We run education organizations. We have students and staff working on campus. We wanted to be protected within the campus as well as outside the campus.
I am using WatchGuard Firebox XTM 850, and I have its latest version.
We run education organizations. We have students and staff working on campus. We wanted to be protected within the campus as well as outside the campus.
I am using WatchGuard Firebox XTM 850, and I have its latest version.
In terms of users within the campus, the policy-based usage helps us where we allow something during the daytime, something after school hours, and something during the night. In terms of outside the campus, it helps us in monitoring our mail services. All our deployments are protected from external users.
Policy VPN, site-to-site VPN, traffic monitoring, anti-spam filters, and all other advanced features are valuable.
The way Secure Sign-On authentication is happening needs to be improved. When the Secure Sign-On portal is turned on, anybody who comes into the campus, whether he or she is a staff member or a guest, has to go past the initial portal. One of the shortcomings is the username. It shouldn't allow permutations or combinations with upper or lower cases. For example, when there is a username abc, it shouldn't allow ABC or Abc. It should not allow the same username, but currently, two separate people can go in. Therefore, its authentication or validation should be improved, and the case sensitiveness should be picked up. If I have restricted someone to two devices, they shouldn't be able to use different combinations of the same username and get into the third or fourth device. It shouldn't allow different combinations of alphabets to be used to log in.
I have been using WatchGuard solutions for the last ten years.
It is very stable.
It is scalable. We have about 1,200 users at this point in time, but the number of devices exceeds 2,200. There are multiple devices per person in today's world. A staff member is using three or four devices, and students are using at least two, which makes it 2,500 or 3,000 devices.
Their technical support is very good. You get a response within 15 minutes to an hour at the max.
We had Cisco ASA Firewall. It was a very simple firewall.
Its initial setup is very straightforward. It took 30 minutes.
A consultant from WatchGuard was there. He showed it once, and our people could do it easily. They have deployed it again and again. It is pretty simple.
You just need one person for its deployment and maintenance. Security personnel is the one who manages it.
They have an annual subscription license. Initially, we had opted for three years. After that, we went for another three years, and after that, we have been doing it yearly. They also have a license for five years.
We evaluated SonicWall, Palo Alto, and Cisco, but this was the best.
I would rate this solution a nine out of ten.
Our primary use case is VPN connectivity between 50 locations and our headquarters.
It saves us a lot of money over MPLS connections, about $125,000 per year.
WatchGuard provides us with one of our layers of security. The HTTPS proxy is where a lot of things get trapped.
The most valuable are the VPN and proxy features. We have all the sites we have to connect and that's how we do it.
I've been using it for so long so I'm pretty used to it. But I think it's fairly simple to use and understand. It helps if you're an IT expert. There isn't much of a learning curve if someone has an understanding of connectivity and firewalling. If they don't, there is certainly a learning curve.
The throughput is excellent. It's only limited to our bandwidth. We haven't had any trouble with throughput. The throughput of the firewall, in all cases, seems to be better than the bandwidth available. It's not the bottleneck.
I don't use the reporting features a whole lot, but Dimension is pretty good.
It's very hard to get information from their website, for exactly what I need to do. Sometimes I end up having to open a lot of support tickets. It's either too detailed or not. I never have good luck with their online tools. It's a navigational issue which makes it hard to find what I'm looking for and it's just so broad.
In addition, I have had a ticket in for an awful long time regarding a bug that they should address. If you're using a firewall as a DHCP server, it doesn't keep a good record of the leases. I opened a ticket on this about two years ago, and every couple of months I get an email back that it's still under engineering review.
They're very stable. I've had one firewall fail at 50 locations in the last ten years.
Scalability for me would mean, as we add more branch locations, the firewall here can support all of those VPN connections, and I'm not even scratching the service of what it can hit. It's very scalable.
Tech support has been good. It's gotten a lot better the past few years; it's very much improved. Twelve years ago it was the worst. Now, it's very good. They get back to me in a day if it's nothing critical. And I don't ever really have to escalate. They're pretty resourceful and understand their product.
Previously, I built a Linux box.
The initial setup is very straightforward. I've done it so many times that I could do it in my sleep. It's pretty simple to run through the GUI and get a quick setup. It's like if you asked me, is it hard to drive a car? I've been driving a car so long I don't know any other options. It takes me maybe an hour to set one up and get it ready to send out. At that point, it's fully configured. It's just plug-and-play when it gets to the location.
