Item: WatchGuard Network Security
Rating: 8
Author: Verified User

Use Cases and Deployment Scope

We deploy WatchGuard UTM appliances across a number of clients primarily to provide Gateway IPS and Anti-Malware services. In some instances, we deploy WatchGuard appliances for site-to-site VPN connectivity (BOVPN) or remote access for users using AuthPoint as a 2-factor authentication solution. These allow us to protect client networks and provide remote access to client networks effectively.

Pros and Cons

Site to Site VPN - very robust, you can set and forget
Gateway AV - effective and very low false positives
Remote Access - very good integration with 2 factor auth solutions

Proxy setup can be frustrating - packets are dropped and it can be difficult to determine the reason so you end up disabling security features to troubleshoot
SNAT - setup is clunky at times
Would prefer better CLI functionality, the GUI is muddled, although using the management software is preferable

Return on Investment

Very positive impact due to low maintenance and reliability. We have confidence when we install these for clients.
A negative impact would be the issues we have had with configuration and 'unhandled packets' - can take a long time to get the configuration right and even then we have had to compromise on the setup from time to time

WatchGuard Network Security Partner

Yes. We worked with NetThreat in the UK to acquire the hardware and licenses. Very good team. Although for all support we go straight to WatchGuard support, which is excellent too and very responsive.

Implementation Rating

It's critical to get the basics right when implementing these firewalls - as with all firewalls. Always make frequent backups during the configuration so you can roll back if you need to or use Dimension if you are managing multiple firewalls. It is well worth the extra licensing cost. We started to use Dimension 3 years ago and never looked back.

WatchGuard Network Security Packaging and Licensing

Yes. We have benefited from being able to access all of these features through one interface. It saves us time when deploying the solution, configuring it when a client requests that changes are made and when monitoring logs and assessing network statistics and other security criteria. The GUI interface can be fine for basic tasks and we rely on it mostly.

Alternatives Considered

SonicWall TZ and Fortinet FortiGate

We like WatchGuard for its reliability and uptime. They really are 'set and forget. Although from a configuration perspective we do prefer Sonicwall and Fortinet even more so. Once deployed we use the Dimension solution in most cases to manage the devices and to create Executive reports for our clients.

Other Software Used

Beyond Compare, Todoist: To-Do List & Task Manager, Altaro VM Backup

Key Insights

Do you think WatchGuard Network Security delivers good value for the price?

Yes

Are you happy with WatchGuard Network Security's feature set?

Yes

Did WatchGuard Network Security live up to sales and marketing promises?

Yes

Did implementation of WatchGuard Network Security go as expected?

Yes

Would you buy WatchGuard Network Security again?

Yes

Likelihood to Recommend

Site-to-site VPN connectivity is excellent - we have a few of these boxes running in remote locations with zero input from us for over 2 years. These devices don't need rebooting, they just keep on going. We have only had one firewall failure in 6 years. If you need a setup and forget solution that you can remotely manage easily then it is really good. If you need to provide robust gateway security we would recommend it. It can be difficult to keep track of configurations when you set up proxy rules. Sonicwall is better in this respect for example when using the GUI to understand firewall rules.

WatchGuard - set and forget security

Overall Satisfaction with WatchGuard Network Security