for 90 days and the only reason it went down 90 days ago was that we had about a 12-hour power outage. It got our batteries. It got everything. But like I said, they're reliable.

There is scalability because they have different models to choose from, as long as you buy right.

We have 500 employees and about 150 users. I'm sure we have plans to increase usage. In terms of how extensively it is being used, it's filtering every piece of internet traffic we have.

I haven't had to use their technical support in about seven years.

When it comes to installing a new box, it's pretty simple. We have a config we copy over to it and then we just customize that config with the IP addressing that we need at that location. It doesn't get much easier than that. It takes less than an hour and takes one person to deploy it.

We used a third-party integrator when we did our mass upgrade in 2017. At that time, all of our other ones had become end-of-life. They were Firebox Edges. We bought the boxes, dumped the configs on them, between us and the third-party, and either I or the third-party would deliver and install. Onsite downtime was as little as ten minutes.

Deploying it to distributed locations was super-simple.

We haven't had anything get through it. It's hard to say what your return on investment is when you're saving problems. You can't quantify how many possible threats you're saving in a day.

We bought ours bundled with two or three years at the time we bought them. I haven't seen the pricing since 2017, but it was competitive. SonicWall, Barracuda, and WatchGuard were all about the same price when we did our last pricing.

We investigated SonicWall back in about 2016 and decided to stay with WatchGuard because we felt the interface was a lot better. It's also easier to manage, easier to keep an eye on. We really despised the SonicWall. The support for it was awful. Dell already had it and it was bad. I had experience with SonicWall in the past, before it was a Dell company. The SonicWalls were pretty good then.

We looked into Barracuda. We didn't actually test it. We used some other Barracuda stuff, but we didn't actually even test their firewall. I don't remember why we didn't go with them. That was a decision made three years ago. We use their backup appliance and couldn't be happier with it, so it wasn't a support issue or a reputation issue. I don't know if there was a little difference in pricing which was the reason that we didn't try it.

We investigated the other one, we actually put the test box in, and Firebox was far superior to what we tested.

Give Firebox a good, strong look. Give it a test run and I'm sure you'll be happy with it. We've always had it. Our opinion of it is that it flat-out works and we're very satisfied with it.

I'm sure there are better ones out there for somebody who has more time to manage it. But if you're looking for something so that you don't need a dedicated staff to manage it, I'd say this is a pretty good one. I give it a nine out of ten.

I use the solution in my company mainly for security management and also for VPN.

The most valuable feature of the solution is its ease of use. For budgetary purposes, it meets our requirements.

For most of the part, the tool's interface is quite simple. The product can improve in terms of layout to provide easier access and viewing to users, especially for the reports.

One of the things that I think is missing in the tool is the area of managing IPv4 traffic via the IPv6 tunnel. If a few features were added to the tool, it would be great for migrating our network from IPv4 to IPv6.

I have been using WatchGuard Firebox for three years.

Considering we have even used the tool in our company for the past three years, we don't see much problem with the devices, except with what we call the updating and patching processes, which require some downplay and everything. I think we are quite satisfied with the tool's performance in our company.

I do believe the solution provides devices with a profile for a much higher requirement, but it all depends on the number of users and everything. Currently, my company is not that big, but we are supported by good vendors. I do believe the tool is scalable in terms of the devices because the product does provide a much higher model, but we don't need it because we are quite a small company.

In my company, we have only around 200 users, so we don't have many staff members.

My company contacted the solution's technical support regarding the services, especially when we had some new requirements in terms of configurations and settings or when there were new protocol rules and policies and policies that needed to be implemented. I rate the support an eight out of ten.

Positive

Previously, we used Sangfor, which is a brand from China, for our firewall and internet access management, but we switched to WatchGuard Firebox three years ago. One of the biggest reasons to use WatchGuard Firebox was related to the area of expertise. Our team or staff had experienced some lack of knowledge in Sangfor. After my company figured out which product was easy to learn and after making some comparisons, we decided to go for WatchGuard Firebox.

Compared to Sangfor, I think one of the advantages of WatchGuard Fire is the VPN solution, which includes a certain number of licenses in the package. There is no requirement to purchase more VPN licenses. The con is that Firebox is a part of the existing solution provided by WatchGuard.

When it comes to the product's initial setup phase, our vendors support us, so they handle the setup process. We don't have many issues or problems during procurement or setting up all the configurations for WatchGuard Firebox.

The solution is deployed on the hybrid cloud model.

