pfSense vs. WatchGuard Network Security

I believe PFSense is well suited for both home lab environments as well as up to small to mid-size business environments on a tight budget. However, I would implore that anything in production requires the use of the authorized hardware that PFSense sells to receive support. However, in my experience, PFSense is a solid set-and-forget firewall solution.

I've been impressed to consider how many Watchguard Network products we utilize. Firewall/VPN, Wireless APs, and endpoint antivirus. It makes it easy to diagnose issues and find resolutions with minimal interactions with the end user or their system. Reliability of the network hardware has been superb, and we have minimal issues with their software

Incentivized

• Easy to use. Good user interface design! Easy to understand and easy to set up.
• Lower hardware requirement. 3 years ago, we used an old PC to run it. Now, we have changed to a router device with Celeron CPU and 8GB RAM. It runs smoothly with a 1000G commercial broadband.

Incentivized

• Incoming Torrent attempts were blocked, but outgoing (by a user) were permitted. Similarly, other direct attempts were summarily blocked.
• provides full administrative support for analysis of usage and scope.
• strong Wi-Fi support and security - area wi-fi maps
• They think of all the things secure and I don't have to worry about it.
• I have not identified anything else that needs improvement - I am well satisfied.

Incentivized

• I did kind of mention a Con in the Pro section with OpenVPN.
• When I create a config for an employee other employees are able to login to that config.
• I could be doing something wrong when I am making it - I am not afraid to admit that as I am pretty new to all of this, but it seems like it builds a key and I would think the key would be unique in some way to each employee, but I could be wrong.
• I actually do not have a lot of Con's for this software - I did not get to set this up on our work network so I am not sure of any downfalls when installing.
• I installed this on my personal machine in a Hyper-V environment to get a feel for it before I started working on it at work and it seemed pretty smooth. I didn't run into any issues.

Incentivized

• Sometimes, it is not very intuitive. You'll not know how to use certain features unless you read the documentation.
• Some settings in the firebox are not visible unless you enter edit mode. This can cause inadvertent issues if you make a change when you just want to review the settings.
• The use of blocks in the design of the Firewatch interface can be confusing. A better design could have been used.

Incentivized

I'm giving this note to WatchGuard Network Security due to its ease of daily support (after acquiring necessary knowledge in the solution), which allows agility in configuration changes, its integration of several reliable security features (such as SSL VPN, VPN Virtual Interfaces between companies, and others) and functional and stability in operation, with no downtime in the equipment due to problems or malfunctions

Incentivized

The pfSense UI is easy to navigate and pretty go look at. It is much better than some high dollar firewalls that just throw menus you you. The pfSense UI is quick and responsive and makes sense 99% of the time. Changes are committed quickly and the hardware rarely requires a reboot. It just runs.

Incentivized

Although it might take some time to figure out, we have been able to use WatchGuard's online reference library and tech support to create/implement/modify all of our filtering rules and exceptions needed. There really has not been a shortcoming other than perhaps a learning curve.

Incentivized

Availability has always been a strong point of this product, it is rare that watchguard does not have a solution for customers' network monitoring needs.

Incentivized

The performance of WatchGuard Network Security is very good, in the years that we have used the solution we have only had a single error and Watchguard itself was able to solve it. Furthermore, when purchasing any product, the partner always evaluates the capacity of the solution to recommend the most appropriate product for our needs.

Incentivized

pfSense+ basic provides "As Available" email support. pfSense+ Pro offers 24 hr turn around email support. pfSense+ Enterprise offers 24/7 phone support.

Incentivized

We have only had to contact them once during the initial set up to help bring the internet back on line. After that for the most part our systems have been automated, and could easily be checked form their online FAQ and Knowledge base that they provide. Everything else is easily handled from their browser based interface

Incentivized

We participate to a in person training and the three days of learning was really useful and complete to gain skill to solve the major part of the problem we encounter during our life. And more the in person training give us the opportunity to create a network with other WatchGuard partner.

Incentivized

Online training is good for learning how to use the product. It does not teach security strategy because that is not its intent.

Incentivized

I had my key information for setting up the firewall, and they assisted me in finding the settings and appropriate places to enter data. They also helped troubleshoot when I didn't understand some of their feature concepts, and we got it running.

Incentivized

Meraki has a unified management login for all devices, which is nice. It also has decent content filtering, both areas where pfSense is weaker. Where pfSense far ouclasses Meraki is in the ease of use and the other width of features. These include features such as better VPN interoperability, non-subscription based pricing, auditability, not relying on the infrastructure of a third party, more transparency of what's actually going on, easier to deploy replacements if hardware fails. Additionally, the NAT management for pfSense seems to be a bit better, as you can NAT between any network segment and not just the LAN segments out the WAN interfaces.

Watchguard Network Security is easier to use and more effective that its competitors, with certifications you can trust and a good reputation, we can rest assured that our network security is in good hands. Competitors have also demonstrated poor aftersales support, which has not been the case with WG

This product is very scalable since previously everything related to Watchguard was on premises but that has now changed with the inclusion of watchguard cloud. Now the product has evolved to have full control of firewalls at the cloud level.

Incentivized

• pfSense can be installed on commodity hardware with no licensing fees. With a simple less than 10 minute restore time, on most hardware, it's an extremely inexpensive way to achieve the same results that some of the more expensive vendors provide.
• The easy to use interface has allowed configuration management to be preformed by lower level technicians with quick and easy training.

Incentivized

• The intuitive Web Interface reduces the entry to learning for new techs, so less training is required and inexperienced techs can figure out tasks if they understand basic networking and firewall functions.
• The licensing model for the hardware places them at the top of the list for mid-tier devices that are overpriced. They are barely competitive considering that you can't use a device for more than 5 years no matter what. And the security/maintenance costs are in addition to the hardware costs which are already high compared to other mid-tier brands.

Incentivized