Advanced Network Security for Dummies
Overall Satisfaction with WatchGuard Network Security
WatchGuard Network Security is our gateway from the internet and between our offices and colocation facilities. We do our own web hosting, IP PBX, WiFi, VPN access, and TDR with WatchGuard devices as our firewalls. All our WatchGuard units handle site-to-site VPNs to our offices and CoLogcations and route our different VLANs. We also utilize their wireless access points for office wifi access and WIPS.
Pros
- Firewall Protection
- Customer Support
- Cloud Management
- Training sessions
- Cloud Management
Cons
- Migration from premise management to cloud management is painful and not worth the trouble
- Cloud management is not yet a complete product
- poor support for older products
- Panda Endpoint Security product line and integration with existing products is confusing
- Fast and Automated updates to AV and IPS to address new threats if you apply the savings of lower amounts of security incidents to your ROI
- The complete lack of support for previous access points once a new model is released. Making a recent acquisition of some WIFI 5 units means they become garbage when we upgrade to WPA3 and WiFI6/7
- Firmware and software updates have never had an issue or altered a rules, so no additional or prolonged outages for maintenance.
- Their communication has gotten better with the release of monthly emails on the current and resolved issues, making searching for information less time-consuming.
We worked with eMazzanti Technologies and it was great. They know there stuff.
We haven't noticed value other than being secure. There message has gotten muddy recently with the acquisition of Panda and trying to merge everything into a unified system. They unified web platform still isn't great as the product names and renaming is very confusing. You need a really good WatchGuard certified VAR like eMazzanti to navigate it all.
Remote, scheduled firewall firmware updates are a breeze now. Remote logs are nice, but we use their Dimension product. We can't transition our firewall configs to the cloud as not all features are supported and there is no migration process. Its a wipe and start new style migration, if you can call it that. If your a business that does not deal with offering public Wi-Fi, get your WAPs elsewhere.
We work with eMazzanti on all our WatchGuard purchases. I can't express enough how great they have been. They take all our questions, big and small, and get answers to them. They don't care if you are a small customer or a huge customer, all are treated as important. They will bring in WatchGuard subject matter experts and sales engineers should their expertise not be able to answer our questions and concerns and are not afraid to have them on a call with us. They have even escalated our WatchGuard issue that has open tickets to help us.
We used to pick and choose some of the advanced features based on need and device. So for example, we would only get ATP Blocker on the devices that screened files, such as email servers. Now we are forced to get everything, used or not. While a little is more costly, this isn't necessarily a bad thing. Now we budget the full cost and if needs change during the year, there is no need to get emergency funding to enable a feature or replace a box. We also end up getting things like EDR, that we would not have considered otherwise, expanding our security.
- Cisco 4000 Series Integrated Services Routers (ISR 4000), Comcast Business Internet, Fortinet FortiGate, Omada, Verizon Managed Security Services and Symantec Advanced Threat Protection
WatchGuard wins hands down in its simplicity. All the predefined service profiles, support, ability to migrate from one device to another with the same configuration make them a complete win. Sure you can get stupid complex configurations with a Cisco, but you can really get into that with WatchGuard if you wanted, it's just not needed. People think of WatchGuard devices like a firewall, but it's not. It's a real router, BGP, STP, and all that. It handles multiple interfaces from different sources. It's a VPN device with multiple VPN implementations available that are not vendor-locked. It can log, it can log to a free WatchGuard virtual reporting machine (Dimension) and to the cloud. It can integrate with some helpdesk software for automatic ticket creation on failures. They have single sign-on, MFA and so much more. You need to take a look at your needs, and your future potential needs, and then you can really see what WatchGuard Network Security has to offer.
Do you think WatchGuard Network Security delivers good value for the price?
No
Are you happy with WatchGuard Network Security's feature set?
Yes
Did WatchGuard Network Security live up to sales and marketing promises?
Yes
Did implementation of WatchGuard Network Security go as expected?
Yes
Would you buy WatchGuard Network Security again?
Yes
WatchGuard Network Security Feature Ratings
Using WatchGuard Network Security
30 - They all use firewalled email and VPN access to secure systems.
1 - You need firewall and network design knowledge to support these units. The online documentation alone will not get you there,
- SSLVPN support
- 2 form factor security
- email system protection
- we can use the WatchGuard appliances as a vlan router instead of an additional router or high end switch.
- IPS
- general network traffic monitoring
Evaluating WatchGuard Network Security and Competitors
- Cloud Solutions
- Scalability
- Ease of Use
The WatchGuard solution has the flexibility to go with just one of there products and then expand to any of the other offerings without feeling locked into there entire portfolio.
We would have demanded premise to cloud transition demos.
WatchGuard Network Security Implementation
- Implemented in-house
Change management was a minor issue with the implementation - Deploying SSL based VPN is hard as there is no MSI installer or ARM support.
- SSL VPN Deployment
- Setting Outbound IP address rules for email
- lack of transition to cloud based management from local
WatchGuard Network Security Support
We acquired only the support that comes with with the security package we acquire. So total security provides 24x7 Gold support and on some of our older boxes, we get standard 24x7 support as they don't support the advanced features in total security.
Yes - Over the years, I have reported a few bugs. They were all resolved, but if its important, you need to call them. Opening a web ticket can result in getting support staff far outside your time zone and playing pass the baton with different support staff
We had a fan go bad in one of our units. So we opened a case and the next day a brand new unit was delivered to us for replacement. We didn't expect next day delivery for a fan failure when the device had multiple fans. Most services department make you send logs, get proof a fan is bad, take a week to replace, etc. We were impressed.
Pros | Cons |
---|---|
Quick Resolution Knowledgeable team Kept well informed No escalation required Immediate help available Support cares about my success Quick Initial Response | Poor followup Problems left unsolved |
Using WatchGuard Network Security
Pros | Cons |
---|---|
Like to use Easy to use Quick to learn Convenient Feel confident using | Unnecessarily complex Requires technical support Not well integrated Inconsistent Lots to learn |
- SSLVPN is quick and easy
- Basic firewall configuration is also quick and easy
- No MSI installer for SSLVPN client.
- No ARM support
- complex operations of firewall
- No reverse NAT/SNAT
Comments
Please log in to join the conversation