WatchGuard Firebox Reviews

I would describe primary use cases as a solid and cost-effective solution, especially when compared to other comparable solutions like Fortinet or different Cisco firewall suppliers and network security providers. However, I must say that it's not so intuitive to install, maintain, and configure. Nevertheless, it remains a solid and cost-effective solution.

We have seen it effectively stop some network security threats. It provides cost-effective protection and is easier to set up compared to other solutions. With other providers, it sometimes takes four to six or even eighteen weeks to deploy or receive the equipment. With WatchGuard, we have solutions that can be quickly deployed.

The most valuable feature, in my opinion, is the dimension logging platform and the network traffic filtering. The VPN feature is also very useful and valuable. Additionally, the remote site connection and VLANs are important.

One area of improvement is the deployment process; it is not intuitive.

The centralized administration and management, as well as the cloud-based interface, specifically the user interface (UI), menus, and module configurations. The administrative UI/UX could be significantly improved.

Compared to other solutions, I would say it's not a complete solution in certain settings. The centralized administration and XDR capabilities need improvement. One aspect that many firewall and network security manufacturers fail to understand or integrate well is the endpoint, XDR, or EDR solutions. For example, Cisco has its own endpoint solution, which is not very good, and other manufacturers like Check Point or Palo Alto have their own EDR solutions. The primary issue is that they haven't effectively integrated these solutions with other manufacturers to create a more comprehensive and cohesive offering. It's important to have a solution that integrates anti-malware and antivirus XDR features. In terms of mobile device management, that's a feature I haven't seen.

I've been using it with some of my clients for about three to five years, depending on different situations. One of them is not selling or reselling it, and another one is in settings where clients decided to switch from our supplier and buy WatchGuard.

We normally use Total Protection.

I would rate the stability of WatchGuard a nine out of ten. 

I would rate the scalability of WatchGuard a seven out of ten. 

There is an area of improvement in customer service and support. 

Neutral

The initial setup is straightforward, but there is room for improvement. It's generally straightforward, but there are areas that can be enhanced.

There is an ROI for some time. However, after the first year, it becomes less straightforward to see a return on investment when equipment needs to be changed or licenses need to be renewed.

The price is very good, but the follow-up on the sales channels, especially the local ones, is not so good. Some MSSPs or suppliers do a better job than the brand's direct channel administration.

My advice would be to rely on a reliable partner who understands your operations and has experience in deploying and scaling WatchGuard.

Overall, I would rate the solution an eight out of ten.

I've used it for network control, and it's been quite helpful.

We have used it to keep our network clean and only allow certain things to work. So, it's useful for network control.

The control software is currently only available for Windows, which can be a little annoying. However, it is painless to use. A future release that is more focused on Linux would be great. Also, it would be helpful if it provided more diagnostic information on the OS side. So, a Java application that works for every other OS would be helpful.

I have been using this solution for more than ten years. We are using the latest version. I have experience working with it.

It is a stable product. I would rate the stability a nine out of ten.

It is a scalable product. I would rate the scalability a nine out of ten. While there are currently around 50 users, the number of users may vary depending on how the software is used in our particular environment. It's possible that there could be more users in a different environment, but we wouldn't be using the software concurrently. Additionally, some users in our network are currently submitting requests and utilizing the software, which could create a challenge or bottleneck for the software due to the increased demand.

The initial setup was quite simple. We didn't face any bigger issues. For us, it was so simple that we had all we needed. I didn't have any big problems. You just need to decide what you want to have and which programs you want to work with, and then make those configurations work. 

It's easy to do once you learn the WatchGuard side, but there's also the other side where you need to test the TCP ports, IDB boards, and other things that the program needs to work with. Depending on what you want to work with, it usually takes a bit longer, but it needs to be easy to modify and allow/disallow things in every software you're using. 

If you have the subscription system in the license, it can be included in your hardware subscription. So we usually purchase a big license that includes it. But it's always possible to take smaller subscriptions and then add those. You can choose between subscription plans.

It's user-friendly. And if you are using a WatchGuard device and you want to test that side of the software, it's quite easy to get the license to test it. It's included when you purchase the WatchGuard device. Then there's the possibility to test the bigger software for a while and get the older things to happen. And, of course, if you need more, you can just call your support and ask if you can have a test license to try a little more.

Overall, the product is an eight out of ten because WatchGuard lacks diagnostic information on the OS side.

We primarily use the solution to secure our networks in branch via SSL and VPN. We also use it for our web pages hosted on our servers. This product handled everything UTM.