Last time, we got the tool ready within three days. After we provided all the information that the vendors required regarding the setup and configuration settings that we needed, they set it up within three days. A third party also provides the tool's maintenance services.

From the budgetary perspective, I believe the proposed price for WatchGuard Firebox was certainly much better than the other model that had been promoted to us before because the concerned department in our company procured the tool. I don't have any specific information on it.

I am not sure about the tool's price as the commercial part is under a different department. I think the tool is quite competitive compared to the other brands.

The tool's most effective for managing threats revolves around the area of the reporting services it offers, which is cloud-based reporting, so we can get a lot of information from the services.

I don't have much experience with other models, so I can't speak about WatchGuard Firebox's security. The good thing is that because it is easier to handle, and the company that supports us provides us with a lot of information, it is easier for us to operate the product.

WatchGuard Firebox VPN features significantly enhance operations, making it easier during COVID-19, when many people work from home. There are very good features, I recall, whereby you can access office resources without requiring employees to come to the office. The tool did help us a lot during COVID-19.

Our company has a data leakage prevention solution for our email. It is quite intuitive, but it's not WatchGuard Firebox.

Whether I would recommend the product or not is something that depends since I work in a small company where the income is not too much. Other companies of similar sizes might find some similarities with our organization, so I can recommend WatchGuard Firebox to such users or businesses. Bigger or corporate users who have much more requirement settings or a large number of users should look for a different brand that can support the large numbers.

I rate the overall tool an eight out of ten.

Our client deploys WatchGuard Firebox and helps to establish VPN connection between multiple files. 

I find this solution very easy to manage. The web manager and Firebox key features are particularly impressive for cloud applications. That's why I often recommend this solution to our clients. It has good threat management capabilities and works against different types of threats.       

I think one area for improvement in this solution would be enhancing communication with tools like Active Directory. This would make the tool easier to integrate and effective for users.

I have been using WatchGuard Firebox for the past eight years.

The solution has been stable without any noticeable bugs.

I find WatchGuard Firebox to have medium scalability, serving around ten medium-sized clients with approximately five hundred users each. 

I find the service support to be slow at times, especially in terms of response and case resolution. 

Neutral

I would rate the initial setup as ten out of ten, since it is very easy.

The deployment process is quite fast, usually taking just one day. To deploy the solution, we follow the steps outlined in the deployment guide, which are straightforward and easy to follow.

WatchGuard Firebox is typically deployed on-premises in our client's organizations.

I would rate the pricing at seven out of ten. As for the licensing costs, we typically have yearly licenses for our clients, but there are no additional costs beyond the standard licensing fees.

I always recommend using WatchGuard Firebox in our projects because it's straightforward to manage and deploy.

I would rate this product an eight out of ten. 

We primarily use the solution to secure our networks in branch via SSL and VPN. We also use it for our web pages hosted on our servers. This product handled everything UTM.

The solution has benefitted us by offering a secure connection. We don't spend as much time analyzing when traffic goes somewhere. We have clearance capabilities. We see what happens in our network.

The hardware is quite good.

The solution is fast. When we commit and change items in Firebox. It just works and it is simple. When you drop a connection, it gets dropped in a second. The speed is important to us.

It has everything we need in terms of functionality.

The solution is scalable.

It is stable and reliable. 

Pricing is reasonable. 

The UI and web view aren't nice. The fonts are too small, for example. 

I've been using the solution for three years. 

It is very stable. I haven't seen any issues with it. There are no bugs or glitches. It doesn't crash or freeze. It is reliable. I'd rate it nine out of ten in terms of stability.

The solution can scale quite well. If a company needs to expand, it can. I'd rate the ability to scale at an eight or a nine out of ten. It's easy.

I've never directly reached out to technical support.

When we need to make something really good, we need to take the time to ensure that's the case. However, the configurations are simple.

We had a business help us implement the solution. 

So far, the solution has been worth the cost.

The product isn't necessarily expensive to acquire. The pricing is reasonable. 

There are no extra costs or hidden fees. 

I'd rate the solution nine out of ten. We've been pleased with the product overall. 

We have four locations and at every one of them we use WatchGuard. We use them as firewalls and for UTM. They provide protection in terms of detection and prevention. And we also use them for site-to-site VPN, as well as for direct connect, VPN to AWS, and to AWS using VLAN tagging.

One of the main ways it has helped is that we use site-to-site VPN a lot, as well as remote access ACLs and client-to-VPN. Prior to WatchGuard, for example, we used to use Remote Desktop, which is not very secure, or RD Web, which is also not very secure. We installed the client VPN on everyone's remote computer and they can access our local area network. That is much better than using the other solutions. It's an improvement for the user and it's less risky for us. It gives us peace of mind that we're using the proper channels to access our network.

