WatchGuard Firebox Reviews

Production business use at multiple interconnected locations.

It is one of the layers of our security and it definitely does protect us from many attack vectors. Between the antivirus scanning, the blocking, and DNSWatch, it is protecting us from a number of attack vectors. It is also provides useful diagnostic tools for identifying and troubleshooting issues. A recent example was when a few LOB network devices were having issues which was affecting operations. ZazaThe ability to search the realtime and historical logs helped me to navigate, zone in, and identify the ultimate issue. It ended up not being the firewall, but fast access to the logs helped me determine and prove that to be the case.

Because of the way it's organized and the user-friendliness of the device, it does make my job managing the firewall profiles and security a lot easier. There's nothing you have to do through the command line. Being able to definitively know what the configuration is, visually, being able to edit it offline without affecting production have all been big time-savers for me. When I had to do two firewalls which had similar configurations it saved me at least 20 hours of setup work. Templates allowed me to create and define a bunch of objects once and use them in both places.

Overall, per month, Firebox will save me four to five hours, depending on if there's something I have to investigate.

The Application Control and web blocker have been very valuable because they let me control the outgoing traffic of my users and keep them off of both productivity wasters and sources of vulnerabilities in my environment. 

I like the High Availability feature because it allows a firewall to fail while keeping the environment up and running.

In terms of its usability, it's very straightforward to use, once you understand the way they look at a firewall and the design choices they made.

The throughput the solution provides is excellent. I have not had any performance-related issues with any of the fireboxes I've used.

I like their management features a lot. Their System Manager server as well the System Manager software make managing them, and tracking changes, very easy and complete. In terms of the reporting, I am just starting to look at the reports in Dimension and they look pretty well-organized and useful.

The product could have some more predefined service protocols in the list, which don't have to manually be defined. But that's very low hanging fruit.

The documentation for the System Manager/Dimension configuration, could be a little bit clearer. The use case where you have multiple sites with multiple firewalls, and one site that has the System Manager server and the Dimension server, wasn't really well defined. It took me a little bit of digging to get that to actually work.

It's pretty rock-solid. I've never had to reboot one because it was acting in an unstable manner and have some that I ran through their entire usable lives without issue.

The scalability is good, assuming you buy the right model. They make it easy to trade up to a bigger model without having a big, financial impact, giving you a discount to trade up. 

The times I've used technical support it was excellent.

I moved from FortiGate. The reasons i switched include price - WatchGuard is a lot more cost-effective than FortiGate - and complexity. FortiGate is very complicated, had little documentation which relied heavily on cookbooks, and a lot of command-line required to get some common things to work. WatchGuard is very well-documented and everything fits within their configuration. Nothing that I've encountered has to be done through the command line. And when your subscription expires on the WatchGuard, it will still pass traffic, if you configure it to. FortiGate will only allow one connection out. 

The initial set up was very straightforward. You take it out of the box, you plug it in, you download the software, and it starts working. That's what I consider to be the initial set up, and that was very easy and very fast.

The deployment took me a total of about 40 hours for two sites, two firewalls, and with an incredibly complicated configuration. The complexity was a product of the environment, not the firewall.

I utilized the template feature to make everything that could be the same, the same across both sites, which are connected locations.

In-house.

They are well priced for the market and offer discounts for competitor trades and model upgrades which are definitely worth taking advantage of.

FortiGate and WatchGuard were the only two I've evaluated recently.

I would definitely recommend using WatchGuard.

I would also recommend taking one of the courses that goes through all the features of the device and the way it is organized. Every firewall vendor looks at things differently. If you don't understand the way WatchGuard is structured, you may make a strategic mistake in setting it up and you'll have to tear some of it down and redo which is true of any firewall. Leanr and use the tools Watchguard  provides.

I used to do everything in WatchGuard through their Web UI but I now use the System Manager software because it is very valuable. It provides a lot of features that I had not realized I was missing. The System Manager Server is able to store previous versions of the configuration, and to force people to enter comments regarding what they changed when they save one. Being able to compare the configurations side-by-side, and have it tell you the differences are great tools that you should know about if you're going to start implementing a WatchGuard.

WatchGuard Firebox is our edge firewall.

Currently, we are using the M470 and we have used many models in the past.

