A reliable everyday border security solution. No flash, not too much cash, all business.
Updated May 14, 2019
A reliable everyday border security solution. No flash, not too much cash, all business.
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with WatchGuard Network Security
WatchGuard (WG) products occupy the sweet spot between free (but labor intensive) solutions at the bottom and the instantly recognizable, brand name, nickel and dime you high end products. We were looking for a border security appliance for a mid-size network (not too many people, but a lot of unusual traffic) that worked in a very unusual but standards compliant network layout (basically, a filtering bridge combined with a NAT router on a stick with multiple non-overlapping subnets). WatchGuard was the only company that promised to deliver - and did.
Specifically, our primary WG device (an M670) is a departmental firewall, protecting a 200+ person, 4,000+ device network with a small public IP subnet (not a true DMZ) and several large private NATed subnets, all downstream of a router we do not control (hence the need for bridging the public subnet and route the private IP devices).
Due to the unusual layout, a second physical device (also a WG box) is needed as a VPN endpoint and for smaller secondary subnets.
Specifically, our primary WG device (an M670) is a departmental firewall, protecting a 200+ person, 4,000+ device network with a small public IP subnet (not a true DMZ) and several large private NATed subnets, all downstream of a router we do not control (hence the need for bridging the public subnet and route the private IP devices).
Due to the unusual layout, a second physical device (also a WG box) is needed as a VPN endpoint and for smaller secondary subnets.
- Support is responsive and unusually helpful.
- WG's approach to "supported configurations" is refreshingly flexible.
- Subscriptions are relatively affordable.
- Continuous improvement :)
- Online documentation does not go sufficiently in-depth and sometimes lags a bit behind OS releases.
- Tech support is worldwide, so complex issues result in a rolling wave of phone calls from CSRs located more and more west. WestCoast US, Far East, Middle East, Europe, East Coast... A lot of time can be wasted bringing the next CSR in line up to speed.
- There are too few "technical sales" people - reps who both know the product line and are able to follow nuanced technical questions. The rep that sold me on WG originally was fantastic, but has since retired.
- As is always true with a critical device, support is never "quick enough". One can, of course, pay more for quicker response...
- Continuous improvement :(
- A WG appliance with maintenance is a way to centralize some of the security spending by shifting it away from the desktop.
- We are spending far more than we used to (with OSS solutions) with far less downtime and many fewer reportable (or not) incidents.
- The routing and network management side hasn't changed: the network works. The security incident side is harder to quantify, but that's the point: no news is, indeed, very good news.
- It's easy to put a dollar value on a pice of hardware and a maintenance subscription. It's much harder to put a dollar value on "zero incidents".
We worked with Insight Public Sector and Connection. Any difficulties we had (and we had quite a few) were due to arcane policies of our own purchasing department. The partners were helpful, responsive, and knowledgeable. The products were quoted properly and delivered on time. Since all the pre-sales technical discussions were conducted directly with WG, I would expect no less. That being said, WG sales reps were *excellent* go betweens, able to secure advantageous pricing, temporary licenses, etc.
Overall, a pleasure to do business with.
Overall, a pleasure to do business with.
The question I am answering states: "WatchGuard Network Security is packaged as a single appliance with a single license covering threat protection, reporting and management capabilities. Describe whether this simplified packaging and licensing has benefited your organization, and how."
WG is *not* a single appliance with a single license covering everything. It is, potentially, a cluster of appliances, physical or virtual, each with a subscription covering certain threats for certain periods of time. The names of the subscription levels and the exact features that are or are not included has been known to change.
I am therefore not entirely sure how to answer this question, other than to say that I was able to navigate the offerings and find an appropriate solution for our needs, but I did need the able assistance of the now-retired pre-sales technical rep.
WG is *not* a single appliance with a single license covering everything. It is, potentially, a cluster of appliances, physical or virtual, each with a subscription covering certain threats for certain periods of time. The names of the subscription levels and the exact features that are or are not included has been known to change.
I am therefore not entirely sure how to answer this question, other than to say that I was able to navigate the offerings and find an appropriate solution for our needs, but I did need the able assistance of the now-retired pre-sales technical rep.
- SonicWall Capture Advanced Threat Protection (ATP), Trend Micro TippingPoint Threat Protection System (TPS) and pfSense
WG is *much* cheaper and more flexible than the commercial competitors we pitted it against. Ridiculously so. It is also much more tolerant of thoughtless "one-click, let's try this" solution to network hiccups of anything else we considered.
It's not the cheapest, the easiest to stand up, the best supported, or the most flexible. It is, however, by far the most balanced solution for our needs.
It's not the cheapest, the easiest to stand up, the best supported, or the most flexible. It is, however, by far the most balanced solution for our needs.