WatchGuard Security Appliances

WatchGuard Security Appliances

A WatchGuard Security Appliance is a managed firewall/router/security appliance solution that we offer to our customers. A WatchGuard Security Appliance offers many benefits including:

  • Connect to multiple ISP’s or multiple WAN based networks for fault tolerant internet connectivity.
  • Multiple WAN connections can be configured with one primary and one fail over connection or can be setup in a Round Robin configuration for load balancing between WANs.
  • Connect and consolidate multiple LANs via a single security device for enhanced network and broadband management while maintaining isolation between multiple physical or VLAN based LANs
  • Provide multiple and independently isolated DHCP service configurations to multiple LAN networks simultaneously through a single appliance.
  • See IP traffic for inbound/outbound connections in real-time to quickly assess and identify heavy bandwidth usage.
  • See individual data packet transmissions as they pass through the security appliance.
  • On wireless based models, provide multiple wireless networks both integrated and segregated through a single appliance.
  • Real-time protection as new exploits and attack vectors emerge thanks to managed security updates and cloud integration.
  • VPN services available for both client to site VPN sessions as well as site to site VPN uplinks.

WatchGuard Security Appliances have an initial cost as well as a yearly license renewal that comes in two flavors, Basic Security and Total Security Suite. We usually sell our WatchGuards with the Basic Security Suite, which includes various protection layers required by most IT related regulations for Best Practice Cyber Security. Other features offered in the Total Security Suite overlap with security services we already offer without the need of additional hardware via our Endpoint Management and Endpoint Security services included in our monthly support plans.

WatchGuard Basic Security Suite

  • Intrusion Prevention – Intrusion Prevention Service uses continually updated signatures to scan traffic on all major protocols, providing real-time protection against network threats, including spyware, SQL injections, cross-site scripting, and buffer overflows.
  • Reputation-Based Threat Prevention – A powerful, Cloud-based web reputation service that aggregates data from multiple feeds to provide real-time protection from malicious sites and botnets, while dramatically improving web processing overhead. 
  • URL Filtering – In addition to automatically blocking known malicious sites, WatchGuard WebBlocker delivers granular content and URL filtering tools to block inappropriate content, conserve network bandwidth, and increase employee productivity.
  • HTTP/HTTPS Proxy – WatchGuard Security Appliances, by default, won’t allow your web browser to download executable files from non-secure websites, that is, websites that do not offer a valid security certificate to verify the site owner’s identity. All websites should be employing digital certificates now. If they don’t, they are not trustworthy, especially when handing out executable code. The Proxy includes a white list function to white list URLs that you do trust but are not secure, though the industry as a whole has been moving to HTTPS and away from the HTTP protocol for several years now. This move has been led by Mozilla, Google and Microsoft.
  • Gateway AntiVirus – Leverage continuously updated signatures to identify and block known spyware, viruses, trojans, worms, rogueware and blended threats – including new variants of known viruses. At the same time, heuristic analysis tracks down suspicious data constructions and actions to make sure unknown viruses don’t slip by.

If you still utilize in-house Exchange/email servers the following feature will apply to you that are also included in the Basic Security Suite:

  • Spam Prevention – Real-time, continuous, and highly reliable protection from spam and phishing attempts. WatchGuard spamBlocker is so fast and effective, it can review up to 4 billion messages per day, while providing effective protection regardless of the language, format, or content of the message.

It’s important to consider bandwidth whenever you utilize a security appliance/firewall such as a WatchGuard Security Appliance. Each layer of security can have a significant impact on bandwidth availability and throughput by introducing additional overhead to your data streams. When Fast Assist quotes you a WatchGuard Security Appliance, we take many factors into account to offer you the best option for you budget and bandwidth needs. Basically, we want to provide you high level of security but at a bandwidth rate that doesn’t throttle your bandwidth being provided by your ISP.

Many people fail to take into account the fact that monitoring data packets for malicious signatures and activity takes processing power which equals time….time in milliseconds but time nevertheless. Milliseconds of time can quickly turn into an eternity when multiplied by number of concurrent sessions. Also, is your current firewall/router equipped to handle the number of concurrent sessions being generated on your network even without the overhead of security? A single end user/endpoint can generate anywhere from 200 to 500 or much higher concurrent sessions. We take factors like this into account when we quote you a WatchGuard device.

When purchasing a WatchGuard Security Appliance, it should be purchased via an authorized WatchGuard Re-seller. There are many important reasons for this, including ownership, license management and security related issues that can arise from purchasing a WatchGuard device second hand.

If you would like for us to manage your WatchGuard Security Appliance on your behalf, you can click the link below.

Allow Fast Assist, an authorized WatchGuard re-seller, to manage my WatchGuard Security Appliance