The solution provides our business with layered security. An example would be the intrusion protection on anything that is internet-facing. We host our own mail server and I regularly see that WatchGuard has swatted away attempts to get in from bad actors. I have to have that open because people have to connect on their cell phones. Obviously they have to send and receive mail. So I sleep a lot better knowing that something is watching the few things that I do need to present to the internet. I feel much better having something protecting and monitoring all traffic that passes through.

We have an interesting environment. There is actually a completely separate computer domain, an entirely separate network that belongs to a regulatory body. We work at a casino and our gaming commission has to be able to get into some of our systems and monitor some of our activities. Obviously we don't want them to just plug directly into our network, so we have created a DMZ where they can come into our network via the WatchGuard. That way, I get to see all of their activity as well and monitor what they can get to. We give them access to what they need and nothing more.

The solution also simplifies aspects of my job by having automated reports generated weekly, for review. I like the fact that they get delivered and I get to see the actual metrics of what the box is doing. The reporting features reassure me that it is working.

In terms of saving time, I have used Cisco firewalls in the past and I would say that it is easier to construct policies with WatchGuard than it is in Cisco, particularly Cisco's ASDM (Adaptive Security Device Manager). It probably takes about half the time with WatchGuard. Usually we're just modifying something, adding or removing somebody from a web blocker category. It's very easy to maintain.

As a casino, we have one site and that's it. There are no mobile workers. We usually don't have any remote access and we don't need collaboration tools because we all work in the same building. But now that we're trying to get some people to not come in [due to the Corona virus situation] and we're running on a skeleton crew, we are able to maintain productivity by leveraging the native VPN clients and access provided by WatchGuard. We didn't have to buy anything. We had all the infrastructure ready to go and then I slapped a policy together last Tuesday and we've been using it ever since. It was very easy.

• One of the most valuable features is the Gateway AntiVirus. We scan all traffic as it's coming through.
• We also use spamBlocker to scrub spam.
• We use content filtering, which is critical in any corporate environment to make sure that people don't surf things they're not supposed to.
• WatchGuard has a very easy VPN and branch office VPN setup, so we use those pretty extensively too.

It's very easy to use.

And our internet bandwidth does not exceed its throughput, so it is probably still a little overbuilt. It's definitely not a bottleneck. There is no problem with throughput.

In terms of performance, WatchGuard has always worked well for us. We've gone through about six different models in the last nine years, not all at our primary site. We had a couple of satellite offices that were using smaller models. They have all worked very well. There was only one time that we had a performance issue and it turned out that it was due to a hardware replacement being required, and that was handled expeditiously.

Regarding the reporting, I was in the Dimension server earlier today. It's very powerful. I like it. And the management features are easy to use. I like the fact that I can open up the System Manager client or I can just do it through the web if I'm making a quick change.

WatchGuard could be a little more robust in reporting. I get requests a lot to figure out people's internet traffic. We want to know what people are doing when they are on the internet. There is still a little bit of fine-tuning that can be done to that process.

I took over the admin role here back in 2011, so I've been using it for close to 10 years.

It's very solid. We don't reboot it very often and we don't seem to need to.

We went from a single appliance to a high-availability cluster, just last year. Managing the cluster is just as easy as it was to manage one unit.

It is doing everything we've asked of it so far, but we do plan on increasing usage. There are a few features that came out last year or maybe a little bit before that, features that we want to start using, such as WatchGuard's DNS. That will make sure that we're not asking for any bad players. At the moment we're still using Google DNS. And we haven't rolled out the endpoint security that came with it, but we are going to start using that as well.

I've never had to use their technical support. I've only used their online help. I've been able to find everything I need in the forums and the Knowledge Base.

The initial setup is straightforward. The wizards walk you through it, and I have found an answer to anything that I've ever had a question about in the Knowledge Base online. I don't think I've ever had to call for support personally. The documentation is awesome.

As for setup time, I usually have traffic passing through it within an hour or two. 

I know what traffic I want to allow out and I always start with just the stuff that I need to. I always start with the most restrictive, as far as policies go. The first thing I do is get rid of all the Any-Any rules and then I start locking it down. I love the way that it integrates with Active Directory. I base my internet usage and my web blocker policies on Active Directory security groups, and I can have all of that stuff set up ahead of time before I ever get ready to roll out the appliance itself.

