WatchGuard Firebox Reviews

The primary use case is protection for my network from external access. We also use it for some VPN, but mostly it's for protection. It's mixed usage on about a dozen different connections, a dozen different workstations, and access points.

I don't really worry about individual workstation security as much, anymore. I can depend upon the firewall to control incoming viruses, incoming attacks, bad port usage.

It simplifies my job because I don't have to worry about it on a day-to-day basis, the way I otherwise would. I'm not checking and monitoring each workstation on a minute-by-minute basis. I can check what's going on with the firewall and see how it's being used and where, and if there are any things coming through the logs.

I've built my process around the WatchGuard. I can't say it has saved me time because it's become the defacto process. I don't have anything against which to compare it.

• Intrusion Prevention is my primary focus so that's what I find most useful. The why is straightforward: It's to prevent intrusion.
• The usability is pretty good. 
• The throughput of the solution is also pretty good. I think there is some throttling that occurs.
• It provides me the layered security I need.

There are some features I'd like to see, although they are not standard in any of the products in this class; for example, better monitoring.

I'd like to have better access to workstation monitoring, connection monitoring, and the amount of time an address is being used, to better gauge proper network utilization. If I knew that something was connected to a particular external location for an extended period that seems abnormal, I'd be able to act upon it. It comes down to overall monitoring and reporting for the class of services that I have.

The solution's reporting and management features, based on what I have, are fair. I'd like to see an easier way of managing, controlling, and viewing usage at an IP-address-based level.

It's very stable.

WatchGuard's product line is very scalable, but this particular product is not.

Technical support is pretty good. The online knowledge base is usually the best way to go. But I have had some telephone support as well.

I had been using SonicWall for about ten years. I got a little frustrated with them at around the time that Dell purchased them. The WatchGuard UI is easier to manage and easier to work through. I ultimately became dissatisfied with the service and ongoing costs of the SonicWall devices.

The initial setup was straightforward. They walked me through it. I have enough knowledge to be able to walk through the setup and then tweak it the way I need it. I was able to find anything that was unusual, pretty easily, on the web.

The initial deployment took under an hour. I've spent dozens of hours tweaking it over the years, but nothing out of the ordinary.

The implementation strategy was to set up something that allowed for VPN access, to grow VPN access, and that would protect my workstations against viruses and attacks, as well as my servers. The goal was to simplify everything with one box.

For deployment and maintenance, it's just one person who handles the network, and that is me.

I did it myself.

I'm not sure I could establish a numerical return on investment. It's mostly peace of mind. I could probably do well with a lesser product, but I'm afraid a lesser product would provide significantly less protection.

It costs me about $800 a year. There any no costs in addition to the standard licensing fees.

I looked at some Cisco products. I only upgraded to this latest T35 last year, from the previous WatchGuard item. I also looked at SonicWall and a couple of others.

It's used extensively. Do I plan to increase usage? If I can get better reporting, perhaps. But it's fully deployed and static at this point.

I would rate WatchGuard a seven out of ten. A perfect ten would come from lower costs for small installations for the service licensing, and improved reporting. And maybe some better awareness of what it's capable of doing. It's hard to figure out what I could do. That's a big thing. It's hard to figure out what is possible. What am I not taking advantage of? I've tried to work with people on that, and that's the biggest thing.

We use it to keep people out and we use it for a VPN.

The only thing that we care about is that we're kept safe from any attacks. That is important. The VPN is very secure and that's of huge importance because we have remote users who depend on it to do their jobs. So that's crucial.

The improvement it's provided is to our security. We don't have issues with rogue access, with people coming in here, or having access to our, data who shouldn't. That is huge, of course.

The solution simplifies my job. I don't even have to think about it. Everything is set and I leave it alone. And it just does its job. I would estimate it saves me at least 20 hours a month because I don't have to worry about things. It's set and it just runs.

WatchGuard has increased productivity because our VPN is stable. It's up. It doesn't go down. We used to have an issue with remote connectivity but that's no longer a problem. Having a VPN is very big for us.

