WatchGuard NGFW, Layered Security that makes you feel warm inside
September 27, 2018
WatchGuard NGFW, Layered Security that makes you feel warm inside
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with WatchGuard NGFW
Our WatchGuard NGFW is being used by our entire organization as a corporate firewall. All traffic, to include remote facility VPN flows through our WatchGuard M470. Our M470 NGFW addresses many business problems including, but not limited to: web proxy / filtering, firewall, IPS, gateway anti-virus, data loss prevention, reporting, Advanced Persistent Threat and corporate VPN access. When discussing NGFW characteristics, I believe that it goes beyond just features and capabilities...I feel that a true NGFW brings an aspect of collaborating and verification of data/information available within the environment. The WatchGuard NGFW products do just that. We have utilized the WatchGuard products since 1999 and have never been disappointed or let down by the vendor. Technical support (with a subscription) is always available and have always provided business-class professional service and support to our company.
- Strength: I believe a major strength is in the services they provide and the upgrades available to NGFW owners. While certain features are subscription based, they provide you with many options to customize and "layer" your security model.
- Strength: As long as you have a subscription of Total Security Suite, you have access to the Dimension appliance which provides logging, reporting and management features for your NGFW. The Dimension appliance runs either on VMWare or Hyper-V and is a power tool for visualizing firewall traffic and subscription based statistical data, and it only takes literally minutes to get it up and running to collect data. Instructions are available on the WatchGuard support site and are simple and easy to follow whether you're an experienced IT professional or not.
- Strength: Software & Firmware updates are a breeze and can be performed via hard client or over the internet from the web client. The system will perform a backup prior to performing any updates and usually only take a few minutes to complete.
- Strength: Traffic Monitor. Visualization of data is clean and uncluttered. Whether you are looking at firewall traffic to determine why a certain user or device is getting denied through the firewall or why a website is getting blocked by a particular computer, it is as simple as filtering what characteristic you want to look at in the traffic monitor and sit back and watch. The traffic stream is able to be paused in the viewer enabling you to copy and paste and search for what you need.
- Strength: The WebBlocker service is extremely flexible to configure. There are 2 choices: You can use the WebBlocker cloud, which gives you tons of categories to filter, or you can utilize an on-premises WebBlocker server. Both enable you to easily set up exceptions as well as an override password.
- Strength: This is one heck of a strength in my opinion as it lets you block whole countries. I use this extensively to block a large portion of countries that are notorious for nefarious activity.
- Strength: IPS - If you have a detected intrusion, the system will let you know as well as provide an alarm. You can visualize the information from the WatchGuard Dashboard via the web interface.
- Strength: Dashboard for Subscription Services. All subscriptions services are available in one easy to read dashboard. Keeps you informed of all activity in a graphical layout. If you need to drill down, you can utilize either a reporting server or the Dimension appliance.
- Con: (May not be Con for everyone) Many newer firewalls that provide VPN functionality have auto discovery and are easy to set up. I am not implying that the WatchGuard NGFW is hard to set up VPN on, I am stating that it is not automated. you must know how to choose your IP addresses for your remote and local locations as well as set up traffic rules. On a positive note, WatchGuard technical support will assist you in setting it up quickly.
- Con: (May not be Con for everyone) Most all firewalls that I have dealt with must be maintained in some way. Whether it's a annual maintenance cost or subscription based services, you will need to plan for an annual budget to cover the cost of whatever security / support package you select for your company. I consider it a cost of doing business as you either want to be protected or you don't.
- Con: VPN client. WatchGuard provides a free SSL-VPN client, however the IPSEC VPN client is a 3rd party client. I would like to see them provide a WatchGuard IPSEC client that isn't 3rd party.
- Positive: As a Aerospace & Defense company, we must comply with flow down requirements from the government as it relates to CyberSecurity and data protection. WatchGuard has provided the foundation on which we build that protection platform. Layered NGFW security defenses coupled with end point protection and vulnerability scanning provide us with an ROI that can only be measured in uptime and zero loss of work.
- Positive: Intuitive and easy to use interface helps us save time when troubleshooting traffic blocking issues or any denied traffic.
- Positive: Access to the WatchGuard Dimension Appliance, which provides an extensive data collection tool enabling our IT department to monitor traffic and seek out anomalies quickly.
We have not stacked WatchGuard against an other product as of this review. We are however, in the process of scheduling a review of Cisco Meraki MX Appliances to further educate ourselves on other available technology. We did review other products many years ago, however I don't feel that information is relevant at this time. I will update this review upon completion of our Cisco demo.
WatchGuard NGFW Support
| Pros | Cons |
|---|---|
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Immediate help available Support understands my problem Support cares about my success Quick Initial Response | None |
Yes - The higher level support costs are different. There are multiple levels of support to choose from and we pay for the Gold Support, which provides us a wider range of support options and response times. It is a business decision that fits our environment and internal customer requirements.
Yes - Yes, but it wasn't critical. It was fixed within a few future builds. It had to do with displaying data on a graph and wasn't critical at all.
I was required to set up a point to point VPN between our two locations and was having an issue with the configuration. The cutover was scheduled for a Saturday and I needed to have the equipment pre-configured to just drop in. I called tech support on the Monday before install and the tech went through every aspect of the setup and configuration with me until it was complete. All I had to do was drop the equipment in place, plug in the power and network connections and I was done. The tech was amazing and patient with me and was able to figure out quickly what configuration mistake I made. Turned out that I mistyped an encryption password.
Using WatchGuard NGFW
| Pros | Cons |
|---|---|
Like to use Relatively simple Easy to use Well integrated Consistent Quick to learn Convenient Feel confident using Familiar | None |
- Software & Firmware Updates
- Creating new policies
- Setting up WebBlocker Services
- Setting up subscription services
- Setting up Dimension Applinace
- VPN Setup
- Making sure your services are tied to your policies. you have to drill down to verify.