IBM Terraform (formerly Hashicorp Terraform) is a cloud infrastructure automation tool used to create, change, and improve production infrastructure, and it allows infrastructure to be expressed as code. It is available Open Source, and via Cloud and Self-Hosted editions.
$0
WatchGuard Network Security
Score 8.7 out of 10
N/A
WatchGuard Network Security is a network security and firewall software. WatchGuard includes secure Wi-Fi, multi-factor authentication, and network intelligence products and services designed for SMB’s.
Anything that needs to be repeated en masse. Terraform is great at taking a template and have it be repeated across your estate. You can dynamically change the assets they're generating depending on certain variables. Which means though templated assets will all be similar, they're allowed to have unique properties about them. For example flattening JSON into tabular data and ensuring the flattening code is unique to the file's schema.
If I had to recommend a business get a firewall, I'd probably suggest Ubiquiti if I'm being honest. They have tons of development and nice to have features with no licensing or subscriptions. For example, if you use their switches and APs to, you can see a diagram of the network and the port each Ubiquiti device is connected to.
WatchGuard firewalls, especially when cloud managed, are very basic. Locally managed fireboxes have much more capabilities than a cloud managed one. Comparing to SonicWall, Cisco, Meraki, and other brands I've worked on, WatchGuard is the least granular in the options you have available to you. Maybe that is intentional so it can appeal to teams who don't want to learn a ton of stuff about firewalls. However, you really need to know the firewall as it's the first line of defense keeping the internet off your network.
I'd like to see the locally managed firewall features in WatchGuard Cloud firstly. Secondly, I'd like the interfaces to be consistent between cloud managed and locally managed.
The language itself is a bit unusual and this makes it hard for new users to get onboarded into the codebase. While it's improving with later releases, basic concepts like "map an array of options into a set of configurations" or "apply this logic if a variable is specified" are possible but unnecessarily cumbersome.
The 'Terraform Plan' operation could be substantially more sophisticated. There are many situations where a Terraform file could never work but successfully passes the 'plan' phase only to fail during the 'apply' phase.
Environment migrations could be smoother. Renaming/refactoring files is a challenge because of the need to use 'Terraform mv' commands, etc.
I'm giving this note to WatchGuard Network Security due to its ease of daily support (after acquiring necessary knowledge in the solution), which allows agility in configuration changes, its integration of several reliable security features (such as SSL VPN, VPN Virtual Interfaces between companies, and others) and functional and stability in operation, with no downtime in the equipment due to problems or malfunctions
I love Terraform and I think it has done some great things for people that are working to automate their provisioning processes and also for those that are in the process of moving to the cloud or managing cloud resources. There are some quirks to HCL that take a little bit of getting used to and give picking up Terraform a little bit of a learning curve, thus the rating
Although it might take some time to figure out, we have been able to use WatchGuard's online reference library and tech support to create/implement/modify all of our filtering rules and exceptions needed. There really has not been a shortcoming other than perhaps a learning curve.
Availability has always been a strong point of this product, it is rare that watchguard does not have a solution for customers' network monitoring needs.
Terraform's performance is quite amazing when it comes to deployment of resources in AWS. Of course, the deployment times depend on various parameters like the number of resources to deploy and different regions to deploy. Terraform cannot control that. The only minor drawback probably shows up when a terraform job is terminated mid way. Then in many cases, time-consuming manual cleanup is required.
The performance of WatchGuard Network Security is very good, in the years that we have used the solution we have only had a single error and Watchguard itself was able to solve it. Furthermore, when purchasing any product, the partner always evaluates the capacity of the solution to recommend the most appropriate product for our needs.
I have yet to have an opportunity to reach out directly to HashiCorp for support on Terraform. However, I have spent a great deal of time considering their documentation as I use the tool. This opinion is based solely on that. I find the Terraform documentation to have great breadth but lacking in depth in many areas. I appreciate that all of the tool's resources have an entry in the docs but often the examples are lacking. Often, the examples provided are very basic and prompt additional exploration. Also, the links in the documentation often link back to the same page where one might expect to be linked to a different source with additional information.
We have only had to contact them once during the initial set up to help bring the internet back on line. After that for the most part our systems have been automated, and could easily be checked form their online FAQ and Knowledge base that they provide. Everything else is easily handled from their browser based interface
We participate to a in person training and the three days of learning was really useful and complete to gain skill to solve the major part of the problem we encounter during our life. And more the in person training give us the opportunity to create a network with other WatchGuard partner.
I had my key information for setting up the firewall, and they assisted me in finding the settings and appropriate places to enter data. They also helped troubleshoot when I didn't understand some of their feature concepts, and we got it running.
Terraform is the solid leader in the space. It allows you to do more then just provisioning within a pre-existing servers. It is more extensible and has more providers available than it competitors. It is also open source and more adopted by the community then some of the other solutions that are available in the market place.
WatchGuard Network Security has a more palatable licensing model and comes at a much more reasonable price for comparable security features. I find the WatchGuard Network Security firewalls in particular to be much easier to configure and manage as well. The service is top tier, particularly when compared to the more enterprise focused vendors. It can take a lot longer to get good support if you aren't a significant sized customer.
This product is very scalable since previously everything related to Watchguard was on premises but that has now changed with the inclusion of watchguard cloud. Now the product has evolved to have full control of firewalls at the cloud level.
we are able to deploy our infrastructure in a couple of ours in an automated and repeatable way, before this could take weeks if the work was done manually and was a lot of error prone.
having the state file, you can see a diff of what things have changed manually out side of Terraform which is a huge plus
if state file gets corrupted, it is very hard to debug or restore it without an impact or spending hours ..
writing big scale code can be very challenging and hard to be efficient so it's usable by the whole team
