A reliable everyday border security solution. No flash, not too much cash, all business.
Updated May 14, 2019

A reliable everyday border security solution. No flash, not too much cash, all business.

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with WatchGuard Network Security

WatchGuard (WG) products occupy the sweet spot between free (but labor intensive) solutions at the bottom and the instantly recognizable, brand name, nickel and dime you high end products. We were looking for a border security appliance for a mid-size network (not too many people, but a lot of unusual traffic) that worked in a very unusual but standards compliant network layout (basically, a filtering bridge combined with a NAT router on a stick with multiple non-overlapping subnets). WatchGuard was the only company that promised to deliver - and did.

Specifically, our primary WG device (an M670) is a departmental firewall, protecting a 200+ person, 4,000+ device network with a small public IP subnet (not a true DMZ) and several large private NATed subnets, all downstream of a router we do not control (hence the need for bridging the public subnet and route the private IP devices).

Due to the unusual layout, a second physical device (also a WG box) is needed as a VPN endpoint and for smaller secondary subnets.

Pros

  • Support is responsive and unusually helpful.
  • WG's approach to "supported configurations" is refreshingly flexible.
  • Subscriptions are relatively affordable.
  • Continuous improvement :)

Cons

  • Online documentation does not go sufficiently in-depth and sometimes lags a bit behind OS releases.
  • Tech support is worldwide, so complex issues result in a rolling wave of phone calls from CSRs located more and more west. WestCoast US, Far East, Middle East, Europe, East Coast... A lot of time can be wasted bringing the next CSR in line up to speed.
  • There are too few "technical sales" people - reps who both know the product line and are able to follow nuanced technical questions. The rep that sold me on WG originally was fantastic, but has since retired.
  • As is always true with a critical device, support is never "quick enough". One can, of course, pay more for quicker response...
  • Continuous improvement :(
  • A WG appliance with maintenance is a way to centralize some of the security spending by shifting it away from the desktop.
  • We are spending far more than we used to (with OSS solutions) with far less downtime and many fewer reportable (or not) incidents.
  • The routing and network management side hasn't changed: the network works. The security incident side is harder to quantify, but that's the point: no news is, indeed, very good news.
  • It's easy to put a dollar value on a pice of hardware and a maintenance subscription. It's much harder to put a dollar value on "zero incidents".
We worked with Insight Public Sector and Connection. Any difficulties we had (and we had quite a few) were due to arcane policies of our own purchasing department. The partners were helpful, responsive, and knowledgeable. The products were quoted properly and delivered on time. Since all the pre-sales technical discussions were conducted directly with WG, I would expect no less. That being said, WG sales reps were *excellent* go betweens, able to secure advantageous pricing, temporary licenses, etc.

Overall, a pleasure to do business with.
I have seen demos of prettier interfaces, and I have also seen far less user-friendly interfaces.

The split between the old Windows-based manager, the newer web-based Dimension, and the occasional foray into the command line is somewhat unfortunate from the point of view of a new user. At this point, I just shrug and get things done.

The positive way to describe the current state of affairs is that the product line is evolving and there are enough "knobs" to make it all work, without too many clicks, all while protecting the user (me) against accidental mistakes.

The overall upwards trend makes me confident that this was a correct choice.
An ideal network appliance would be free, would last forever, would work with any network layout, would require no maintenance or updates, and would be trivial to manage (no doubt using telepathy).

WG failed primarily by requiring some changes to the network. This is *far* better than some of the competitor's more monolithic offers ("bridge? what's a bridge? why do you need a bridge?"), and *far* easier to deploy and maintain than the previous pf-based solution.

Again and again, WG proves itself to be the middle of the road solution. Straightforward, affordable, and reliable.
The question I am answering states: "WatchGuard Network Security is packaged as a single appliance with a single license covering threat protection, reporting and management capabilities. Describe whether this simplified packaging and licensing has benefited your organization, and how."

WG is *not* a single appliance with a single license covering everything. It is, potentially, a cluster of appliances, physical or virtual, each with a subscription covering certain threats for certain periods of time. The names of the subscription levels and the exact features that are or are not included has been known to change.

I am therefore not entirely sure how to answer this question, other than to say that I was able to navigate the offerings and find an appropriate solution for our needs, but I did need the able assistance of the now-retired pre-sales technical rep.
WG is *much* cheaper and more flexible than the commercial competitors we pitted it against. Ridiculously so. It is also much more tolerant of thoughtless "one-click, let's try this" solution to network hiccups of anything else we considered.

It's not the cheapest, the easiest to stand up, the best supported, or the most flexible. It is, however, by far the most balanced solution for our needs.
Note that my 5/10 reviews above are simply a reflection of the compromises inherent in our selection. The WG product isn't the best or the cheapest, or the flashiest. It is the perfect middle of the road compromise.

WG appliances are great as turnkey solutions in mid-size and smaller networks. They are easy to understand, easy to deploy, and easy to manage.

WG appliances are not ideal in unusual networks. While WG worked with us to make the appliance fit our network layout, in the end it was easier to adapt the layout to the appliance rather than living with the compromises.

In my opinion, WG virtual appliances aren't quite ready for prime time as filtering bridges in complex half-virtual networks (with physical and vSwicthes and an external non-WG router). Having tried to save money by leveraging our VMWare infrastructure and upgrading to a FireboxV, I had to give up and go with a physical box. WG was excellent throughout the testing and purchasing period, however.

WatchGuard Network Security Feature Ratings

Identification Technologies
5
Visualization Tools
5
Content Inspection
5
Policy-based Controls
5
Active Directory and LDAP
Not Rated
Firewall Management Console
8
Reporting and Logging
6
VPN
8
High Availability
Not Rated
Stateful Inspection
5
Proxy Server
4

Comments

More Reviews of WatchGuard Network Security