I, or one of my IT guys, will often have to be onsite. We'll send one out to a branch, then we'll have to walk the warehouse manager through how to plug things in. Deploying it to distributed locations consists of plugging it into the modem and plugging it into the network, assuming I programmed it correctly.
Deploying it requires just one person. We have three people in the IT group maintaining the entire network, but it's mostly me. It takes me about five hours a week.
ROI is very abstract for a security tool. As far as being able to create VPN tunnels versus having it managed by another vendor, as I said, it saves us about $125,000 a year, maybe a little more. Even comparing it so an SDYN solution from an outside vendor, it's a lot less expensive.
We only license our corporate one and the one we have at our DR site, we don't worry about the branches. It doesn't pay for us to license the ones at the branches. What they charge for what they call basic maintenance is extremely high for those little fireboxes. So we don't bother with them.
They're good machines. They're fairly easy to configure and they're stable.
We mostly use the M400 at corporate and at our branch offices we use T35s, T30s, and XTM25s. In terms of additional usage, I'm looking at the management console and, possibly, the drag-and-drop VPNs.
I would rate it at nine out of ten. The documentation makes it a little hard to find what I need sometimes.
The tool's most valuable feature is the dashboard.
The solution needs to improve its accessibility.
I have been working with the solution for four months.
I rate the tool's stability an eight out of ten.
My company has three users for WatchGuard Firebox.
I rate WatchGuard Firebox a five out of ten.
Our primary use cases for WatchGuard Firebox are routing and VPN, including the integrated firewall. We do not use the SSO system or any other router features.
WatchGuard Firebox was able to help our organization during the pandemic as we were obligated to work from home. We were working remotely, so the VPN feature of WatchGuard Firebox allowed remote work.
The most valuable feature of WatchGuard Firebox is the VPN. It's easy to connect to the VPN.
The user interface for WatchGuard Firebox has room for improvement. Right now, it's a bit complex to work with and could be easier. I like Fortigate better because its user interface is nicer and easier to work with than WatchGuard Firebox, so improving the user interface would be great.
I've used WatchGuard Firebox for two to three years and still use it at work.
WatchGuard Firebox is a nine out of ten in terms of stability.
In terms of scalability, WatchGuard Firebox is an eight out of ten.
I didn't have to call the WatchGuard Firebox technical support team, but the support on the website is a six out of ten.
Neutral
The company used Fortinet before using WatchGuard Firebox, though I don't have information on which Fortinet product and why the company switched to WatchGuard Firebox.
I wasn't involved in the deployment of WatchGuard Firebox because I wasn't there when the company chose the product. I just learned to love it.
WatchGuard Firebox was great for remote working, but I have no information on its ROI.
I have no information on WatchGuard Firebox costs.
My company uses WatchGuard Firebox. There's a Watchguard router for the internet and three sites on WatchGuard.
I'm using WatchGuard Firebox M440.
The product is deployed on-site.
I can recommend WatchGuard Firebox to anyone looking into implementing it, but I cannot advise on how to implement the product for your network or environment.
My rating for WatchGuard Firebox is eight out of ten.
My primary use case is for my network security even when I am out of the office.
WatchGuard Firebox has improved our organization one hundred percent from before we started using it.
I have found the DNS Watch feature for intrusion and prevention response and APT Locker most valuable to me.
I would like to see more training become available for us. I would like to see the port conflicts improved.
I have been using WatchGuard Firebox for the past five years.
The stability is good.
There is excellent scalability and we are using it at full capacity.
The initial setup is quite complex and difficult, especially for first-time users. You need to go on the website and study it before you start using the policy manager. Once you start using the policy manager it becomes easier.
We used a third party and the deployment time takes less than ten minutes.
The return on investment is that it saves us a lot of time from intruders creating problems.
The licensing can be a one-time purchase unless you need the extra services for example twenty-four seven support.
I did try pfSense and FortiGate and decided WatchGuard Firebox was what I needed.
I would rate WatchGuard Firebox a nine on a scale of one to ten.
We primarily use WatchGuard Firebox like a typical firewall, to protect ourselves from outside and inside threats.
I have the WatchGuard Firebox M270, deployed on-premise.
WatchGuard Firebox improved our organization by acting as a firewall, with all the specific components of one. If you have an antiviral solution, you can see how many were blocked; from where they were blocked; what the statistics are on the areas that the attacks came from; and if there are attempts, or if they do get through the firewall, where they came from and where they went. You know exactly what to look for, to see if there is any kind of penetration inside your system, or if anything has been compromised, and you can take any measurements against these threats.
