Reviews (1-3 of 3)
May 31, 2016
We exclusively use WatchGuard firewalls for all companies that we support. They are our standard hardware and are deployed when any new customer is taken on. This manages all incoming and outgoing traffic for all sites and also manages all of the site to site VPN tunnels. This addresses the need for a cost effective but secure gateway from the internet to the LAN.
- GUI configuration.
- Security features for the price point.
- Consolidates management of VPN tunnels.
- Support can be hard to work with. While they are typically knowledgeable, there can be a language barrier. Also, most troubleshooting seems intrusive which is a problem in a production environment.
- The throughput of the cheaper models leaves something to be desired.
- Have had some issues running VOIP behind these, but have not been able to narrow down the issues to the phone provider or WatchGuard yet.
Read Hyler C Cooper's full review
I believe that this is a great option for smaller businesses or businesses on a limited budget for IT hardware. I have not seen another firewall appliance that is as user friendly nor as secure at this price point. These would be less appropriate for extremely high bandwidth customers, for example a business on Google Fiber may only get 700mbps depending on the packet inspection and types of rules setup in the firewall.
WatchGuard XTM is the main firewall and web filter at my company. It is used for the entire site and was highly recommended by our sister company in another location. It provides everything a firewall provides, plus intrusion prevention, web content filtering, web monitoring, application control, and even antivirus protection from Internet traffic.
- WatchGuard XTM has a great GUI. It makes policy creation much easier, as well as setting up all the other features included in the WatchGuard. You can use the web interface or install an application to do the same.
- WatchGuard XTM allows you to integrate Active Directory accounts in policy creation. We can apply policies and web control to specific users or groups. For instance, our HR department can view job search sites to recruit, but everyone else is blocked from searching for jobs. Another example is that our IT department can download specific types of files that other users cannot. It makes life much easier.
- The policies are very flexible. Not only can you set policies for specific people or groups, you can set schedules. You can create a lunch hour or weekend policy that is different from normal working hours.
- You do not have to install anything on user workstations to authenticate with the WatchGuard. You can choose to install a client, but it is not required. It is a feature called Single Sign-On. With a small IT department, anything that reduces workload is welcome!
- Our XTM has run for several years and I can't remember having a hardware issue. We have to remember that we need to restart it every now and then. It just runs and runs with no problems.
- Although Watchguard XTM has a wonderful Single Sign-On (SSO) feature that integrates with Active Directory eliminating the need for client installs on workstations, I've noticed it is not always accurate. It is supposed to send the user information as soon as the user logs on, but I've see it keep a previous user's account attached to a workstation even after someone else has signed on. It has not been a major problem, but sometimes a user should have a specific policy, but a different policy is applied because it didn't register that the user changed on that workstation. I actually think it has something to do with DHCP. It ties the user with the IP address. When the IP address changes on a workstation, I've seen it move the user login with it. SSO is a wonderful feature, but it can be improved.
- WatchGuard XTM doesn't keep the best audit logs. It's difficult to tell what changes were made. We have to keep a manual log to record changes.
- Unlike other companies, I am not informed when there are updates to apply. I have to remember to check the site to see if there are newer versions of firmware, or software. There may be an email list I can join, but I haven't seen it.
Read this authenticated review
WatchGuard XTM comes in different models, so you can choose the model best suited for your company size. I think it works well in small as well as very large networks. I have not used this feature, but you can create a "FireCluster" to connect member devices of the same model if you need to put multiple WatchGuard XTMs in your environment. Coming from command line, it took a little adjusting to learn which screen to use to set up the different rules. Once you understand how to set up policies, it is simple to create more. New firewall administrators would appreciate the ease of creating policies, and expert administrators should find everything they need plus extra features.
We are using it as the core HA active/passive firewalls for all network traffic on our corporate network. Each zone is set up and divided into its own zone with policies allowing or denying access between each zone.
- They are simple to set up and configure. With just a few months of experience you can easily deploy any series of XTM in mid to small environments in minutes. I can deploy clustered M5600 in an enterprise within 30 minutes straight from the box, that's easy.
- They are very reasonably priced and competitive in the market. For small and mid-sized businesses it's hard to beat the bang for the buck.
- After setting them up, it's also very easy to fine tune and manage them. The packet monitor is very useful in troubleshooting and I use it to tighten down rule sets.
- Dimension is a great packet analyzer and I think they still offer it as a free tool.
- The UTM package has caused me some issues in the past, specifically IPS and AV at the edge. In my experience when AV at the edge is unable to sync with its third party database the rule fails and will block all traffic by default.
- Some of the default global settings can cause issues. One common one is SYN packet not returning ACK. Turning off this setting will allow packets that don't complete the 3-way handshake to pass. Not the most ideal solution.
- An area that I think could be improved is in application awareness. The only firewall that can do true layer 7 policying is PaloAlto firewalls, that I'm aware of. I think firewalls need to start moving to that and this is an area WatchGuard could add and improve.
Read this authenticated review
Small to mid-sized organizations is the target market for WatchGuard and it's where they fit in best.
WatchGuard XTM - Discontinued Product Scorecard Summary
About WatchGuard XTM - Discontinued Product
WatchGuard XTM is a firewall option, from WatchGuard Technologies.
WatchGuard XTM - Discontinued Product Technical Details