Back in the day, we used to have a warehouse. We used to have a uniform shop that was offsite and I was responsible for setting up the tunnels of those sites. We recently relocated some administrative offices for the tribe that owns the casino that I work for, and we decided when they were moving that we would upgrade the firewall that they had. We purchased a WatchGuard so that it would be manageable, because we were already familiar with it from using it at our site. We dropped it right into place and I had traffic passing through it within minutes. I was done with it, doing all the other rules, within a couple of hours. I was onsite for all of those. I've never preconfigured one and then sent it out into the wild.

We use Variable Path, out of San Francisco. Our rep is Jason Chang. Our experience with them was very good. I would recommend them.

It's hard to measure ROI. But I've never had to go in front of upper management and tell them that we were breached. That is probably the conversation I would least like to have with them.

Otherwise, regarding return on investment, having the infrastructure already here and having more capabilities than we're using right now allow me to react very quickly. As I said, I was able to get some people working from home last week. It literally took us a day from going from zero people with remote access to a core group of about 12 people having remote access.

Getting a WatchGuard for the first three years pays for the hardware. I think it's cheaper to keep doing hardware upgrades at every software renewal, rather than just pay for maintenance to keep a piece of hardware going. I usually tell people that it's really affordable as well, particularly compared to Cisco.

In addition to the standard cost, we usually get the Total Security Suite. We go top-shelf on all of the subscription services.

WatchGuard was brought in by one of my predecessors. I left this company for a little while and went to go work for a credit union, and that was a completely Cisco shop, so I got to experience both of them at different times.

I don't think I've actually used anything other than the Cisco ASA. With the WatchGuard it's easier to create policies, that's for sure. I like the flexible stability of being able to leverage objects in Active Directory. I also like being able to not have to create all my policies using IP addresses, and that I can actually do web domain name lookups every time. That's very handy for large, distributed stuff where you have no idea where the actual source is going to be coming from. The cloud bounces traffic from all over nowadays. So crafting rules with fully qualified domain names, FQDN, is definitely something that I did not have in my Cisco ASA.

The Cisco was a little less confusing and more straightforward. It didn't do all of the things that the WatchGuard does, so in that sense it was a little bit easier to understand. That is particularly true once you start getting into proxy actions and setting up: "Okay, cool. Once this rule gets triggered, what actions have to happen?" I do know a few people who use WatchGuard and they still have to get assistance when they look at that. So I would file that as a con for WatchGuard. Proxy actions can be a little bit complicated.

Invest in some Professional Services. Although you can absolutely pull it out of the box and deploy it — and we've done that before — it's always good to have somebody that you can ask about best practices and run a few scenarios by them. We ended up purchasing four Professional Services from our local reseller. It was good. Although they didn't really provide any answers, they were there to say, "Oh no, you're doing the right thing." It was more reassurance than anything. But I would definitely recommend springing for some Professional Services. That will make the whole process go a lot easier.

A small subset of my staff, maybe three or four people, is involved in deploying and maintaining the solution. They're all IT administrators.

We use it both for VPN tunnels and as a firewall.

Our company runs group homes. There are 140 or so sites and employees are traveling to those sites on a daily basis. They use the VPN tunnels going back to the main office to access the file servers. We also have about 12 remote locations connected by WatchGuards on both ends to create a VPN tunnel, with SD-WAN to allow traffic to go between those two sites, both for the file servers and for the phone system.

It gives us a higher sense of security. There is an easier workflow as well.

I estimate that 50 percent more users use the WatchGuard VPN than use the SonicWall VPN tunnels. Those users are able to work on documents out of the site or increase their workflow and do work while they're onsite instead of doing it later. It saves us a couple of hours per person per week.

Once it's set up, we don't have to touch it that much.

We enjoy its usability very much. It's very easy to use, especially compared to similar products. A lot more users use the WatchGuard appliance now than use the SonicWall appliance because of the ease of usability.

As long as you're using the correct model, since different models have different numbers of allowed tunnels, the throughput is enough.

In terms of management features, we have a Dimension Server set up. It's nice to be able to see where people have gone to and when they have gone there. Overall, the solution makes it easier to manage on my side. Setting up new policies, new devices, and setting up tunnels to the current devices, is easier.

The firewall secures the external perimeter.