• We have firewall policies in place to keep safe from malware and we rely heavily on it for our secure VPN.
• In terms of usability, the web interface is great.
  
• The throughput is great. It's perfect. We have no issues whatsoever.
• The management features are very powerful, although I don't use the reporting features at all.

The software base, the management piece that goes onto a server, is not as user-friendly as I would like. There are three different pieces that you have to manage, so it's a little bit convoluted, in my opinion. For people who use it all the time, it's great. But I don't use the management interface all the time.

Overall, it's powerful enough, so that is something that we can overlook.

It's very stable and it meets our needs. The stability is huge. It's rock-solid.

It's been able to handle anything we've thrown at it so far. We've never had an issue.

We upgrade as the models we have become obsolete. We upgrade to newer ones and they're usually on a three-year rotation, which is fine for us.

I haven't had to use technical support very often, but when I have they've been great.

We tried a software-based solution. I don't even remember what it was now.

The initial setup wasn't too bad. We didn't have any problems with it. It took a couple of hours.

We planned ahead of time, put the policies in place on paper and then tested them out. We then went live with it and fine-tuned it as necessary.

Our reseller helped with deployment. Our experience with them was great. We still use them.

We pay about $3,500 every three years. There are no costs in addition to the standard licensing fees.

We looked into offerings from Dell EMC, from Fortigate, and Cisco. But it was just going to be too much of a nightmare.

Rely on your vendor.

For us, it's in use every day. it's 24/7.

We're not using the solution's cloud visibility feature. That's something you have to pay for, and we haven't. I would love to, but there's a wireless piece and it's just too expensive. They have a wireless product that integrates perfectly with the WatchGuard appliance. But that's just not a reality for us because of the cost of those appliances. We would love to but just can't.

In terms of users, we've got about 15 people worldwide. They do support, testing - all of them use remote access. And then we have our internal users as well. It keeps us safe internally and our remote users are able to work with a reliable connection. It's very reliable.

I'm the only one who manages the firewall. If I need any help, there is a local vendor that helps me out as well. We're a small company but it's been great for us. I'm not that technical but I just know it works.

WatchGuard is a ten out of ten for me, because of its reliability.

Intellectual Property protection for our and our clients' data.  We strategize for deployments of new products into Federal and State healthcare formularies.

I discovered the WatchGuard T-70 could still keep the data near the 1 gigahertz data speed, without compromise on the security perimeters being active simultaneously.  I got that information through my subscription with IT Central Station.  The WatchGuard T70 does not come with WiFi capabilities, offering flexibility for what WiFi devices you prefer.

Default set-ups found on the WatchGuard site and via YouTube are very helpful - the screen for set-up and adding additional features are lists with checkboxes.  Understand what you click before you do so.

The set-up and additional feature screens are old in design and very granular.  You have to know what you are doing.

Stable - However, you need to add APC/UPC battery back-ups to avoid power outages/surges that will mitigate your time for trouble-shooting post-power outage.

Yes, I had a positive experience with tech support.

I previously used FortiGate. I moved from the FortiGate brand on account of when you turn on all of the FortiGate capabilities (80-C & 90-D), the protection is active but your data speeds drop significantly.  We had a Verizon FiOS fiber optic true gigabit subscription.  I noticed data rate drops as our 3rd party support team also noticed.  Upon system review, the function of the reduced data speeds was the Fortigate capacity.  We were literally locking up where we couldn't communicate. So, I went with the WatchGuard XTM T-70.

Go to the WatchGuard site:

>enter the model and serial number of your device

>That loads the site automatically with the provisioning apps, firmware updates and other system checks relevant for that device

> The set-up is nearly automatic

> Once the firmware is updated, the device reboots

> Drill into the site for additional steps and additional software you can activate - you have to know what they are talking about to understand which checkboxes to click and why.

> You can reference the YouTube "JSCM" for extra support and background helps that go beyond the WatchGuard site. 

No vendor team and no "in-house" beside myself.  We are a company of under 30 people, I am an IT dept/System Engineering staff of 1.

