watchguard

Onega Awarded Silver Partner Status In New WatchguardONE Program

Onega have been installing and maintaining Watchguard firewalls for many years, and from time to time Watchguard releases new products and realigns itself with the channel. In the past we have been qualified as Certified Partners, Expert Partners, Silver and Gold Partners over time as the program has changed, and as new models have been introduced etc. Onega first became certified as an Expert Partner when Watchguard introduced their V-Class firewalls (and we have fond memories of our internal V-60 unit at the time) which were amongst the first devices to support 'fast path' architecture to allow for wire speed processing of firewall network traffic. 

Watchguard work with partners such as Onega Ltd to provide secure firewalls for business.

Onega have multiple engineers formally trained in Watchguard, and we pride ourselves that we can configure the firewalls to be more secure than 99% of the world's firewalls, which equates to achieving very high levels of network security as part of an integrated stack for clients.

We are happy that we've fulfilled the technical and commercial criteria to qualify as Silver Partners with Watchguard, and are looking forward to moving to the next step up in the program over time.

The Big Difference a New Firewall Can Make

We have just returned from London's West End having finished swapping out a client's older firewall for a 'latest and greatest' Watchguard Firebox M200

This all went very smoothly with only a few minutes downtime while the old firewall was taken out of the rack and the new one mounted and connected. We timed this at 3 minutes and 21 seconds which is not bad considering the new firewall needed to boot as well once plugged in. Normally we aim for about 6 seconds disruption if we can mount the new firewall alongside the old unit in the rack ready for switchover (which was not possible in this case). Given that the old firewall (a venerable Watchguard X750e) had served since 2008 or 2009, it had very much done its time. Despite the office being a nice clean, light and airy environment, the amount of dust that had accumulated in the legacy firewall reminded us of the pictures you are shown at school of the inside of a smoker's lungs.  

The old firewall was still working though so why did we recommend swapping it out and why is our client glad that we did? 

Technology has come along a fair bit in the 6 years between 2008 and 2015 and as ever, machines get quicker and more capable. The most important things in our eyes (and from long experience in support) that made this worthwhile were: 

1) UTM services at full speed. UTM stands for 'Unified Threat Management' and basically means one box doing many jobs. It used to be that you had one box for web filtering, another for gateway antivirus, another again for anti-spam, one for your SSL VPN (if you had one) and of course one for your router and one for your firewall. With the current generation of hardware, and leveraging 'The Cloud' one box can do it all. This saves cost, space, power, money etc. and makes everything easy to manage from one place.

The difference between the current mainstream firewalls in the wild and the very latest is that with the Watchguard M200, M300 and its cousins higher up the line, the UTM functionality all works close to wire speed for the rated number of users supported by the device. This contrasts with the previous status quo whereby you would accept that when you turn on a new feature, you implicitly trade off some response time. Thus you had to find the right balance of how secure the firewall (and hence your network) was set to be and how this would deliver on user expectations as to web page load times etc. We like turning the whole UTM suite on as, when configured correctly, it will more than pay for the cost of the firewall over time. It does this by helping reduce instances of (for example) staff accidentally loading malware onto their PCs as every page is virus scanned, checked against a good reputation database and regularly updated blacklists, to ensure that the risk of loading something bad onto your machine is minimised. This saves staff time from lost productivity while their machine is down, saves time and cost in IT support for the company, and reduces risk of data loss through a Trojan getting into the system. If it all works as it should (it does) then IT gets to sleep easier over systems and the only problem you are then faced with is that as it works so well, management might question if a firewall is needed as 'we don't have any network security problems'. The answer to this is of course that it is partly thanks to the firewall that this is the case (and of course your efficient patch schedule, up to date endpoint antivirus, secure DNS and careful network privilege management etc.).

2) SSL-VPN - This is not a new feature to Watchguard, but it is one that was not available on the older firewall that was in place at our client site, and something that many may have available on their firewalls but not be currently using. While the world is moving to the cloud, and the latest Watchguard firewalls are very 'Cloud Connected', there are still plenty of times when you need to connect from a laptop or home office PC back to your office network. One of the very best ways to do this is with an SSL VPN (as opposed to an IPSEC or PPTP VPN) - if these TLA's (Three Letter Acronyms! - and yes there are 4 or 5 here) are confusing then suffice to say that PPTP is generally regarded as weak and obsolete, IPSEC can be secure but also complex, cumbersome and liable to blocking, but SSL VPN connections will allow you to connect to your office anywhere you can get a secure web page from (i.e. hotels, airports, anywhere really). Now you can have a reliable and robust VPN that works from nearly anywhere with minimal hassle.  The M200 makes this easy and with a few clicks it is configured, and the corresponding client software setup is a Click Next Click install. Bottom line is less frustration as a business user when travelling, in terms of getting online from wherever work takes you.

We only had two points here, but actually have covered many areas. When you invest in IT, you need to consider not only cost but benefit, ROI, TCO etc. which pale the dollar cost of the machines into insignificance over time.

To sum it up, we like the new M200 series fireboxes as they really do let you have your firewall UTM cake and eat it.