The solution has benefitted us by offering a secure connection. We don't spend as much time analyzing when traffic goes somewhere. We have clearance capabilities. We see what happens in our network.

The hardware is quite good.

The solution is fast. When we commit and change items in Firebox. It just works and it is simple. When you drop a connection, it gets dropped in a second. The speed is important to us.

It has everything we need in terms of functionality.

The solution is scalable.

It is stable and reliable. 

Pricing is reasonable. 

The UI and web view aren't nice. The fonts are too small, for example. 

I've been using the solution for three years. 

It is very stable. I haven't seen any issues with it. There are no bugs or glitches. It doesn't crash or freeze. It is reliable. I'd rate it nine out of ten in terms of stability.

The solution can scale quite well. If a company needs to expand, it can. I'd rate the ability to scale at an eight or a nine out of ten. It's easy.

I've never directly reached out to technical support.

When we need to make something really good, we need to take the time to ensure that's the case. However, the configurations are simple.

We had a business help us implement the solution. 

So far, the solution has been worth the cost.

The product isn't necessarily expensive to acquire. The pricing is reasonable. 

There are no extra costs or hidden fees. 

I'd rate the solution nine out of ten. We've been pleased with the product overall. 

Our primary use case for this solution is a primary firewall.

The features I found most valuable are probably the built-in VPN functionality and the scalability because they can both be centrally managed. It is very easy to scale. It is also very granular, so you can be as restrictive or as non-restrictive as you like. This means you can be very precise with it.

The area where I think this product can be improved is the user interface and the reporting. It can be quite difficult to find the correct logs and to actually find out what is going on. The digging can be time-consuming.

I have been using this solution for a year now.

I would rate the stability of this solution an eight out of 10, with one being unstable and 10 being very stable.

I would rate the scalability of this solution a 10, on a scale of one to 10, with one being not scalable at all and 10 being very scalable.

We currently have about 200 users.

From my experience with their customer service team, I would say that they seem quite knowledgeable and fairly quick to respond.

Previously, we used FortiGate. FortiGate is a much more mature product. I feel like FortiGate is a lot easier to work with. Firebox, you're able to achieve the same outcomes, but it can be a lot more complicated to do so.

The initial setup can be somewhat complex. I would rate it a six out of 10, with one being not complicated at all and 10 being very complex.

Our deployment was done through a third party.

I would rate their pricing plan a four, which means it's definitely on the cheaper scale.

I would recommend this product, but you need to make sure that you've got the technical capability to work with it because it can be quite complicated. Overall, I would rate this solution a seven out of 10, with one being poor and 10 being excellent.

WatchGuard Firebox is used as the core firewall. It's also used for routing purposes. As a software, it's also used as a VPN access for external clients.

How WatchGuard Firebox improved my organization is that it provided a deeper level of traffic management. It allowed the company to more effectively manage the network traffic, which led to higher efficiencies across the network. Though FortiGate does a much better job of managing traffic, WatchGuard Firebox does it more efficiently.

What I found most valuable in WatchGuard Firebox is that it's a functional platform that works, and each of its features works well. The solution also has good reporting and dashboard capabilities. I also find the overall performance of WatchGuard Firebox great.

What could use some significant improvement in WatchGuard Firebox would be its interface and policy management.

An additional feature I'd like to see in the next release of WatchGuard Firebox is the ability to modify an existing policy instead of having to recreate a policy when changes are necessary. At the moment, there's no possibility to modify the policy. You have to delete the policy and recreate it.

I've been using WatchGuard Firebox since 2016. I'm still using it.

WatchGuard Firebox is a very stable product with no issues whatsoever.

WatchGuard Firebox is a very scalable product. My company decided, after initial implementation, to move to a redundant core network, and it was able to implement a second device seamlessly to act as a passive follow.

All of my interactions with the technical support team of WatchGuard Firebox have been great, so far. The support team is very responsive and very knowledgeable. I haven't had an issue that the team hasn't been able to resolve. The team always responded within the SLAs.

On a scale of one to five, I'm rating the support for WatchGuard Firebox a five.

We used Palo Alto before WatchGuard Firebox, and the reason we switched was because of some failures in the Palo Alto firewall.

The initial setup for WatchGuard Firebox was very straightforward, though my company has a relatively complex network utilizing SD-WAN, MPLS, and BOVPN technologies. On a scale of one to five, where one is the worst and five is the best, I'm rating my setup experience a four. There's always room for improvement, but it was a fairly good process.

The deployment of the WatchGuard Firebox took eight hours to complete.

WatchGuard Firebox has been implemented as the core firewall for the organization. The reason my organization upgraded to the device and switched from a previous software was due to a hardware failure of the previous firewall.