It's hard to pick one feature over another. But if I had to pick one, the UTM would be the most valuable because of the notification. I get notified via email if there is any type of threat detection or alert, telling me something is wrong.

For me personally, because I'm Cisco-Certified, it was very easy to take this over. I think it's a lot easier to work with because it's a GUI and not a CLI. I cannot speak for other users or other administrators, but it's pretty simple.

Based on our needs, the throughput is pretty solid. We haven't had any issues as far as the throughput is concerned. This particular box maxes out at 2 GBs and we only have 1 GB so we haven't had any latency.

I manage it using the System Manager, based on the firewall access control that I have. I've been able to manage it and use it without any problems.

Websense is an application that monitors and filters internet traffic. Websense was derived from WatchGuard. But when you go to WatchGuard to actually implement that particular feature, you have to use some type of additional feature and you have to pay for it, unfortunately. I think it should be free or free in the WatchGuard box itself, as an option. It would be nice if they didn't charge us for that.

And if they won't offer it for free, they should offer something better. It definitely needs a big improvement because it's very unfriendly. It's called Dimension Basic and there is a reason they call it basic, because it gives you very basic information. Let's say you want to track someone's internet activity or where they've been going. Websense gives you detailed information as far as the source. But this one only gives you very basic information and, on top of that, it's a free version for only a few months and then you have to pay for it. So not only is the version very basic but you still have to pay for it. That, in my opinion, has room for improvement.

Everything else that we have, the live security services and network discovery and all the spam blocking, threat protection, and the web blocker, is included.

We've been using Firebox for as long as I can remember. I inherited this position close to 13 years ago and they'd been using it before that.

For the most part, everything seems to be working without any issues. That's why we've had it for this long, close to 17 years for the company and, under me, for 13 years. There are more pros than cons.

We haven't had any issues. I always buy an additional box as a Hot Standby. I have never had to use it, and thank God for that. So it's been very stable. We keep them for a maximum of three to four years and then we upgrade to a newer one. For the time that we keep the box active, we don't have any issues.

In terms of scalability, as far other features go, we're stuck with what we have on the physical appliance. For example, we had one that was set to 300 MBs for throughput and when we wanted to upgrade, we couldn't obviously use that same box. It wasn't really scalable. So we had to upgrade to a newer version.

We have four locations and approximately 400 users. We don't have any firm plans to increase usage. The owner of our company just acquired another company and that may make a difference. WatchGuard is the main component that we use. The subscription for all four of the WatchGuards that we currently have ends in 180 days. We're just going to upgrade to the newer version, if it's available. 

There was an incident, back in the day, where I called for support and the guy sort of brushed me off. It was very uncomfortable but it could have been an isolated incident. I don't want to say that all the support engineers are the same. But this particular guy was either drunk or rude.

Other than that, it's been very smooth sailing for us, as far as support goes.

We have always been using Cisco. They decided that WatchGuard would be beneficial to keep because it's GUI and it's a lot easier to work with than other products, especially for junior admins.

I set it up all the time and it's very straightforward. It's very easy to set up and very easy to migrate over to a newer version. It's really simple. I've only done a new deployment once. 

For upgrades, you save the configuration and you upload it to a new file, or you just open a new file and browse to the configuration file that you saved. It usually takes 10 minutes at the most.

But the first deployment, because it was obviously more involved, took a few hours. Setup included the site-to-site VPN, the client VPN, the actual interfaces, the static NATs, a lot of the firewall policy, the internet certificates, and the policy routing; the basic components of any router.

Deploying WatchGuard to distributed locations is mainly the same. Obviously, there are differences in the IP addressing and the network addresses. And you have to take care of the VPN connection between the two, to be able to communicate using the site-to-site VPN. There is also web blocking. We have certain policies for denying access to certain sites or certain applications. We don't allow, for example, weapons or sex or any of those kinds of solicitation sites. We then set the external and internal interfaces and then do the routing. In the some of those locations we use the WatchGuard as a DHCP server, so we set that up as well. The rest is all pre-configured.

We have had two-year deals in the past, but recently we decided to go with annual. The cost was somewhere in the vicinity of $2,000 to $3,000 for each one, depending on if they had a special at that time or if they were doing an in-place upgrade or with the same router.

They figured if they were going to get something different then it would have to be something very user-friendly for the administrators, because I'm the only one who is certified to work on Cisco. We evaluated the Barracuda NextGen Firewall. We also looked into Juniper and the Meraki firewall, because all our switches are Meraki switches. 