There is a slight learning curve.

Beyond that, the only issue we've had in the past two or three years had to do with the number of current tunnel connections, and that was just an issue with our size of Firebox. We got a bigger Firebox. The old one was able to handle the load. It was just that we ran into a licensing issue. We had hit our number of concurrent tunnels. We have a lot of tunnels with the phone system. We have tunnels to and from each site for the phones to be able to talk. It was a little bit of a surprise when we came across this situation, but it's present in the documentation.

It didn't take us long to figure out that that was the reason we were having an issue. It was just our not having the forethought to make sure that what we had was able to expand to meet our needs.

We've been using WatchGuard Firebox for about eight years.

Stability is excellent. We've had no issues with the firewall going down because of the Firebox.

We haven't run into a scalability issue yet. There are over 1,000 employees including several hundred office staff. There are 20-some sites that we have connected. We had to step up to a 470 for the current VPN connections, but as long as we're on the right size Firebox, everything goes pretty well.

Whenever there's a new office site coming up, we typically add a new Firebox. We're looking at putting more Fireboxes in all of the group homes, so that's probably going to be 115 more deployments in the coming years. We plan on continuing to use it, but I don't see any issues with expanding.

We don't work directly with Cisco tech support. We work with a third-party company to handle support that we can't figure out.

We used SonicWall Next or Dell. 

The setup is pretty straightforward. It takes 15 to 20 minutes per box. We have to set up current tunnels and get a static IP address at the sites where we're putting the boxes. It requires one person for deployment and there is very little maintenance needed.

Deploying it to distributed locations is a matter of setting the Firebox up. If it's a replacement Firebox, we set it up with the same policies and ship it to the location. They can take it, unplug the old wires from the old box, put the new wires in, turn it on, and it's up and going.

There were other options. We took a look at Dell but this was the best one at the time. The usability and setup of the WatchGuard were better. Also, the maintenance was very minimal. It's almost nothing.

The other solutions had their features that were nice, but there wasn't anything that really drew us or made it stand out from WatchGuard. We're pretty happy with WatchGuard right now.

There are updates pretty regularly. There haven't been any big changes over the past few years. They've kept working, rather than taking steps backward or making things harder.

We really don't use the firewall too much, we use it more as a VPN. We've got several different networks that we're joining through WatchGuard.

It has made firewall configuration really simple. It doesn't take years of training or certificates to go in and manage it. That's a big deal. We set up our firewall, operating as a VPN. It's bringing several networks together and it made that process easy.

In terms of my job, it's taken so little of my attention. I have worked with Cisco firewalls and they were complex. WatchGuard is easily understood and managed. It's easy to watch traffic go through the network, to look for ports that are closed or open, and to see what's actually moving through the network and what's not. It has made it easy to understand network traffic.

The learning curve is very small in comparison to the Cisco firewall. Within two hours, I was managing WatchGuard, whereas with Cisco it might have taken a month to accomplish that same level of proficiency. As far as the control of traffic is concerned, I spend one or two hours a week on WatchGuard, as compared to about eight hours with the Cisco firewall. It has freed up my time to do other things.

What I like most is the analytical side. It's pretty simple to understand when you want to do any diagnostics on your network. If you want to go in and see what packages are having trouble getting through, what's being held, stalled, etc., it's very easy to use in that way.

In terms of the usability overall, it's pretty simple but, at the same time, it's pretty full-featured in terms of what it can do. We only use part of it, only because that's where we're at right now. But for a small network, for a small organization, especially, it's a complete solution to your firewall needs. It's relatively simple for me to get into and to work with when I need to; if I need to set up an ARP table or to create different reports. For a smaller network with lesser-trained IT people - if they're lucky, they've got one IT guy trying to do it all - it's an excellent size. Whether you've got a few machines or several hundred, it's pretty simple.

One of the things that is always valuable is workshops. It's really hard to get away and do webinars, but what I would like is a selection of webinars. I see WatchGuard comes forward with a webinar where they're going to introduce this or that. I'd like to see a lot more of those and a lot shorter.

On lynda.com I can just point to a video to show me something I need to know how to do; for example, how to merge contacts in Outlook. But it is a ten-minute video. I would like to see more of that kind of learning. I'm sure WatchGuard has got all these videos, has got the webinars and the training sessions. But when I need to know something, I need to be able to get to it quickly. I want an indexed learning system very close to what lynda.com might use. I also want to be able to put questions forward either in a "frequently-asked-questions" forum or by sending them up to the support team for quick reply. 

