WatchGuard XTM - Discontinued Product
WatchGuard XTM - Discontinued Product
The XTMs I've had experience working with have been amazing, they are by far the easiest firewalls to set up/configure and are so much …
We use WatchGuard XTM across the whole organization and in our branches, the WatchGuard firewall helped us improve administration, branch …
WatchGuard XTM is the main firewall and web filter at my company. It is used for the entire site and was highly recommended by our sister …
We exclusively use WatchGuard firewalls for all companies that we support. They are our standard hardware and are deployed when any new …
We are using it as the core HA active/passive firewalls for all network traffic on our corporate network. Each zone is set up and divided …
Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of WatchGuard XTM - Discontinued Product, and make your voice heard!
Entry-level set up fee?
- No setup fee
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
Would you like us to let the vendor know that you want pricing?
WatchGuard XTM is a firewall option, from WatchGuard Technologies.
Companies can't remove reviews or game the system. Here's why
The XTMs I've had experience working with have been amazing, they are by far the easiest firewalls to set up/configure and are so much nicer to navigate than their competition. The new FireBox models are even better with more features and configurations. This makes it an easy recommendation over other companies.
- User Interface
- Obviously discontinued
- Difficult to replace without upgrading
- Security bundle is a yearly commitment
[WatchGuard XTM] had an easy setup for the interface and great support.
We use WatchGuard XTM across the whole organization and in our branches, the WatchGuard firewall helped us improve administration, branch office VPN, security, link redundancy, browsing filters, user browsing profiles. The administration and configuration is very simple, the online material is extensive, the forums are very helpful and the direct support from WatchGuard is very efficient. The reports and live monitoring works very well and in a detailed way. We have had many security audits and we always get a good rating due to the firewall. As a result of the pandemic, we had to implement teleworking and the mobile VPN helped us to do it without problems, the cloud console for remote configuration is very simple and dynamic. Additionally, applications such as DNSWatch GO and the TDR client give us more security to the computers that are outside the network or the protection of the Firewall.
- Proxy filter.
- Link redundancy.
- Data loss prevention.
The web filter is complicated when you don't have a server to log in users. Companies using static IPs. They have to be clear about the number of users that the company has in order to obtain the correct model since each one has its resources according to the number of users.
WatchGuard XTM is the main firewall and web filter at my company. It is used for the entire site and was highly recommended by our sister company in another location. It provides everything a firewall provides, plus intrusion prevention, web content filtering, web monitoring, application control, and even antivirus protection from Internet traffic.
- WatchGuard XTM has a great GUI. It makes policy creation much easier, as well as setting up all the other features included in the WatchGuard. You can use the web interface or install an application to do the same.
- WatchGuard XTM allows you to integrate Active Directory accounts in policy creation. We can apply policies and web control to specific users or groups. For instance, our HR department can view job search sites to recruit, but everyone else is blocked from searching for jobs. Another example is that our IT department can download specific types of files that other users cannot. It makes life much easier.
- The policies are very flexible. Not only can you set policies for specific people or groups, you can set schedules. You can create a lunch hour or weekend policy that is different from normal working hours.
- You do not have to install anything on user workstations to authenticate with the WatchGuard. You can choose to install a client, but it is not required. It is a feature called Single Sign-On. With a small IT department, anything that reduces workload is welcome!
- Our XTM has run for several years and I can't remember having a hardware issue. We have to remember that we need to restart it every now and then. It just runs and runs with no problems.
- Although Watchguard XTM has a wonderful Single Sign-On (SSO) feature that integrates with Active Directory eliminating the need for client installs on workstations, I've noticed it is not always accurate. It is supposed to send the user information as soon as the user logs on, but I've see it keep a previous user's account attached to a workstation even after someone else has signed on. It has not been a major problem, but sometimes a user should have a specific policy, but a different policy is applied because it didn't register that the user changed on that workstation. I actually think it has something to do with DHCP. It ties the user with the IP address. When the IP address changes on a workstation, I've seen it move the user login with it. SSO is a wonderful feature, but it can be improved.
- WatchGuard XTM doesn't keep the best audit logs. It's difficult to tell what changes were made. We have to keep a manual log to record changes.
- Unlike other companies, I am not informed when there are updates to apply. I have to remember to check the site to see if there are newer versions of firmware, or software. There may be an email list I can join, but I haven't seen it.
WatchGuard XTM comes in different models, so you can choose the model best suited for your company size. I think it works well in small as well as very large networks. I have not used this feature, but you can create a "FireCluster" to connect member devices of the same model if you need to put multiple WatchGuard XTMs in your environment. Coming from command line, it took a little adjusting to learn which screen to use to set up the different rules. Once you understand how to set up policies, it is simple to create more. New firewall administrators would appreciate the ease of creating policies, and expert administrators should find everything they need plus extra features.
We exclusively use WatchGuard firewalls for all companies that we support. They are our standard hardware and are deployed when any new customer is taken on. This manages all incoming and outgoing traffic for all sites and also manages all of the site to site VPN tunnels. This addresses the need for a cost effective but secure gateway from the internet to the LAN.
- GUI configuration.
- Security features for the price point.
- Consolidates management of VPN tunnels.
- Support can be hard to work with. While they are typically knowledgeable, there can be a language barrier. Also, most troubleshooting seems intrusive which is a problem in a production environment.
- The throughput of the cheaper models leaves something to be desired.
- Have had some issues running VOIP behind these, but have not been able to narrow down the issues to the phone provider or WatchGuard yet.
I believe that this is a great option for smaller businesses or businesses on a limited budget for IT hardware. I have not seen another firewall appliance that is as user friendly nor as secure at this price point. These would be less appropriate for extremely high bandwidth customers, for example a business on Google Fiber may only get 700mbps depending on the packet inspection and types of rules setup in the firewall.
We are using it as the core HA active/passive firewalls for all network traffic on our corporate network. Each zone is set up and divided into its own zone with policies allowing or denying access between each zone.
- They are simple to set up and configure. With just a few months of experience you can easily deploy any series of XTM in mid to small environments in minutes. I can deploy clustered M5600 in an enterprise within 30 minutes straight from the box, that's easy.
- They are very reasonably priced and competitive in the market. For small and mid-sized businesses it's hard to beat the bang for the buck.
- After setting them up, it's also very easy to fine tune and manage them. The packet monitor is very useful in troubleshooting and I use it to tighten down rule sets.
- Dimension is a great packet analyzer and I think they still offer it as a free tool.
- The UTM package has caused me some issues in the past, specifically IPS and AV at the edge. In my experience when AV at the edge is unable to sync with its third party database the rule fails and will block all traffic by default.
- Some of the default global settings can cause issues. One common one is SYN packet not returning ACK. Turning off this setting will allow packets that don't complete the 3-way handshake to pass. Not the most ideal solution.
- An area that I think could be improved is in application awareness. The only firewall that can do true layer 7 policying is PaloAlto firewalls, that I'm aware of. I think firewalls need to start moving to that and this is an area WatchGuard could add and improve.
Small to mid-sized organizations is the target market for WatchGuard and it's where they fit in best.