Great Product
April 13, 2024
Great Product
Score 9 out of 10
Vetted Review
Verified User
Modules Used
- WatchGuard Network Security
Overall Satisfaction with WatchGuard Network Security
Use several NGFW clustered in different countries, physical and virtual appliances as well. Same interface, with no learning curves. Used at the perimeter, connected sites with branch office VPN, and for some, used as a VPN SSL for roaming users. They were bought with the total security suite which provides advanced defense-related features. Globally we use all (or near) the possibilities offered by those devices, and they work as expected.
- Firewall rules with auto-ordering
- Bandwidth consistency
- Branch Office VPN
- Centralized appliance (Dimension) at no cost is a great solution to consolidate reports from several appliances
- No possibility to negate terms in rules such as "allow everything from x.x.x.x/yy except x.x.x.z"
- Mixing rules of pure firewalling with those concerning VPN SSL ends up in something not pleasant and not easily readable, should have a dedicated tab for VPN SSL rules, as the one for IPSEC VPN rules
- No proxy support for SFTP or FTPS (I know it's quite hard to achieve that)
- The embedded rule for NTP has never been corrected to remove TCP for port 123
- The most important for us is the uninterruptible access provided by clusters as we have roaming users all over the world that heavily depend on data access for business.
- The price is very right-sized, for example, having an active/passive cluster needs only one total security license to cover the cluster, not 2 such as other well-known companies.
- Old devices, no longer supported, could be used for "light security" such as internal routers with great firewalling, NAT, and so on.
- Once you have one, there's no learning curve if you change models, physical or virtual, all use the same interface and work the same.
- A negative point is that I don't know how the support handles issues, as I have had none in 15 years.
We work with Axido and they are amazingly perfect, and professional from the beginning to the end, even after the end. :-) It's a trusting relationship where we never get disappointed, they always do their best to satisfy our demands and in the end, how they work with us gives Watchguard a very positive brand image.
If the solution is on-premise go for it, if it's cloud-based, not with me. It greatly depends on what type of device, where they were implemented, on what perimeter, country, etc. For heavily sensible machines, I use WSM on-premise, it's perfect to manage all the world devices around the world through branch office VPN.
I use it only for what is used by us as a "roaming device". For example, NV5 which goes from site to site for a short period of time is easy to manage through Watchguard Cloud with rapid deployment. You prepare the configuration suited for the site and voilà, as soon as the box is connected it will be up and running, protecting the access and giving VPN SSL in no time. I don't want a cloud-managed for the usual case of a firewall protecting a site.
Price mainly, Both are great products, Check Point is a better management interface with the possibility to expand/collapse a set of rules, and negate rules parameters.
Do you think WatchGuard Network Security delivers good value for the price?
Yes
Are you happy with WatchGuard Network Security's feature set?
Yes
Did WatchGuard Network Security live up to sales and marketing promises?
Yes
Did implementation of WatchGuard Network Security go as expected?
Yes
Would you buy WatchGuard Network Security again?
Yes