I want to be able to go to a portal and put in my problem and have WatchGuard bounce back to me with, "Well, this is how we can do it," or "We don't have a solution for that." And then I can go to other vendors to look for a solution.

The more targeted learning system I can have, the better. If I have to schedule a webinar that might take 30 minutes, there's a good chance I'll miss it. I sign up for webinars and it happens that I'm not available because I've got other fires going. The learning has to be there almost at my whim: "I've got a fire burning, I've got to figure out how to put it out. I need a ten-minute video to show me." Those learning sessions have to be available and easily found, when I need them. I have so little control over my schedule on a daily basis, and I'm sure I'm like many others.

One other shortcoming is that there is no backup for it. We really haven't figured out how we might solve that problem. We may want to put a duplicate in. With Cisco, it's not uncommon to have dual firewalls with something our size. That way, if one were to fail, we've always got the other. With WatchGuard, we just have the one box. If that were to fail, we'd probably be really hurting.

I haven't had to look at it in nine months. It just works pretty painlessly. It's very stable. It's kind of invisible.

We haven't hit a limit. We have the wireless running through it, a camera system running through it. There are 50 workstations running through it, as well as servers. I don't have any problems with it whatsoever. 

Tech support is everything for any product. WatchGuard's technical support is up there at eight or nine out of ten. That's really what you're looking for in a product; more than the product itself, it's that support. If it's not there, you can just frustrate yourself to death on solutions. WatchGuard is support is easily available and know what they are talking about.

We were looking for a solution. The engineer that I had knew of WatchGuard and thought it was probably a good idea, and that was the whole strategy. He had worked with it before and he was the lead engineer when we implemented it. He was right about WatchGuard, it is a good product.

We were using Ciscos. They were aged and out of date. They were pretty well done. Our options were to get new Ciscos and get them configured. Of course the deployment and hardware were expensive. And the maintenance or the management, in the long run, was much more expensive.

With the WatchGuard, the initial hardware was less expensive. And the implementation, because it didn't require as much training, was much less expensive. And the management is much less. When I say "much less," I'm talking about 25 percent of the cost of what the similar Cisco would be.

I remember it being somewhat complicated. There were some complications we ran into; it didn't seem to be quite as easy as what we'd hoped. We did have really good support though, from WatchGuard, on the other end, assisting with the setup. That made all the difference in the world. That made it pretty painless. That was the key. 

When you're configuring a new piece of hardware, there's always some little switch that you miss or that just doesn't make sense. When you've got that support on the other end they know exactly where to go... WatchGuard had that.

At first, we were running into some issues configuring it to meet our needs. It was throwing us for a loop for a while. The issue was setting up the correct rules. But from the time we got that done, it just sits there and runs. We've had it 15 months and I haven't seen it in nine months. We got it configured and set up, and it just operates. 

We had it running on the first day, literally within hours. We had a lot of configuration to be done over the next six months, twists here and there. But as far as actually being able to set it up and have a firewall in place, that was done within two or three hours.

There are no costs in addition to the standard licensing fees. It was pretty much, "Get the license and you're good to go for the year."

We looked at Cisco in addition to WatchGuard. We didn't look at anything else.

I wouldn't hesitate to implement this solution. Particularly if you're down to an IT staff of one, this is a really good solution. If you're that small and your IT staff is very limited, then you're probably lacking the onsite expertise to move to a more expensive solution anyway. I would strongly recommend it.

We've got three people who sign in to WatchGuard, me and two others. Beyond that, everybody else is just an end-user. I'm the only full-time IT person we have on staff. We do have a vendor that we use for a lot of our engineering solutions and design. They spend about 12 hours a week on our network.

As for increasing our usage of it, I don't know what all its capabilities are. I deal with problems all the time and I have to come up with solutions for them. I don't foresee any expanded use of WatchGuard. However, it may be that it can solve some of my problems much more simply than some of the other solutions I'm thinking about. But I don't really know how it could at this point, so I'm not seeing us using more of it than we are now.

