WatchGuard Rocks
April 27, 2016

WatchGuard Rocks

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with WatchGuard XTM

We are using it as the core HA active/passive firewalls for all network traffic on our corporate network. Each zone is set up and divided into its own zone with policies allowing or denying access between each zone.

Pros

  • They are simple to set up and configure. With just a few months of experience you can easily deploy any series of XTM in mid to small environments in minutes. I can deploy clustered M5600 in an enterprise within 30 minutes straight from the box, that's easy.
  • They are very reasonably priced and competitive in the market. For small and mid-sized businesses it's hard to beat the bang for the buck.
  • After setting them up, it's also very easy to fine tune and manage them. The packet monitor is very useful in troubleshooting and I use it to tighten down rule sets.
  • Dimension is a great packet analyzer and I think they still offer it as a free tool.

Cons

  • The UTM package has caused me some issues in the past, specifically IPS and AV at the edge. In my experience when AV at the edge is unable to sync with its third party database the rule fails and will block all traffic by default.
  • Some of the default global settings can cause issues. One common one is SYN packet not returning ACK. Turning off this setting will allow packets that don't complete the 3-way handshake to pass. Not the most ideal solution.
  • An area that I think could be improved is in application awareness. The only firewall that can do true layer 7 policying is PaloAlto firewalls, that I'm aware of. I think firewalls need to start moving to that and this is an area WatchGuard could add and improve.
  • Simplicity and low overhead provide ROI for IT.
  • Low cost in comparison to other vendors in the space.
  • Flexibility and features provide ROI when it meets business needs, policies and security.
Again, WatchGuard is priced much lower than other vendors in its space. It may not have some of the bigger features such as Layer 7 awareness. It's more simple to manage and provides IT staff the time to work on other tasks versus time spent to create complex rule sets.
Small to mid-sized organizations is the target market for WatchGuard and it's where they fit in best.

Comments

More Reviews of WatchGuard XTM - Discontinued Product