Watchguard Firebox - Worth It or Not?
Today is 04-21-2019
Article by a very disappointed owner of the Firebox.
Why would the Firebox firewall fail while in the middle of all this other computer equipment?
I had just got off the phone with Watchguard Technologies and attempting to
troubleshoot why my WatchGuard Firebox had gone down after a power surge
and it being the only piece of my network equipment that appeared to be
damaged. The perplexing question is, why did the network go down and
obviously damage the Watchguard's electronic components in the 'External
Interface' while in the middle of this chain of other computer equipment?
Would it not stand to reason that if anything, it would have just blown the
line fuse, the router, or the switch first? And more importantly, is there a flaw in
the design of the power supply circuits on the Watchguard Firebox appliance?
Or maybe it was just the luck of the draw to get that one Firebox that could
only last that one month longer than the warranty period. Either way, it
sure made for a very expensive piece of equipment for only 1 year.
All systems and peripherals were protected by UPS systems that had adequate power for up to 30 minutes.
|External | Trusted
Wall --> Line Fuse --> Router --> Switch -->
--> FIREBOX -->
--> Servers and Stations on Network
In all fairness, the Watchguard Technology support group is one of the best
I've seen. It can be a very difficult task for the average Joe to try and
configure one of these appliances. They were more than helpful with their
product and helped very well with all my initial configurations. Since I'm
involved with primarily Linux systems anyway, it was a relatively easy task
for me to take on this product. I had called their support center a few
times in the first few months getting help and asking a few questions that
I had felt were not clear in what documentation I had from them. At the time,
I paid close to $3000.00 for this firewall appliance. In the one and only year
the Watchguard Firebox lasted, it had become a very important part of my network. I
loved this piece of equipment. The keyword here is loved. Like in past tense.
For some mysterious reason I had a hardware failure after this surge, but none of
my other computer equipment had been damaged.
But what if you have hardware problems and you're just a couple of months out of warranty?
I feel like I paid a great deal of money for this firewall. It's two months
out of the one year warranty and I'm having trouble getting help from
Watchguard. They told me that they would have to get a manager to call me
back about how, when and if I can even send this Firebox back to them to be
repaired. In other words, they were telling me that they may not be able to
repair my Watchguard Firebox. And all this time I've been telling my fellow
Administrators that the Firebox is the greatest thing on earth. Do I now
tell them that you had better not have a hardware problem just out of warranty?
This is such a great piece of equipment, but it doesn't last very long? Is
their equipment not made well enough to last more than a year? Where is the
Watchguard Firebox manufactured?
What other people suggested I did about this loss.
I had quite a few friends suggest that I contact my UPS Backup vendor and
tell them that my Watchguard Firebox had blown up while running under their
UPS systems. No, they were not to blame. I had one other piece of shared
equipment on the same AC line and it didn't blow. I had others suggest
that I contact my insurance company. No, I didn't feel that was right
either and didn't do that. I feel there is only one group that could have
made this up to me and that was Watchguard. This problem came from an
overloaded input which had first passed through the fuse and router before it
even got to the 'external interface' of the Watchguard Firebox. NO OTHER
EQUIPMENT WAS DAMAGED.
Watchguard doesn't repair their own equipment. Higher costs for replacements.
After a brief amount of time, Watchguard did call me back and tell me that
since my product was one month out of it's one year warranty, that I could
get on their 'Out Of Warranty Program for WatchGuard Hardware'. They told me
that I could pay the replacement fee of $895.00. I at least expected to have
this piece of equipment a little longer than a year. Thought this would have
justified the cost. But at these rates I won't be able to keep up with them.
I was informed, at the date this document was started, that there was no
expiration date on their 'Out Of Warranty Program for WatchGuard Hardware'.
So if and when I feel like shelling out this additional amount, I can get
my firewall back up and running. Maybe this is the time to really utilize
what knowledge I have about firewalls and get busy with building this myself.
I had been running multiple layers of firewalls on my other linux systems
anyway. Doesn't look like I'm going to get help from Watchguard.
Last possible effort.
Not being able to ping any IP Addresses that I had set up on the Firebox,
and with the loopback test not working, it was giving me the clue that I
most likely had hardware problems.
After quite a few screws on the firebox, I was able to open the little
red box and take a look. If there was a noticeable hardware problem, it
would allow me to at least make an assessment from that angle before trying
any more possible software solutions. A colleague of mine was sure it had
to have been some type of config error, maybe scrambled from the surge. Guess
this was certainly a possibility, but wasn't the case. One of the surface
mount chips on the 'External Interface' had carbon deposits on it and a
bubble in the middle of the chip. That was the burning smell I had noticed
just after the power surge. On my model, there were no external cards
what soever. They are all built in, on to this little motherboard. There
was no hard drive. Two pci slots, that literally sat in the middle of the
mother board, which would be difficult to mount anything to. There are a
lot of surface mount chips all over this little motherboard. There are no
replaceable parts on this entire board except for maybe the power supply,
ram and housing for the expansion slots. This would probably have to be
sent to Watchguard for replacement. The surface mount chips all seem to
have been soldered, no sockets. I would assume this board would have to
be trashed. They could afford to trash the mother board at the rate they
are charging for replacement. Someone else made the comment to me saying
that I wasn't paying for the board, I was paying for their technology. I
told them that I thought I paid that to Watchguard the first time.
It still bothers me why the Firebox box was damaged yet no other equipment
on the network had been damaged. A high enough level of EMF obviously passed
from the line, through the fuse, and passed through the router to the 'external
interface', but the Firebox could not handle the input. The surface mount
chip blew at this stage. Is there no tolerance for headroom at all on the
input stage of the 'external interface'? Should there have been some type
of fuse or circuit breaker at this stage of the input? A fused input stage
would have been a lot cheaper, saved time, put the Firebox back up and running
and made a lot more sense than sending this back to Watchguard and paying for
a $900.00 replacement box. Stupid me, I guess they know this. But do all the
professional techs that support this product know this?
I was just wondering if anyone else was having hardware related stories/nightmares about the Firebox.
If you would like, please send me your firebox story. Would love to hear about it.
You can e-mail me your Firebox story here;
e-mail Firebox Story