I have far less ( 50-75%) less admin time trying to figure out why our system is so slow.  That's gone.  The admin screens are informative, especially the Dimension application, reducing your search time for the information you need to assess what your users and network are doing.

If you are experienced, I can recommend the T70 set-up with minimal support and reference.  Since I am relatively new as a systems engineer/IT design, I have had to reference a lot of online sources and hire an expert familiar with the WatchGuard line of products to help shorten my learning curve and get the system up and running quickly.

Yes - SonicWall, Baracuda and Dell.

When considering a solution like this:

> not only putting data security at the top of my list

> user convenience as the second consideration.

If there's anything extra that I have my users do, I have to really look seriously at those trade-offs.

Our primary use case for this solution is a primary firewall.

The features I found most valuable are probably the built-in VPN functionality and the scalability because they can both be centrally managed. It is very easy to scale. It is also very granular, so you can be as restrictive or as non-restrictive as you like. This means you can be very precise with it.

The area where I think this product can be improved is the user interface and the reporting. It can be quite difficult to find the correct logs and to actually find out what is going on. The digging can be time-consuming.

I have been using this solution for a year now.

I would rate the stability of this solution an eight out of 10, with one being unstable and 10 being very stable.

I would rate the scalability of this solution a 10, on a scale of one to 10, with one being not scalable at all and 10 being very scalable.

We currently have about 200 users.

From my experience with their customer service team, I would say that they seem quite knowledgeable and fairly quick to respond.

Previously, we used FortiGate. FortiGate is a much more mature product. I feel like FortiGate is a lot easier to work with. Firebox, you're able to achieve the same outcomes, but it can be a lot more complicated to do so.

The initial setup can be somewhat complex. I would rate it a six out of 10, with one being not complicated at all and 10 being very complex.

Our deployment was done through a third party.

I would rate their pricing plan a four, which means it's definitely on the cheaper scale.

I would recommend this product, but you need to make sure that you've got the technical capability to work with it because it can be quite complicated. Overall, I would rate this solution a seven out of 10, with one being poor and 10 being excellent.

We use WatchGuard Firebox for the site's firewall and VPN solution. The WatchGuard supports remote gateway and mobile VPNs. WatchGuard Firebox serves as the primary firewall for the site.

The solution has many security features. We have an intrusion provision system and filtering and block filtering. These features have been enabled, and we have created services around them.

WatchGuard has several limitations, particularly concerning throughput and performance, and management, firmware updates, and customer support need improvement. The level of support from WatchGuard is not as good as what we get from Cisco and other vendors. The response time is high even in times of priority issues. 

Moreover, the solution doesn’t have deep filtering. This limitation affects packet analysis, traffic analysis, and traffic monitoring, particularly regarding troubleshooting. On the other hand, Fortinet Firewall offers a deep level of troubleshooting and packet filtering. This allows us to obtain detailed information in scenarios like drops or disruptions to understand where the issue occurred, whether with the customer or on our end.

WatchGuard cannot perform packet captures for multiple IPs simultaneously, restricting us from achieving them individually. Due to these limitations, we are considering migrating to Fortinet.

I have been using this solution since 2018.

The solution is stable, as I have been using a couple of devices without any restart since 2018, and there has been no downtime for these devices.

I rate the solution’s stability a nine out of ten.

I rate the solution’s scalability a seven out of ten.

The level of support from WatchGuard is not as good as what we get from Cisco and other vendors. The response time is high even in times of priority issues. It doesn’t have deep filtering. This limitation affects packet analysis, traffic analysis, and traffic monitoring, particularly regarding troubleshooting. On the other hand, Fortinet Firewall offers a deep level of troubleshooting and packet filtering. This allows us to obtain detailed information in scenarios like drops or disruptions to understand where the issue occurred, whether with the customer or on our end.

Neutral

I would rate my experience with the initial setup around six on a scale of one to ten, one being hard and ten being easy.

WatchGuard is better when compared to other firewalls. It is affordable for a midsized company.

WatchGuard is affordable, with features for individual customers, end-users, and midsized companies. However, big businesses with growth and an increasing workload have to migrate.

