Why WatchGuard?Why WatchGuard instead of {insert brand name here}? Good question.
Fine Grain Control
First and foremost, WatchGuard has fine-grain control. This means that WatchGuard will inspect every incoming and outgoing traffic. This is done on a port level (0-65,535) and a portocol level. This means it can allow/deny protocols on ports that it should not be running on. This is different than lower-end systems that will allow all outgoing traffic but only port-forwards incoming ports.
Automatic Deny
WatchGuard automatically denies something that it does not recognize. This is important for security. This way, only items that need to go through are doing so through manual allowance rather than automatic allowance.
Multiple Interfaces
WatchGuard can handle multiple interfaces. This means dual WAN connections or possibly more; such as dual-WAN and MPLS connections. Or perhaps a single WAN connection and multiple internal network segments that are completely separate. Think in terms of an office suite where there might be 5 tenants or more sharing a single internet connection. The economies of scale are at work here as every tenant could share a single fiber connection rather than each getting their own WAN/ISP.
Multiple IP Addresses
WatchGuard can handle multiple public IP addresses all on the same interface. This means that we can use one ip address for our LAN and other dedicated IP addresses for servers. This helps for security but also if you have multiple servers using the same port number, say port 80 for web hosting. You can have multiple web servers behind the same WatchGuard with different public ip address but using the same WAN connection.
No Reboot Configuration Updates
WatchGuard will apply new configurations without rebooting the system. The only time a reboot is needed is when the OS is updated. This is a dream if you ever managed any other system that wants to reboot everytime a change is made.
Wireless Controller
WatchGuard has wireless controller builtin. This allows for easy deployment of several access points (AP's) at once. It will sniff out new AP's and ask if it should manage them. This can be done via internet as well. So upgrading AP firmware is done in one fell scheduled swoop in the wee hours of the morning during low/no traffic.
Business Class Ready
WatchGuard is business class ready. Stop using home quality routers at the office. With uptimes more than a year, WatchGuard is built for the offices both large and small.
Integrated Threat Detection Against Cryptolocker
WatchGuard has integrated Threat Detection client that can run on the systems. If cryptolocker is detected, WatchGuard can shut it down automatically.
VPN Options
WatchGuard handles VPN through SSL VPN (it can also do PPTP and IPSEC). With PPTP being outdated and other systems difficult to setup, WatchGuard SSL VPN works out of the box. And it works at most remote situations since it runs over https/port 443. This saves on support time for road warriors and conference travelers needing to connect back to the office.
Also WatchGuard VPN can be site to site with super easy drag and drop configuration.
Next, WatchGuard VPN can be split-tunnel for remote workers. This allows remote workers to use the local internet connection for web surfing and the VPN connection for office network shares. Helps in situations where road warriors need to print to their local network printers but still need access to the office server.
WatchGuard VPN works with OpenVPN. This allows the traffic to be forced over the VPN connection.
Centralized Management
WatchGuard can be managed centrally through WatchGuard System Manager. This means that if you have several WatchGuard firewalls (or hundreds... cough, cough), you can manage them all from a single console. This manages licenses, upgrades, wireless firmware, firewall rules. You name it and the WatchGuard System Manager can manage it.
Centralized Reporting
Likewise, WatchGuard has Centralized Reporting in the form of WatchGuard Dimension. All traffic from all clients across all WatchGuard Firewalls is recorded in a central location. If we need to run a report on web sites visited during a certain time, no problem. Here it is.
Putting All Together
Putting this all together means that we can manage many WatchGuard systems and their wireless access points and their reporting across North America without ever leaving network operations center.