1. Home
  2. Firewall Software
  3. WatchGuard Network Security Reviews
  4. User Review of WatchGuard Network Security
Solid Value and clarity for SMB's that demand clear insights into network protection
September 15, 2017

Solid Value and clarity for SMB's that demand clear insights into network protection

Bill Holmberg | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with WatchGuard NGFW

We use them at 4 sites currently, to manage external Internet Access Drains (IAD) and for VPN to VPN failover between those sites. Since one is used at the main site, we have the entire organization being secured by them. They are centrally managed by Watchguard System Manager, and all policies are synced in that manner through that server- yet we still have individual views into each. We also use the Dimension Server to aggregate the logs and activity.

The problems addressed by these firewalls are: 1) Easy to use interface GUI 2) Several windowed views such as HostWatch (Sees what internal IPs are talking to what) and a good dashboard for the overall health of the connections, and the policy viewer, among a few. 3) Web blocker and other subscription services make fast and easy setup to stop poor choices by users before they cause issues.
  • User-friendly GUI (for the most part- firewalling can get complicated, so some topology knowledge is necessary), allows for fast reconfigurations of rule sets.
  • Comes with 25 SSL-VPN keys.
  • Easily supports RADIUS authentication if desired.
  • Very visual interfaces for Hostwatch, dashboard, etc.
  • System Manager can control all the firewalls from a single pane of glass.
  • The Dimension Server can log and display relevant information desired from all endpoints at once, or singly.
  • Setting up a VPN to VPN auxiliary network for failover has not been either easy or worked very well for us.
  • Automatic failover to redundant circuits locally has not worked, althoiugh semi-permanent use of local drains for http services does work well.
  • I'd like to see alerts for when the failover networks are in use or when they fail back - if we can get it to work.
  • We have stopped over a billion (!) attacks on our networks with the built in IDS (Intrusion Detection System).
  • We have tracked and blocked poor user surfing habits due to the insights we get with the hostwatch and dimension servers.
  • The one negative is in their warranty - we had an electrical issue take out a firewall (possible lightning?) and got no credit towards replacement, although the license remainder was added on.
  • Overall a good ROI.
Sonicwalls we used previously often required reboots, while the WGNGFW's have been up for over a year without one. Fortinet was clunky and sometimes shut down neeed ports due to false positives. CISCO units are expensive and obtuse- except for the new Meraki Security Appliances, one of which we are testing now.
If you have a limited staff, the WatchGuard platform offers clear time saving advantages, and doesn't require an engineering degree or lengthy CISCO training as other firewalls do, and is far superior in performance and ease of use and visibility into network traffic than cheaper alternatives - while not being as expensive as the CISCO world or Fortinet. [It’s] Ideal for medium sized businesses using on-prem firewalling, and some SMB budgets as well. Most of all, it's pretty intuitive for techs with a network background and is easy to use and there is a host of free training from WatchGuard. There are also certification routes which are affordable.

Using WatchGuard NGFW

3 - Network administration, DevOps, IT Management
3 - Familiarity with the products interface requires some networking knowledge, although to be a consumer of the data generated one need only see the material and be provided with a brief explanation of terms- if not familiar with network or threat terminologies, like IDS, Hostwatch, IP addressing, etc.

Rulesets are vital to the best practice configurations, so to fully support this product it is recommmended that support persons have basic to medium network experience and training, as well as using some of the Watchguard training made available. Advanced training and certification is always welcome, but not necessary for most SMB configurations.

I highly recommend the full subscription services offerrings to be sure.
  • Web Blocker- keeps people from doing something ill-advised and dangerous
  • IDS- automatically fends off millions of attacks every month
  • Remote offices connect through VPN or can use a local IAD (Internet Access Drain) while connected to the WAN to save on traffic between sites and remain encrypted and secure
  • HostWatch allows realtime visibility into network traffic and external to internal connections
  • Dimension logs traffic and can be used in numerous ways
  • I am not certain that our use would be considered either innovative or unexpected- this is really meant to normalize the user experience and business impact.
  • Perhaps this isn't quite the product that this general question would encompass.
  • Creating a VPN to VPN mesh network with auto failover via the auxiliary circuits/alternate media (Cable, DSL, etc.) in the event of the loss of fiber to our main facility is a goal of ours.
To be replaced, we would need to see a clear set of reasons that acutely address the points I have made in favor of this solution, and they would need to be Cheaper, easier to use, give more clarity into the networking, and create easier dashboards and reports for managemnt of users networking and threat actors attempts to compromise the network.

WatchGuard NGFW Support

Professional, dedicated, superbly trained engineers support this product and are passionate about their customers success.
ProsCons
Quick Resolution
Good followup
Knowledgeable team
Problems get solved
Kept well informed
Immediate help available
Support understands my problem
Support cares about my success
Quick Initial Response
None
Yes - Downtime costs more than the premium support option.
Yes - Yes, on an earlier release we found some issues (years ago) and helped them narrow it down. They compensated us for our troubles by extending support and features for some time.
Yes- We were moving from one facility to another for one of our branch offices in North Dakota, and we needed to cutover the network to new IP addresses and the new network while the old one was still up. When the time came to forklift the racj from the old site to new, we had to engage the LEC and WAN providors to make the cut. It took them into the very late hours and our watchguard support engineers stayed with us until very late (early in the am) as we troubleshot several thrid party vendor issues (mostly the new fire alarm people- they couldn't seem to understand Ethernet connections as opposed to telephone landlines- which we didn't have...).