I would give WatchGuard a ten out of ten. It's simple, easily managed, and it has good tech support compared to other products out there. Because it is a full-functioning firewall, it does everything with full support. You're not buying a cheaper quality of firewall at all. It's full quality, fully functional and has good support.

We have had some difficulty introducing the brand on the market because, in Angola, we have another brand with a more aggressive approach than WatchGuard. The end users prefer other brands like Sophos and Check Point over WatchGuard Firebox. We will soon be an expositor of WatchGuard Firebox. We have some customers that use Panda Security just for endpoints. We have some customers that use WatchGuard Firebox directly or indirectly.

WatchGuard Firebox is the most powerful firewall for Wi-Fi security.

The scalability of the solution needs improvement.

I have been using WatchGuard Firebox for more than one year.

WatchGuard Firebox is a stable solution.

I rate WatchGuard Firebox ten out of ten for stability.

At the moment we are providing support to five customers.

I rate WatchGuard Firebox a nine out of ten for scalability.

The solution’s technical support team is very good. We have always received quick responses from the support team.

WatchGuard Firebox’s initial setup is very easy. The configuration is easy since the solution is user-friendly and has an intuitive platform and dashboard.

The solution is not expensive and customers pay for a yearly license.

We have a direct relationship with the master distributor of WatchGuard Firebox in Angola and Africa. WatchGuard Firebox is the only solution we work with for firewalls and cybersecurity.

When we start WatchGuard Firebox's deployment, we redirect it to the cloud.

Overall, I rate WatchGuard Firebox ten out of ten.

We are WatchGuard partners, and we also use it on our own. We are using it for general firewall purposes and vulnerability management. We are also using some of the additional security stacks such as intrusion detection and so on.

We are one version behind the latest version. We have it on-prem at the moment, but some of our customers have private cloud solutions.

I like intrusion detection the most.

I'm pretty happy with it, but vulnerability management could improve a little bit in comparison to other parts, such as Cisco and so on.

There could also be better reporting. For example, there should be more out-of-the-box management reports. These two improvements would be nice.

I have been using this solution for around 10 to 15 years.

It's stable.

It's scalable, but I haven't compared it with others.

There are five people who are using it from an administrative perspective, but everyone is using WatchGuard because of the VPN.

I haven't interacted with them myself, but my colleagues state that their support line is good.

Its setup is of medium complexity. It's not super easy. Everything is in its right place, but it's not as complicated as other vendors. It's in the middle.

The deployment duration varies. Depending on your needs, it could take a few hours.

It's in the medium range. Its price is pretty good considering the functions and add-ons that are used.

I would advise having a proper look at the features because there are a lot of different versions, scales, and limits on different Fireboxes. You have to decide in advance which one is good for you in terms of performance, future needs, and so on. You shouldn't have too many changes in your landscape. 

I would rate it an eight out of ten.

We use it to protect our web stations and service. 

We established a branch office VPN to our branch office. Since last month, we have added Mobile VPN tunnels to our headquarter.

We have the ability to use it for connecting to our terminal services, then to the Fireboxes, so we can create user-based policies, which are very important at this time. We can control who has access to management servers and machines that are not for general use by users.

We use a normal packet server. We are also using a proxy service and IPS, so all features are possible with these devices. We have seen many attacks from specific IP addresses that were all blocked. Most times, these were IPS traffic port scans. All this traffic is normally blocked from our side.

The solution simplifies my business. Normally, for administration, we are using Watchguard System Manager on Windows since it's easy to create new policies. In a short amount of time, you can create new policies based on new requirements. For example, in the last few months, many requirements changed due to the coronavirus, adding the use of new services, like Office 365, and eLearning tools, like Zoom.

With Firebox, the monitoring is good. On the Dimension servers, I can see where the IP addresses send and receive a lot of the traffic so I can analyze it. I am also able to see where attacks are coming from. It's good to see visually what policies are most in use and which traffic was blocked. Its easy to visualize policies. The dimension server shows which policy is used and the data flow through the firebox.

For our requirements, WatchGuard has very good features available in its software.

It is good for administrating devices. It is reliable and easy to use. Most of the time, the results are what I expected.

The performance of the device is good. The time to load web pages has not been slowed down too much. With additional security features, like APT and IPS, WatchGuard Fireboxes need a moment to check the traffic.