We deployed WatchGuard Firebox internally, through my team.

In terms of ROI from WatchGuard Firebox, from a data perspective, I couldn't share only because my company doesn't have any metrics on ROI. However, I can say that the threat management and prevention features such as IPS and IDS caught several malicious files coming in through the firewall or WatchGuard Firebox, so I suppose that alone makes it worth its weight in gold.

We paid $4000 in AUD for WatchGuard Firebox per year. There were no additional costs.

I didn't evaluate other solutions, apart from Palo Alto, before using WatchGuard Firebox.

I'm using the latest version of WatchGuard Firebox.

My company has one thousand and five hundred users of WatchGuard Firebox in IT, Finance, and Graphic Design.

At this point, there's no plan to scale WatchGuard Firebox, but it's fairly well-configured to scale if required.

I do ninety-nine percent of the work in terms of maintaining the product. One person seems enough for the maintenance of the WatchGuard Firebox.

The only advice I would share to others looking to implement WatchGuard Firebox for business is to consult with a person experienced on the platform, specifically during your first implementation, just because there could be some unique issues that you may face that you won't find outside of the WatchGuard platform. Overall, I would recommend WatchGuard Firebox to others.

In general, I'd give WatchGuard Firebox eight out of ten because there's always room for improvement. No product will ever get a perfect ten. I ruled out nine as the rating and I gave WatchGuard Firebox an eight just because fundamentally, a firewall packet and policy management is at the forefront of what a firewall does, and not being able to modify the policy really bumps the product down a little bit in terms of rating, in my opinion.

I'm a customer of WatchGuard Firebox.

We primarily use WatchGuard Firebox like a typical firewall, to protect ourselves from outside and inside threats. 

I have the WatchGuard Firebox M270, deployed on-premise. 

WatchGuard Firebox improved our organization by acting as a firewall, with all the specific components of one. If you have an antiviral solution, you can see how many were blocked; from where they were blocked; what the statistics are on the areas that the attacks came from; and if there are attempts, or if they do get through the firewall, where they came from and where they went. You know exactly what to look for, to see if there is any kind of penetration inside your system, or if anything has been compromised, and you can take any measurements against these threats. 

All of the features have been valuable. There's nothing on my M270 that I'm not using. If you have remote access, you can see how many users are coming from the outside world to be connected to the systems, through the virus systems that we have behind the firewall, in order to gain access to their files and do their work. We can also see how long they stay online and whether these connections are closed forcefully or for any other reasons, such as a glitch or some kind of misbehavior, to see if internet traffic is optimized and if that particular traffic is under company policies, concerning which websites were visited. 

There's always room for improvement, especially if the threats are getting more sophisticated and the IT department cannot sufficiently meet this kind of sophistication with their own knowledge and experience. Knowing that this solution can get up to the level of addressing a lot of these threats is something that everybody wishes for. If we look at the dark web and the lawful web, they are two opposites, and if these two good and bad collide in the world of the internet, you want the best possible product—especially if you cannot get to that point of knowledge. I am just an individual and end user, with limited knowledge of usage. That's why I say there's always room for improvement, from their side and also from mine, because by knowing exactly what they can achieve and the knowledge that they can get on an everyday basis, and the portion that is understandable to me, it's an improvement for them as well. 

Most of the features that I have right now are more than okay with me, but something like a better interface is always worth suggesting. Also, things like computer-based training on firewalls and specific solutions—especially in things that have been deployed on every new version—is usually something that we need to see in order to understand what, exactly, these people have created for us. 

I have been a WatchGuard user since 2004. 

This solution is stable. 

I am the only one who maintains the firewall—we don't have a team to handle it. 

This solution has been scalable to the level that my company wants. 

Behind the firewall, we have 60 users. On a daily basis, there are approximately 40 to 45 users in the office: they are people from the purchasing department, technical department, accounting department, operation department, etc. 

In general, their support is okay, and nothing fancy. We have had a few chats and a few cases on several things that I wanted to do by myself, but needed some guidance on. The speed is not the speed of light, but we are getting through to what we want to have within a day or so. 

I don't have any comparison to make with a solution that's on the same level as WatchGuard Firebox. We had some experience with all of the Cisco firewalls, but they didn't have the same level of security that we have with our existing firewall. Those were quite old, so I cannot really compare that old technology with something that is so new. 

The initial setup was quite straightforward because we are a small company. We have 50 people working at this company, so it's a rather small installation with no fancy or complex configuration. The deployment took an hour or so, but from that point on, there have been numerous hours of work to get up to the point we're at now with our firewall solution. 