All of the features have been valuable. There's nothing on my M270 that I'm not using. If you have remote access, you can see how many users are coming from the outside world to be connected to the systems, through the virus systems that we have behind the firewall, in order to gain access to their files and do their work. We can also see how long they stay online and whether these connections are closed forcefully or for any other reasons, such as a glitch or some kind of misbehavior, to see if internet traffic is optimized and if that particular traffic is under company policies, concerning which websites were visited.
There's always room for improvement, especially if the threats are getting more sophisticated and the IT department cannot sufficiently meet this kind of sophistication with their own knowledge and experience. Knowing that this solution can get up to the level of addressing a lot of these threats is something that everybody wishes for. If we look at the dark web and the lawful web, they are two opposites, and if these two good and bad collide in the world of the internet, you want the best possible product—especially if you cannot get to that point of knowledge. I am just an individual and end user, with limited knowledge of usage. That's why I say there's always room for improvement, from their side and also from mine, because by knowing exactly what they can achieve and the knowledge that they can get on an everyday basis, and the portion that is understandable to me, it's an improvement for them as well.
Most of the features that I have right now are more than okay with me, but something like a better interface is always worth suggesting. Also, things like computer-based training on firewalls and specific solutions—especially in things that have been deployed on every new version—is usually something that we need to see in order to understand what, exactly, these people have created for us.
I have been a WatchGuard user since 2004.
This solution is stable.
I am the only one who maintains the firewall—we don't have a team to handle it.
This solution has been scalable to the level that my company wants.
Behind the firewall, we have 60 users. On a daily basis, there are approximately 40 to 45 users in the office: they are people from the purchasing department, technical department, accounting department, operation department, etc.
In general, their support is okay, and nothing fancy. We have had a few chats and a few cases on several things that I wanted to do by myself, but needed some guidance on. The speed is not the speed of light, but we are getting through to what we want to have within a day or so.
I don't have any comparison to make with a solution that's on the same level as WatchGuard Firebox. We had some experience with all of the Cisco firewalls, but they didn't have the same level of security that we have with our existing firewall. Those were quite old, so I cannot really compare that old technology with something that is so new.
The initial setup was quite straightforward because we are a small company. We have 50 people working at this company, so it's a rather small installation with no fancy or complex configuration. The deployment took an hour or so, but from that point on, there have been numerous hours of work to get up to the point we're at now with our firewall solution.
It's quite easy to deploy because the initial installation doesn't involve many fancy things. Out of the box, it's quite clear that it has features that need to be blocked, and these features have already been blocked by default, to help anybody deploying this solution. It's like having 35%-40% of your configuration ready, so you only need to add another 25%-30% to reach approximately 70% of your full configuration, which takes no more than a couple of hours. The additional 30% are the small, exact things and the prediction correction, the things that are usually done on a firewall solution in the following hours, days, months, years by the users of the device. However, you can reach the level that you personally believe in, 100%, within a matter of days if you know exactly what you need to do.
I implemented this solution all by myself, since I was lucky enough to have basic firewall knowledge. Our implementation strategy was to get to the level, as fast as possible, where I could meet the minimum requirements of the company, concerning its firewall policy.
I have definitely seen a return on investment. To be exact, you cannot really value the return of investment on this kind of product because an IT product usually delivers services that cannot really be measured in money. Rather, it can be measure in things that we can do and things that we cannot do. So, money-wise, you cannot really measure it, but if I'm measuring it on things that I wanted to achieve with a device, there was a 100% return back.
The licensing contract we have is on a three-year basis. There aren't any costs in addition to the standard licensing fees—usually, every three years, we just purchase or renew the same license and we are okay. Every six years, we completely change the firewall, but that's the usual schema. So after three years, we just renew the licenses for another three years, and then after that particular period of time, we just purchase another firewall equivalent to the ones that we currently use.
I rate WatchGuard Firebox an eight out of ten.
This is a solid device and it delivers what it says. It doesn't do fancy or extraordinary things, but it does delivery exactly what it's supposed to deliver.
Our primary use cases are for the firewall and for limited routing for small to medium-sized businesses.
I had a client that was saturated with RDP, remote desktop attempts, while using a standard low, consumer-grade firewall. Putting in WatchGuard allowed me to drop a lot of that traffic and reduce a lot of load on their otherwise poorly performing Internet connection.