For reporting, we use the Dimension server from WatchGuard where we have many options to analyze traffic. It has a good look and feel on all websites that WatchGuard creates. All pages have the same system, so it's easy to use because the interface is uniform throughout the entire solution.

We are using some of the cloud visibility features. What we use on that cloud is DNSWatch, which checks the DNS records for that site. It is a good feature that stops attacks before they come into the network. For most of our clients, we also run DNSWatchGO, which is for external users, and does a good job with threat detection and response. It is a tool that works with a special client on our workstations. 

Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard.

I'm missing a tool by default, where you can find unused policies. This is possible when a) you adminstrate the firebox with dimension, or b) you connect it to Watchguard's cloud.

We have been using this solution for a long time (for more than a decade).

The stability is very good. I normally only do a reboot of a Firebox when I upgrade the boxes with new software, so they run sometimes two or three months without a reboot.

It is scalable to many environments. With all our locations, we found this solution works.

For the moment, we have around 80 users total at all our locations. The traffic at our headquarters per day is 300 gigabytes.

Our number of Fireboxes has been constant over the last few years, as we don't have new locations. We are a sports organization, so we are not expanding.

WatchGuard's support is very good. Over the years, there have been only one or two tickets that were not solved.

When you start as a new customer, you should start with a bit of support from your dealer so you have some training on the boxes and how to manage them.

Before using WatchGuard, we had a Linux server with iptables. We switched to Firebox because it is much easier to administrate. It has real boxes with a graphical interface, instead of command line administration.

It is relatively easy to set up a new box. In my experience, you have a basic rule set. When you start with a new box, you can quickly make it work, but you always need to specify the services that you need on the boxes. You need some time to create the right policies and services on the box. This is the process for all Fireboxes that you buy.

When you have a small branch office with a small number of policies, you can make them active in production in one or two hours. With complex requirements at your headquarters where you have several networks with servers, web servers, and mail servers which can be accessed from the outside, the configuration will need more time because the number of policies is much higher.

The implenetation was done by the vendor. For us the solution was ok. At this point my knowledge about firewall was not on the level I have today.

It saves me three or four a month worth of time because it stops malware. I don't need spend time removing malware from the client.

I think the larger firewall packages are much better because a normal firewall is not enough for these times. You need IPS, APT, and all the security features of a firewall that you can buy.

We evaluated some other solutions.

Administration of Fireboxes is only a small part of my job. I have been the network administrator since 1997. While the solution does make less work, I still need a little time to monitor all solutions. 

I would rate this solution as a nine (out of 10).

We're a hospital and we use it for developing our incoming and outgoing policies, and we also use it for VPN.

It helps keep unwanted traffic from coming in, or traffic from going out that we don't want to see out there. If we have unwanted traffic coming in, traffic that we don't need as a facility, then we would be opening ourselves up to security problems and vulnerabilities. It helps because malicious attacks coming in are things I don't have to worry about. So far the WatchGuard has done a good job at blocking all that.

In terms of simplifying my job, the simplest device is one that you can put in place and not have to worry about it. That's the WatchGuard. It's there, it's working. I don't have problems with it so it's "out of sight, out of mind."

It also saves me time, by doing what it's supposed to do. I don't have to mitigate problems that it allowed through. I couldn't tell you how much time it has saved me. It really would depend on what kind of problems I might experience.

The policy monitoring and allowing different traffic flows are the most useful features for us; regulating which traffic comes in and out.

In terms of the throughput and performance, we don't have a problem or any bottleneck there. We downgraded the size of our appliance because we're a small facility, and what we had before was actually too big. The one we are now going with seems to be doing a great job.

The management feature is pretty nice.

I'm not really impressed with the reporting side of it. It may be something I just haven't figured out very well, but it's hard to filter down on reporting of the actual valuable information that you would want. There is a lot of information out there so you have to have some kind of tool capture it and then filter through it. So far, I haven't found the reporting side of the WatchGuard to be that user-friendly. I would definitely like to see better reporting tools from WatchGuard. That would be a very high priority for me.

Also, setting up the site-to-site VPN is pretty easy with the WatchGuard, but the client VPN setup is not very friendly. If you have a client-to-device VPN that you need to set up for a mobile user there are different protocols that they will accept but none of them are a plug-and-play type of option.