I rate the solution’s pricing a four on a scale of ten, one being lowest and ten being highest.

We don’t know much about what's happening in the traffic pattern. We will have the opportunity to configure everything. We can use the firewall for dynamic routing and various other tasks. However, despite its capabilities and offerings, there are still some limitations. WatchGuard doesn’t offer deep-level packet filtering or in-depth packet analysis for companies with numerous applications. WatchGuard is a good solution if you require a comprehensive analysis of your organization’s activities within your budget.

Overall, I rate the solution a seven out of ten.

We are using WatchGuard Firebox for defense of our internal infrastructure.

I wouldn't say that Firebox has improved the way our organization functions, but rather that it protects our organization.

The solution identifies attacks on our services and, as a result, directs our attention precisely to the cause of the problem. As we are not actively watching the traffic ourselves and we completely rely on Firebox to alert us instead, the solution saves us about 30 hours per week.

The most valuable features are WatchGuard’s antivirus, traffic protection, and ease of configuration. I also appreciate their traffic analytics. 

After conducting several tests I found the antivirus is working very well. Additionally, they have a very interesting feature, DNS WatchGuard, which is checking DNS requests for phishing, among other things, and it has caught a lot of unwanted attempts and attacks.

Regarding the management features, the interface is user-friendly, and the instructions are well documented. There is a fast learning curve and everything is intuitive and understandable.

It also provides us with layered security. Firebox protects our traffic, as we have numerous Web Services that are external and which are a priority for us to defend. We don't use the rest as much.

I haven’t dug deeply into the reporting features yet or if they are working well. However, I have generated several reports and there was too much unnecessary information, in comparison with the reporting features in the Sophos firewall. Sophos' reporting is more readable and easier to configure. Having said that, reporting features were not very important for us when selecting a solution. What was important were other types of functionality that WatchGuard Firebox was able to meet.

In addition to the reporting features, I would suggest they work on an SSL VPN gateway.

We have been working with WatchGuard Firebox for about one year. Initially we got an M200 model and then switched to an M470 in a cluster.

In terms of the stability, everything is perfect. We haven’t experienced any issues.

The solution scales intuitively and quickly with any internet, meaning the solution’s protocols support any internet configuration. The connectivity scales in any location.

We could scale it to several companies with up to 100 employees and up to 1 Gb of traffic.

I would rate WatchGuard's tech support at the highest mark of five out of five. I was very pleased with them. We were working with them on the software licensing and opened some tickets related to technical issues. In both cases, they resolved the issues promptly and without unnecessary back-and-forth, unlike when working with the support teams of other vendors.

Before Firebox we used a Sophos firewall. We switched because the WatchGuard firewall offers a broad set of features and parameters that were lacking in the Sophos firewall. Additionally, the WatchGuard solution was cheaper.

WatchGuard has a comprehensive antivirus system included in the firewall and that was important for us. Sophos’ antivirus features were weak, in comparison.

The initial setup was medium in terms of the difficulty of some aspects, such as initially understanding the logic of their security policies. It took several hours to acquaint myself and to fully understand things. The whole deployment took about three days.

We initially had an implementation strategy, but it was adapted according to the recommendations and specifications of WatchGuard.

In terms of the technical aspects, I am the only who works with this solution in our organization.

Initially, we purchased the Firebox just for us but, as of today, we have deployed it to two or three other companies. The client sent us project specs with necessary internet configurations for each device, as well as the physical locations. We replicated their infrastructure in our test environment, configured each device according to their specs, and shipped the device to them. The client then connected the device with a cable to the ports outlined in our instructions and everything worked the first time.

During the deployment we worked closely with WatchGuard’s tech support team and they were very speedy in their responses to us.

The price of the solution corresponds to the quality and the feature set offered. There are no additional costs to the standard licensing fees.

Before selecting WatchGuard Firebox, we evaluated the Cisco FirePOWER firewall and, in comparison, Firebox is much easier to use.

Also, WatchGuard’s solution, in terms of the cost-per-value ratio, is very balanced.

My advice would be to try this product.

