Total security suite and DNSWatchGo

RalphtheMacRalphtheMac
in DNSWatch - General

Hi there, I am trying to ascertain what benefits I might get for my users/endpoints from DNSWatchGo.
We already have Total Security Suite on Watchguard Firewalls, accross a number of sites. Home users _usually _ use a VPN that is not split tunnel.

I had thought that possibly DNSWatchGo might protect home users that are not on VPN. However, I dont fully know the benefits of the product over and above what the firewall setup offers (with DNS protection already setup).

So my question is -
aside from users at home that do not use VPN - does DNSWatch offer extra protection over the firewall protection for users on and offsite? if so, what is it!?

Thank you!

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @RalphtheMac
    The DNSWatchGo client doesn't really provide any additional protection if your network is already DNSWatch protected. It just makes the protection portable and allows for reporting on that protection. If you have it on a full/zero route tunnel, you're already getting that via the firewall.

    -James Carson
    WatchGuard Customer Support

  • Tristan.ColoTristan.Colo
    edited November 2022

    Even more-so.... if you have EPDR already DNSWatch Go is kind of Moot since the WebCategories on EPDR are the exact same. If you wanted a WG Endpoint solution for better protection I would advise EPDR... it is better bang for your $$$ and does more than simple providing a web-filter for your agents.

    Plus, it seems to be EPDR will inevitably be the "main agent" WatchGuard pushes for endpoint-based items in the future roadmaps as they consolidate their endpoint solutions under EPDR.

    Here is information on EPDR's "Web Access Control" function which is what you get on top of a bunch of other goodies like Endpoint sandboxing and Ransomware detection.

    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Endpoint-Security/manage-settings/configure-web-access-control.html

    NOTE: it's not mentioned in the article above but the categories are the exact same as the WatchGuard/DNS WatchGo categories which you can find info on said categories here:

    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/webblocker/webblocker_categories_websense_c.html

  • Tristan.ColoTristan.Colo
    edited November 2022

    @james.carson said:
    Hi @RalphtheMac
    The DNSWatchGo client doesn't really provide any additional protection if your network is already DNSWatch protected. It just makes the protection portable and allows for reporting on that protection. If you have it on a full/zero route tunnel, you're already getting that via the firewall.

    I believe you are right when it comes to Full Tunnell'd VPN solutions as DNS Watch will happen as everything routes through. However, on split tunnel traffic anything that goes to public DNS will bypass the WG filtering completely (from what I have seen in my deployments) which seems to be the issue RalphtheMac is trying to address from what I read.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @Tristan.Colo The customer mentions "Home users _usually _ use a VPN that is not split tunnel." which is what I was going off of.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.