The organization has had WatchGuard, different versions, for 12 years. I've used WatchGuard, myself, for about seven years. We got the Firebox approximately three years ago.

The stability is great. I've not had any problems. In three years, we've had to restart the device maybe twice. We've had to restart it more than to clear out any cache, because you don't want anything building up in cache memory. But we've only had two problems where we needed to restart the device. And it actually restarts really fast. It doesn't have much downtime at all.

It's used extensively. This is the only firewall we have in the facility, between the hospital, nursing home, and home health. It handles all the traffic that comes from all three campuses here. I don't see us expanding enough to worry about getting another device. This one seems to be doing exactly what it needs to do.

I've only had to use their technical support twice in quite a few years, so it would be hard for me to rate. But they were responsive when I did have a problem. I haven't had any problems with support at all.

I moved here in 2013 and the company was using the WatchGuard at that point.

With this newest device, the initial setup was pretty straightforward. We were able to copy the configuration from the old device. That's a good thing about it: the configuration file is able to transfer from an old device to a newer device and just continue going. It takes a long time to build up different traffic policies, and to make exceptions for different websites. If you had to do that every time you got a new device, that would be a problem. Luckily, with this, you're able to save your configuration file and transfer it to the new device.

The deployment of this new device took 30 minutes, at most. There are only three people in our IT department, but the deployment only required me to be involved. The other two guys are network technicians. All three of us can go in and modify policies or do whatever we need to do, but it generally doesn't take much maintenance.

I got on the phone with WatchGuard to make sure that everything would transfer over and they assured me that it would. And as far as the switching over to the new device goes, most of the planning required was just letting users know that the internet was going to go down for just a little while. We planned it for a period of slow usage here at the hospital where we could bring it all down, copy the config file, move it to the new device, put it in place, and swap the connections over. It came right up. We had to import the new key and got it activated. But other than that, everything worked.

ROI on this type of solution is a hard number to quantify. We've not had a problem so that in itself is a return on investment. If you don't have an issue how do you calculate what your return of investment would be? How do you quantify the peace of mind? But we've not had to spend a lot of time troubleshooting.

The pricing of WatchGuard is probably a little higher than the SonicWall, but it makes up for it in dependability. It's worth it to me, especially since it's not much higher. For just a little bit higher price you get the dependability of the firewall with the WatchGuard brand. 

And with this appliance you also get a certain number of VPN tunnels. With this one, it's something like 500, not that we would even use that many. Whereas with SonicWall, at the time we were using it, it came with 10 and then anything over that had to be purchased.

Money-wise, it's a one-and-done with the WatchGuard. With SonicWall, there were a few things that you had to pay extra for to get. 

The subscription services with the WatchGuard are pretty nice.

I used the SonicWall at another hospital in southwest Arkansas. 

WatchGuard has come quite a way, as far as the Fireware Web UI goes. The GUI application has become better, making it easier to navigate through setting up policies and setting up VPN tunnels, etc. SonicWall had been there quite a while longer than WatchGuard, in terms of being user-friendly. But I can't complain about the WatchGuard now. When I first moved here, it was very cumbersome to navigate through, but with the Web UI it's really improved.

They do have a client that you can connect to the WatchGuard if you want to use that client. It's still kind of clunky for navigating and I very seldom use it anymore. They call it the WatchGuard System Manager. It's not quite as friendly as the Web UI. It's usable, it's just not really friendly. But the Web UI is very well done.

My advice would be go for it. We've not had any problem with it. We've been very pleased, especially with the newer WatchGuard we've put in place. It's very responsive. It works great. It may have a little bit of a curve on learning it, but once you learn it, it's hard to say you'd want to go back to something else.

It took me a little bit to get used to WatchGuard. I was familiar with SonicWall before I moved into this role. But now that I've used it for almost seven years, I've gotten to know it pretty well and it works great. Once you get used to what I would call the idiosyncrasies of WatchGuard, as opposed to the SonicWall, it's pretty easy to configure. Using the WatchGuard web UI also makes it a lot easier to configure.

It provides us with somewhat layered security. It is the firewall between us and the outside world. With our subscription we do have the Gateway AV, so it does watch for things of that nature. We have certain policies in place that help with the layered part of it. But it's just one of many layers. We have other things in place to help, but it's definitely something I wouldn't want to do without.