But we decided to stay with the WatchGuard. The prices were a little bit better than Meraki and, since everything was pre-configured, to upgrade to a newer WatchGuard all we had to do was just save the config file and upload it to the new one, and that was the end of that.

Educate yourself. Read documentation and watch videos online. Since the administrators are going to use it, they should educate themselves on WatchGuard. Keep a cheap, old box for training. I train my administrators on an older box and I give them a network to train on.

We have been attacked with ransomware in the past, and it was kind of disappointing because, when I talked to Cisco support they said that they recommended purchasing end-point protection with a ransomware interceptor, so we ended up getting Sophos. So alongside the WatchGuard, we have Sophos' ransomware interceptor and end-point protection. We use them, on top of the WatchGuard, as a secondary line of defense.

It has been smooth sailing as far as the product itself is concerned. That's why we keep renewing it. We either renew it or we upgrade to the newest version if they have a special. We also use it for Hot Standby. It's been good.

It is a firewall. I have two M400s. They act as security for the Internet, like a border between us and the Internet.

We allow more outside vendors to be able to come in, then I could protect them. This is a way that I could leverage the solution which has improved business. It has made vendors coming from the outside able to get to resources that we can provide them without allowing them onto our production network.

We have the logging working along with the System Manager overview. This all seems very good to use and straightforward. It is where I look when I start since it gives me that sort of a single pane of glass for both firewalls.

It gives me Layer 3 and Layer 4 security. I don't know if it gives me the full Layer 7 security, which some other firewalls do. It might in new revisions of it. However, for what I need, it meets the sweet spot.

Having the VPN access helps productivity in the sense that people can get to resources anywhere.

• HostWatch is a nice feature.
• Logging
• The central management piece of the system
• The overview manager is good to have.
• The GUI is somewhat easy to use.

These features provide visibility on the network. When there is trouble, I like to see why I might be having trouble at the gateway level.

HostWatch makes it so I can see, in real-time, activity in the event that there is something weird happening on the network. This simplifies my job.

The product's usability is good. It is straightforward and simple. One of the benefits is that it is easy to navigate and intuitive.

Sometimes, the writing rules are a little confusing in how am I doing them.

I had some trouble with the previous product version (XTM) at the end. When the product aged a bit, there were no redundant power supplies. For what we're doing, it would've been nice to have something to fall back on instead rebuilding and taking it from an old configuration because the older version did die. We were able to take from an older configuration, build a new one quickly, and get it up and running, which didn't take long, but there was some pain around it.

With the previous version (XTM), I started seeing some hiccups.

With this new version (M400), it has been in place for about a year and been running just fine. I haven't had to reboot it. I don't think I've had an issue at all with it.

I manage the solution as the network administrator.

I am not sure what I can scale up to. It meets our needs, though. We're not a growing company. We are sort of a static company in terms of growth. As a static company, we are not looking to increase our usage.

We have around 200 users, who are tradesmen, toll collectors, administrators, accountants, and auditors.

I haven't used WatchGuard's technical support because it is an easy product to use.

We switched from WatchGuard's previous model due to age of hardware. We went from something that was seven or eight years old to something from the last year or two.

The initial setup was straightforward. We had been previously using WatchGuard and moved from an XTM to an M400. So, this is our second-generation of firewall with them, and I didn't have any problems.

The deployment took about a day. I upgraded the hardware, making sure that everything migrated over correctly. That was the goal. I had one rule that I dropped, but that's about it.

We have multiple networks with Internet points of presence where we have multiple firewalls. These are not at the distribution layer. The core layer is more where our firewall is.

For the price point, what we do with it, and the time that the last one lived for on our network, we have gotten our money's worth from it. I'm satisfied with the product for the most part.

We did consider other vendors. I don't think there's a need for us to switch right now. In the future, there might be. However, we're pretty happy right now with what we have.

We also looked at Palo Alto, Cisco, and Juniper NetScreen. We looked at Juniper because we have a lot of Juniper switching infrastructure. WatchGuard's price point worked, which is the reason why we stayed with WatchGuard.

Leverage the website. They have a good knowledge base out there. If this was a green deployment, make sure that you understand how the policies work for VPN and matting.

The throughput is adequate. It certainly handles what I pumped through it, which is about 150MB. I don't know how we would do on a big gigabit network, but for what I do, it works. I haven't seen any slow downs in throughput.

I am not using the Cloud Visibility feature.