As for the throughput, at this point it is hard for us to evaluate it because we don’t have heavy traffic, or at least we do not experience the traffic throughput specified for this model. Our inbound and outbound traffic is 1 Gb and the M470 handles it very well, not even stressing its components.

When it comes to the solution’s Cloud Visibility feature, they need to improve on the reporting. But in terms of the logs, it gives us very good visibility.

Overall, I would rate the solution a strong eight out of 10.

We're a hospital and we use it for developing our incoming and outgoing policies, and we also use it for VPN.

It helps keep unwanted traffic from coming in, or traffic from going out that we don't want to see out there. If we have unwanted traffic coming in, traffic that we don't need as a facility, then we would be opening ourselves up to security problems and vulnerabilities. It helps because malicious attacks coming in are things I don't have to worry about. So far the WatchGuard has done a good job at blocking all that.

In terms of simplifying my job, the simplest device is one that you can put in place and not have to worry about it. That's the WatchGuard. It's there, it's working. I don't have problems with it so it's "out of sight, out of mind."

It also saves me time, by doing what it's supposed to do. I don't have to mitigate problems that it allowed through. I couldn't tell you how much time it has saved me. It really would depend on what kind of problems I might experience.

The policy monitoring and allowing different traffic flows are the most useful features for us; regulating which traffic comes in and out.

In terms of the throughput and performance, we don't have a problem or any bottleneck there. We downgraded the size of our appliance because we're a small facility, and what we had before was actually too big. The one we are now going with seems to be doing a great job.

The management feature is pretty nice.

I'm not really impressed with the reporting side of it. It may be something I just haven't figured out very well, but it's hard to filter down on reporting of the actual valuable information that you would want. There is a lot of information out there so you have to have some kind of tool capture it and then filter through it. So far, I haven't found the reporting side of the WatchGuard to be that user-friendly. I would definitely like to see better reporting tools from WatchGuard. That would be a very high priority for me.

Also, setting up the site-to-site VPN is pretty easy with the WatchGuard, but the client VPN setup is not very friendly. If you have a client-to-device VPN that you need to set up for a mobile user there are different protocols that they will accept but none of them are a plug-and-play type of option.

The organization has had WatchGuard, different versions, for 12 years. I've used WatchGuard, myself, for about seven years. We got the Firebox approximately three years ago.

The stability is great. I've not had any problems. In three years, we've had to restart the device maybe twice. We've had to restart it more than to clear out any cache, because you don't want anything building up in cache memory. But we've only had two problems where we needed to restart the device. And it actually restarts really fast. It doesn't have much downtime at all.

It's used extensively. This is the only firewall we have in the facility, between the hospital, nursing home, and home health. It handles all the traffic that comes from all three campuses here. I don't see us expanding enough to worry about getting another device. This one seems to be doing exactly what it needs to do.

I've only had to use their technical support twice in quite a few years, so it would be hard for me to rate. But they were responsive when I did have a problem. I haven't had any problems with support at all.

I moved here in 2013 and the company was using the WatchGuard at that point.

With this newest device, the initial setup was pretty straightforward. We were able to copy the configuration from the old device. That's a good thing about it: the configuration file is able to transfer from an old device to a newer device and just continue going. It takes a long time to build up different traffic policies, and to make exceptions for different websites. If you had to do that every time you got a new device, that would be a problem. Luckily, with this, you're able to save your configuration file and transfer it to the new device.

The deployment of this new device took 30 minutes, at most. There are only three people in our IT department, but the deployment only required me to be involved. The other two guys are network technicians. All three of us can go in and modify policies or do whatever we need to do, but it generally doesn't take much maintenance.

I got on the phone with WatchGuard to make sure that everything would transfer over and they assured me that it would. And as far as the switching over to the new device goes, most of the planning required was just letting users know that the internet was going to go down for just a little while. We planned it for a period of slow usage here at the hospital where we could bring it all down, copy the config file, move it to the new device, put it in place, and swap the connections over. It came right up. We had to import the new key and got it activated. But other than that, everything worked.