Reporting PCI and HIPAA compliance reporting, firmware updates, cloud-based firmware updates all make for visibility within the client site much easier. I can provide comprehensive reporting on user activity and user behavior which goes along with user productivity. It has excellent mobile SSL VPN capabilities that have allowed for very rapid deployment of remote workers during our current situation.
As a whole, it has a very low requirement for ongoing interaction. It's very self-sufficient. If properly patched, it has very high reliability. The total cost of ownership once deployed is very low.
It absolutely saves us time. All firewalls can be deployed with a very basic configuration in a reasonable amount of time. The uniform way in which WatchGuard can be managed allows for the deployment of much more comprehensive configurations more quickly. When it comes to troubleshooting and identifying any kind of communication issue, they use a hierarchal policy layout. It allows you to manipulate the order of precedence, simplifying troubleshooting by tenfold. Compared to a competitor, I spend less than 10% of the amount of time on WatchGuard that a similar task would take on a Meraki, a FortiGate, or a SonicWall.
The most valuable features are:
With most Internet traffic being encrypted, it is much more difficult for firewalls to detect threats. Some of the advanced features, such as the APT Blocker and the advanced threat protection, use advanced logistics to look for behavioral, nonpattern related threats. And the threat detection and response has the capability of working with the endpoints to do a correlated threat detection.
For most people, they don't think about one workstation having a denied access, but when multiple workstations throughout a network have requests that are denied in a short period of time, one of the only ways you can detect that something nefarious is going on is through a correlated threat detection. And WatchGuard has that capability that integrates at the endpoint level and the firewall together, giving it a much better picture of what's going on in the network.
It is the single easiest firewall to troubleshoot I have ever worked with. It deploys very rapidly in the event that a catastrophic failure requires the box to be replaced. The replacement box can be put in place in a matter of minutes. Every single Firebox, regardless of its size and capability, can run the exact same management OS. Unlike some of the competitors where you have dissimilar behavior and features in the management interface, WatchGuard's uniform across the board from its smallest appliance to its very largest, making it very, very simple to troubleshoot, recover, or transition a customer to a larger appliance.
It absolutely provides us with layered security. It has one of the most robust unified threat bundles available with Gateway AntiVirus, APT Blocker. It does DNS control. It does webpage reputation enabled defense. It effectively screens out a lot of the threats before the user ever has an attempt to get to them.
Externally it does a very good job of identifying the most common threat vectors, as well as different transported links, attachments, and things of that nature because of the endpoint integration. It helps protect from internal and external threats, along with payload type, and zero-day threats.
The cloud visibility feature has improved our ability to detect and react to threats or other issues in our network. It has improved firmware upgrades and maintenance reporting as well as investigating and detecting problems or potential threats.
It has reduced my labor cost to monthly manage a firewall by 60%.
The data loss protection works well, but it could be easier to configure. The complexity of data loss protection makes it a more difficult feature to fully leverage. Better integration with third-party, two-factor authentication would be advantageous.
I have been using WatchGuard Firebox for fifteen years.
We mostly use the T series: T30s, T70s, some M3, and 400 series.
It is the most stable firewall I work with. The incidence of failure is very low, maybe once every two years.
It's very scalable. Because it has the unified configuration interface and the unified tools, or the common tools that are used from the smallest to the lowest, a ton of time and configuration, and thereby money, is saved during an upgrade, for example. The time to take an upgrade to a new appliance is a fraction of the time it would be with a competitor because of the direct portability of the configuration from the prior firewall.
We have one engineer and one part-time technician to maintain approximately 75 WatchGuards for limited, physical installations and onsite. It is very reasonable for one or two engineers to manage 200 to 300 WatchGuards. It's very reasonable.
We have just a single location in which we do use the T70 box and WatchGuard is in place at 95% of our clientele. We do not replace viable commercial-grade solutions until such time that they are ending their licensing or whatever. We do not replace FortiGates or SonicWalls while they're still viable. However, when the opportunity to replace one arises, it is our first suggestion to the client.
I do not or have not had to use technical support very often, but I find it to be excellent. They're very responsive and very knowledgeable. I get engineers from a similar time zone. They're very skilled engineers and very invested in end-user satisfaction. Even though they are 100% channel-driven, they take end-users satisfaction very seriously.