It's quite easy to deploy because the initial installation doesn't involve many fancy things. Out of the box, it's quite clear that it has features that need to be blocked, and these features have already been blocked by default, to help anybody deploying this solution. It's like having 35%-40% of your configuration ready, so you only need to add another 25%-30% to reach approximately 70% of your full configuration, which takes no more than a couple of hours. The additional 30% are the small, exact things and the prediction correction, the things that are usually done on a firewall solution in the following hours, days, months, years by the users of the device. However, you can reach the level that you personally believe in, 100%, within a matter of days if you know exactly what you need to do. 

I implemented this solution all by myself, since I was lucky enough to have basic firewall knowledge. Our implementation strategy was to get to the level, as fast as possible, where I could meet the minimum requirements of the company, concerning its firewall policy. 

I have definitely seen a return on investment. To be exact, you cannot really value the return of investment on this kind of product because an IT product usually delivers services that cannot really be measured in money. Rather, it can be measure in things that we can do and things that we cannot do. So, money-wise, you cannot really measure it, but if I'm measuring it on things that I wanted to achieve with a device, there was a 100% return back. 

The licensing contract we have is on a three-year basis. There aren't any costs in addition to the standard licensing fees—usually, every three years, we just purchase or renew the same license and we are okay. Every six years, we completely change the firewall, but that's the usual schema. So after three years, we just renew the licenses for another three years, and then after that particular period of time, we just purchase another firewall equivalent to the ones that we currently use.

I rate WatchGuard Firebox an eight out of ten. 

This is a solid device and it delivers what it says. It doesn't do fancy or extraordinary things, but it does delivery exactly what it's supposed to deliver. 

We run education organizations. We have students and staff working on campus. We wanted to be protected within the campus as well as outside the campus.

I am using WatchGuard Firebox XTM 850, and I have its latest version.

In terms of users within the campus, the policy-based usage helps us where we allow something during the daytime, something after school hours, and something during the night. In terms of outside the campus, it helps us in monitoring our mail services. All our deployments are protected from external users.

Policy VPN, site-to-site VPN, traffic monitoring, anti-spam filters, and all other advanced features are valuable.

The way Secure Sign-On authentication is happening needs to be improved. When the Secure Sign-On portal is turned on, anybody who comes into the campus, whether he or she is a staff member or a guest, has to go past the initial portal. One of the shortcomings is the username. It shouldn't allow permutations or combinations with upper or lower cases. For example, when there is a username abc, it shouldn't allow ABC or Abc. It should not allow the same username, but currently, two separate people can go in. Therefore, its authentication or validation should be improved, and the case sensitiveness should be picked up. If I have restricted someone to two devices, they shouldn't be able to use different combinations of the same username and get into the third or fourth device. It shouldn't allow different combinations of alphabets to be used to log in. 

I have been using WatchGuard solutions for the last ten years.

It is very stable.

It is scalable. We have about 1,200 users at this point in time, but the number of devices exceeds 2,200. There are multiple devices per person in today's world. A staff member is using three or four devices, and students are using at least two, which makes it 2,500 or 3,000 devices.

Their technical support is very good. You get a response within 15 minutes to an hour at the max.

We had Cisco ASA Firewall. It was a very simple firewall.

Its initial setup is very straightforward. It took 30 minutes.

A consultant from WatchGuard was there. He showed it once, and our people could do it easily. They have deployed it again and again. It is pretty simple. 

You just need one person for its deployment and maintenance. Security personnel is the one who manages it.

They have an annual subscription license. Initially, we had opted for three years. After that, we went for another three years, and after that, we have been doing it yearly. They also have a license for five years.

We evaluated SonicWall, Palo Alto, and Cisco, but this was the best.

I would rate this solution a nine out of ten.

We use them for perimeter security and also to manage virtual LANs.

The main benefit for us is the ability to manage the VLANs. It allows us to monitor types of traffic and to actually review and determine what traffic we want to allow and deny. It also allows us to modify the categories of restrictions that need to be applied.

It has also simplified some of the processes that we have. For example, we were having some issues in identifying where most of our bandwidth was being used up, which devices and which users, and what they were using the bandwidth to do. Were they watching videos or were they looking at some other bandwidth-intensive site or application? We have been able to determine user behavior on the network.

We are quite happy with the Firebox. It really helps us with the ease of managing firewalls at other locations. It has really helped us save time by not having to go to other locations. We have devices at two smaller offices, where we don't have IT staff. It has allowed us to remotely manage and update the firewalls at those locations. It's saving us at least four hours a week.