ROI on this type of solution is a hard number to quantify. We've not had a problem so that in itself is a return on investment. If you don't have an issue how do you calculate what your return of investment would be? How do you quantify the peace of mind? But we've not had to spend a lot of time troubleshooting.

The pricing of WatchGuard is probably a little higher than the SonicWall, but it makes up for it in dependability. It's worth it to me, especially since it's not much higher. For just a little bit higher price you get the dependability of the firewall with the WatchGuard brand. 

And with this appliance you also get a certain number of VPN tunnels. With this one, it's something like 500, not that we would even use that many. Whereas with SonicWall, at the time we were using it, it came with 10 and then anything over that had to be purchased.

Money-wise, it's a one-and-done with the WatchGuard. With SonicWall, there were a few things that you had to pay extra for to get. 

The subscription services with the WatchGuard are pretty nice.

I used the SonicWall at another hospital in southwest Arkansas. 

WatchGuard has come quite a way, as far as the Fireware Web UI goes. The GUI application has become better, making it easier to navigate through setting up policies and setting up VPN tunnels, etc. SonicWall had been there quite a while longer than WatchGuard, in terms of being user-friendly. But I can't complain about the WatchGuard now. When I first moved here, it was very cumbersome to navigate through, but with the Web UI it's really improved.

They do have a client that you can connect to the WatchGuard if you want to use that client. It's still kind of clunky for navigating and I very seldom use it anymore. They call it the WatchGuard System Manager. It's not quite as friendly as the Web UI. It's usable, it's just not really friendly. But the Web UI is very well done.

My advice would be go for it. We've not had any problem with it. We've been very pleased, especially with the newer WatchGuard we've put in place. It's very responsive. It works great. It may have a little bit of a curve on learning it, but once you learn it, it's hard to say you'd want to go back to something else.

It took me a little bit to get used to WatchGuard. I was familiar with SonicWall before I moved into this role. But now that I've used it for almost seven years, I've gotten to know it pretty well and it works great. Once you get used to what I would call the idiosyncrasies of WatchGuard, as opposed to the SonicWall, it's pretty easy to configure. Using the WatchGuard web UI also makes it a lot easier to configure.

It provides us with somewhat layered security. It is the firewall between us and the outside world. With our subscription we do have the Gateway AV, so it does watch for things of that nature. We have certain policies in place that help with the layered part of it. But it's just one of many layers. We have other things in place to help, but it's definitely something I wouldn't want to do without.

Our main use case for WatchGuard Firebox is to protect companies from Internet threats.

The most effective and helpful features of WatchGuard Firebox, especially when purchased with the full suite of applications, are its bundled applications and subscriptions for comprehensive protection against various threats. It is essential to renew licensing and subscriptions to safeguard against potential penetrations.

One area for improvement could be making the interface even more user-friendly.

I have been working with WatchGuard Firebox for a couple of years.

WatchGuard support is generally helpful and does a good job, although occasionally I may need to call for clarification on some technical matters.

Other products like Fortinet and Palo Alto have had security flaws, but WatchGuard Firebox fits within the budget of the client.

I also work with Cisco, and Cisco's CLI is highly customizable, though it requires more time to learn initially. Cisco's support is also quite good.

The main difference between Cisco and WatchGuard Firebox is the support structure. With Cisco, you can directly communicate with the manufacturer, while with WatchGuard Firebox, support is through local channels only, without the option to directly contact WatchGuard via email or open a ticket.

Managing WatchGuard Firebox is easy for experienced users. Initial setup and deployment typically take a couple of days, including preconfiguration before installation on-site to avoid potential issues.

The price of WatchGuard Firebox is generally lower than Cisco, making it easier to sell to customers. However, if the price were slightly lower than it is now, it would be even more appealing. Some customers underestimate the importance of the subscriptions included with the boxes, but with experience, I have seen how critical they are for protecting against hackers and data breaches.

WatchGuard Firebox works well for network security, email protection, and phishing prevention. It is cost-efficient and offers features like EDR or XDR without being overly expensive.

Overall, I would rate WatchGuard Firebox as a seven out of ten. It is a solid tool.