The complexity of configuring a Sonic Wall, for example, is much, much greater than that of a WatchGuard. Identical tasks can be completed in a WatchGuard in a fraction of the time as a SonicWall. When comparing similar models, the performance of Meraki is far inferior to the WatchGuard. Its capabilities are inferior to WatchGuard. It's a simple cloud interface. Meraki's simple cloud interface is probably more appropriate for a less experienced engineer. FortiGate lacks some advanced features that WatchGuard has, but my predominant issue with FortiGate is that when all the unified threat management utilities are enabled, performance on FortiGate is inferior. Although it has capabilities, when fully enabled it does not perform as well as WatchGuard.
The initial setup is very straightforward. I'm able to deploy a standard template after activating the device. The activation is very simple and takes just a few minutes. Then a base configuration can be applied once the firmware has been updated and a box can be prepared for initial deployment within 7 to 10 minutes after it boots.
It took 45 minutes to set up.
In terms of the implementation strategy, I have an implementation baseline of minimum acceptable settings and then it is adjusted based on client needs.
We deploy it to distributed locations in one of two ways. The device can be drop-shipped to the user or the endpoint and a cloud configuration deployment can be pushed to the box. My preferred method is to receive the box, perform a firmware update and a base configuration, and then ship the box.
I would recommend working with a partner for an expert-level deployment. It greatly reduces the time to deploy it. An experienced engineer can then deploy the product very rapidly and can often provide instruction on how best to maintain the product. But otherwise, the deployment is very straightforward.
They are very low maintenance, they have a very high rate of my end-user satisfaction. I'm able to provide excellent levels of service to my end-users and my customers. I would say that they have a very high value and a good return on the investment.
Generally speaking, I find the three years of live and total security to be the best option. By going with their total security, you do get the endpoint protection component of the threat detection and response. Typically the trade-in options, depending on your prior firewall, are options that they should request or pursue when dealing with their provider. Those programs are usually available, but they're not always offered by a provider unless you ask.
I would rate WatchGuard Firebox a ten out of ten.
We use it to keep people out and we use it for a VPN.
The only thing that we care about is that we're kept safe from any attacks. That is important. The VPN is very secure and that's of huge importance because we have remote users who depend on it to do their jobs. So that's crucial.
The improvement it's provided is to our security. We don't have issues with rogue access, with people coming in here, or having access to our, data who shouldn't. That is huge, of course.
The solution simplifies my job. I don't even have to think about it. Everything is set and I leave it alone. And it just does its job. I would estimate it saves me at least 20 hours a month because I don't have to worry about things. It's set and it just runs.
WatchGuard has increased productivity because our VPN is stable. It's up. It doesn't go down. We used to have an issue with remote connectivity but that's no longer a problem. Having a VPN is very big for us.
The software base, the management piece that goes onto a server, is not as user-friendly as I would like. There are three different pieces that you have to manage, so it's a little bit convoluted, in my opinion. For people who use it all the time, it's great. But I don't use the management interface all the time.
Overall, it's powerful enough, so that is something that we can overlook.
It's very stable and it meets our needs. The stability is huge. It's rock-solid.
It's been able to handle anything we've thrown at it so far. We've never had an issue.
We upgrade as the models we have become obsolete. We upgrade to newer ones and they're usually on a three-year rotation, which is fine for us.
I haven't had to use technical support very often, but when I have they've been great.
We tried a software-based solution. I don't even remember what it was now.
The initial setup wasn't too bad. We didn't have any problems with it. It took a couple of hours.
We planned ahead of time, put the policies in place on paper and then tested them out. We then went live with it and fine-tuned it as necessary.
Our reseller helped with deployment. Our experience with them was great. We still use them.
We pay about $3,500 every three years. There are no costs in addition to the standard licensing fees.
We looked into offerings from Dell EMC, from Fortigate, and Cisco. But it was just going to be too much of a nightmare.
Rely on your vendor.
For us, it's in use every day. it's 24/7.
We're not using the solution's cloud visibility feature. That's something you have to pay for, and we haven't. I would love to, but there's a wireless piece and it's just too expensive. They have a wireless product that integrates perfectly with the WatchGuard appliance. But that's just not a reality for us because of the cost of those appliances. We would love to but just can't.
In terms of users, we've got about 15 people worldwide. They do support, testing - all of them use remote access. And then we have our internal users as well. It keeps us safe internally and our remote users are able to work with a reliable connection. It's very reliable.
I'm the only one who manages the firewall. If I need any help, there is a local vendor that helps me out as well. We're a small company but it's been great for us. I'm not that technical but I just know it works.
WatchGuard is a ten out of ten for me, because of its reliability.