hope this will be a new Sophos like enviroment and they will integrate an endopoint centralized AV solution
This is like trash buying trash. I wish them luck.
I’m shocked they’re still around. I worked at a place that had them in like 2011. Hell, I’ve got an old firebox II sitting in the corner as a door stop.
Huh? I thought this is r/sysadmin not r/snakeoil …
I’ve been in IT for about 5 years.
The first 1.5 years I got limited exposure to ASA, Fortigate, and Palo Alto.
These last 3-4 years I have worked at an MSP that exclusively manages Watchguards as their firewall solution and I love working with them.
Super easy to work on, the best traffic manager/log viewer I have used, stupid easy VPN set up and troubleshooting.I have seen quirk or two that I had to open a ticket on, but nothing out of the ordinarily compared to other vendors.
Why is there so much distain for WG? Anytime I see someone praise them on Reddit someone always comments " yeah. Sounds like something a Watchguard user would say!"
Are they not feature complete or something?
Not as secure?
Actually i manage a lot of Watchguard firewalls and nowadays they arent that bad.
The old ones are total crap (random rebooting when you navigate through the menus, ocasionally one gets bricked), but these last years they have gotten much better.
For customers with simple networks they are great, easy to setup, simple to understand. For techs with no background on firewalls they are great to get started too.
Given all of this, Watchguard firewalls are still far away from the top vendors.
Watchguard uses Bitdefender as their antivirus on their firewall, but everything is moving to the endpoint now. Panda makes sense to offer a more complete solution. They needed something like that to compete with Fortinet.
I used Cisco ASA, Checkpoint, Fortinet, Watchguard and Bluecoat. All firewalls these days are just rebranded Linux inside a custom box made by Foxconn or Supermicro.
For the price, Watchguard are really good: No no-sense UI, no firmware versioning nightmare, easy to integrate with AD, comes with free Dimension reporting software, etc. No need to spend more for hardware these days with everything running on AWS and TLS 1.3 preventing us to do full inspection, filtering using SNI. All those big and powerful boxes doing spam filtering, load balancing, full inspection and antivirus are going obsolete soon.
There are many companies that have been around since 2011. Some far longer
The interface has improved a lot since then I think. The main reason we liked them at my previous job was the pricing. For an SMB, none of the other vendors we looked at (Cisco, Fortinet, CheckPoint) could match that. I imagine that’s the same reason a lot of smaller companies are buying them as well.
stupid easy VPN set up
I worked exlusively with WG and sonicwall when I first got into IT in 2015 at an MSP.
Love WG for small-medium sized business and like you mentioned they are just easy to use.
Some things might not be in the location you think but like working with any vendor…they just do it a little differently.
What I laugh about is I actually interviewed there 5 years back for a really basic entry level position (T1 for their smallest devices) and it was actually the hardest interview I had out of an MSP (where I ended up going), Amazon (Felt like a f’ing cog the whole time, hated it) and a few other large regional business (1000-5000ppl).
I never got the impression they just hired warm bodies.
I don’t mind the web management of WG’s but Policy Manager is clumsy to me.
Multiple ways to do everything, easier to mis-configure and block your own shot.
I realize they are more feature rich than Meraki’s but for basic setup’s I much prefer Meraki.
Hopefully WG moves more to the web management and depreciates Policy Manger. From what I understand (could be wrong) you can’t do everything from the web.
I was taught using policy manager and do 99% in there. Only log into the webui if I need to pull an IKEv2 mobile vpn profile or to check WAN bw really. Funny how that goes.
Admittedly policy manager looks old. I won’t be surprised if they force us off at somepoint.
I basically live in policy manager. Would choose it to do firewall related crap over webui for most stuff besides certificates and maybe software upgrades.
Yep, got used to policy manager. I barely use the webui. It is far superior to do version upgrades thou.
Better than File upgrade next next finish? 
Can also schedule it for future date/time as well. Has only bit us once about two years ago there was an issue with the firmware for M200s. Fortunately we rolled out to a very small subset and only had to make a few on sites
Actually I think your right. You dont even have to down it if your using the webui right?
Yeah, webui downloads the file for you. I guess im just lazy.