WatchGuard XTM - Discontinued Product

WatchGuard XTM has a great GUI. It makes policy creation much easier, as well as setting up all the other features included in the WatchGuard. You can use the web interface or install an application to do the same.

WatchGuard XTM allows you to integrate Active Directory accounts in policy creation. We can apply policies and web control to specific users or groups. For instance, our HR department can view job search sites to recruit, but everyone else is blocked from searching for jobs. Another example is that our IT department can download specific types of files that other users cannot. It makes life much easier.

The policies are very flexible. Not only can you set policies for specific people or groups, you can set schedules. You can create a lunch hour or weekend policy that is different from normal working hours.

You do not have to install anything on user workstations to authenticate with the WatchGuard. You can choose to install a client, but it is not required. It is a feature called Single Sign-On. With a small IT department, anything that reduces workload is welcome!

Our XTM has run for several years and I can't remember having a hardware issue. We have to remember that we need to restart it every now and then. It just runs and runs with no problems.

Although Watchguard XTM has a wonderful Single Sign-On (SSO) feature that integrates with Active Directory eliminating the need for client installs on workstations, I've noticed it is not always accurate. It is supposed to send the user information as soon as the user logs on, but I've see it keep a previous user's account attached to a workstation even after someone else has signed on. It has not been a major problem, but sometimes a user should have a specific policy, but a different policy is applied because it didn't register that the user changed on that workstation. I actually think it has something to do with DHCP. It ties the user with the IP address. When the IP address changes on a workstation, I've seen it move the user login with it. SSO is a wonderful feature, but it can be improved.

WatchGuard XTM doesn't keep the best audit logs. It's difficult to tell what changes were made. We have to keep a manual log to record changes.

Unlike other companies, I am not informed when there are updates to apply. I have to remember to check the site to see if there are newer versions of firmware, or software. There may be an email list I can join, but I haven't seen it.

The cost and maintenance renewals WatchGuard XTM are much MUCH lower than the leading firewall brand. When we switched we had an ROI within the second year.

They are simple to set up and configure. With just a few months of experience you can easily deploy any series of XTM in mid to small environments in minutes. I can deploy clustered M5600 in an enterprise within 30 minutes straight from the box, that's easy.

They are very reasonably priced and competitive in the market. For small and mid-sized businesses it's hard to beat the bang for the buck.

After setting them up, it's also very easy to fine tune and manage them. The packet monitor is very useful in troubleshooting and I use it to tighten down rule sets.

Dimension is a great packet analyzer and I think they still offer it as a free tool.

The UTM package has caused me some issues in the past, specifically IPS and AV at the edge. In my experience when AV at the edge is unable to sync with its third party database the rule fails and will block all traffic by default.

Some of the default global settings can cause issues. One common one is SYN packet not returning ACK. Turning off this setting will allow packets that don't complete the 3-way handshake to pass. Not the most ideal solution.

An area that I think could be improved is in application awareness. The only firewall that can do true layer 7 policying is PaloAlto firewalls, that I'm aware of. I think firewalls need to start moving to that and this is an area WatchGuard could add and improve.

Simplicity and low overhead provide ROI for IT.

Low cost in comparison to other vendors in the space.

Flexibility and features provide ROI when it meets business needs, policies and security.