I don't think it has helped improve productivity in terms of efficiency, but it has enabled us to improve the security of the network. We don't have to worry as much about where the users are going. And if a user was blocked, it will let us know why they were blocked, what category of trip was being blocked, or what policy it was blocked under. Even if our staff is going to a legitimate site, but the site is under a wrong category, it allows us to put that site on our exemption list to allow it.

It has also really helped us with our management and to monitor internet usage. Our department is just three people and it has made it very easy for us to manage.

• Two of the functionalities we use most are the traffic monitoring and the full panel dashboard. Those are two things that are very useful for us.
• It's very easy to use. The interface does not present a challenge for the user. It is a great device for small businesses with up to 500 users. It allows easy management of all devices from one central device and updates are very easy as well.
• The performance is also very good. The throughput is excellent. I've not had any issues with that so far.
• The reporting and management features are excellent. They're easy to navigate and very intuitive, and reports are easy to read.
• In addition, it provides us with layered security. It allows us to determine what types of access, to which networks, we want to allow or deny.
• We also like the site-to-site VPN that allows us to connect to and securely access devices at other locations.

I would like to have a little more control over access points and the ability to see the bandwidth that is passing through a specific access point. We are not able to see that. We can see what traffic is passing through the Firebox itself, but we can't identify if it is coming from a particular access point or not.

We have used WatchGuard Firebox for seven years.

The Firebox is very stable. We have not had a failure over the seven years we've used them.

In terms of scalability, we would need to add another device to the M300 that we have right now. I know there are models of Firebox that you can actually add hardware to, to get them scaled up and for additional portals. But the one that we have, in terms of subscription, is very scalable in terms of features, and it integrates with WatchGuard's central interface where it can update our firmware as the updates come out.

What we want to do is put in some more redundancy in our network access. We want to have a second Firebox at each location. We have two ISPs at each location, so instead of both ISPs going to one Firebox, we want to split the ISPs between the two Fireboxes and have load balancing through the internet on firewalls.

We have 100 employees at our head office, and we have 10 employees at our sub-offices. In terms of devices, we probably have about 150 devices, including printers and computers at our head office, and about 12 devices at each of our sub-offices.

We used the technical support once, when we had some issues with employees trying to access legitimate sites. That is when we learned about setting exemptions for certain sites. A company might be a travel site, for instance, but due to the amount of advertising they do, it might be flagged as an advertising site. To resolve that issue, when it's a legitimate site that does a lot of advertising, you can go to support for help in figuring that out, and also for help in putting necessary exemptions in place. 

The support was very professional. They were very patient, and they explained the issues and the solutions fully.

I don't have a lot of experience with other firewalls. There was a Cisco Certified office that I was exposed to before we moved to the WatchGuard Firebox. It felt like the WatchGuard was a lot easier to use, and easier to set up than the Certified Office device.

The primary reason that we went with Firebox was its cost. It is very economical and it provided us with all the security functions that we were looking for at the time. And the throughput was more than what we required, so it was a very cost-effective device to deploy on our network.

The initial setup of Firebox was straightforward. It was not complex.

For our deployment we configured all three access points at one location, our head office, and tested them in that one environment. Then, at the various offices, it was just a matter of changing the IP address. We had one technician go to one office and another technician go to the other office to install the Fireboxes and connect them to the network. As they were plugged in, they connected and it provided the service that we wanted from day one. We didn't have to do too many reconfigurations. The policies that come with it out-of-the-box provide adequate network protection, and we just had to put in special policies to allow various types of traffic, either both ways or one way, to various ports on the firewall. We didn't have many problems in getting them up and running at each office.

Deployment took one day at each location. Overall, we were able to prepare the Fireboxes and test them in less than a week. We prepared everything at one location, did the testing on the second day, and on the third and fourth days we went to the other two office locations to install them.

With the Firebox solutions we have had a lot more accessibility, in the network, to our third-party vendors and suppliers. Prior to that, we did not have a direct connection to those companies, but with the Firebox we were able to configure a DMZ, and that allowed us to apply the granular restrictions that we really wanted. It allowed us to reduce the number of devices that we have on one desk, at certain workstations. Instead of having the supplier's computer and our computer, we were able to use just one computer, and connect to the supplier.

Going with the Firebox is a no-brainer. It provides the necessary security, out-of-the-box, for your configuration of the policies. It's very easy to use and it also gives you a reporting dashboard that can be customized. It makes a lot of sense out of all the data. It's very easy to read. We use a 40-inch display in our office and have it connected to the Firebox so that we can see what's going on on the network. We can look at it and see how the traffic is going through it.