Back to GetFilings.com

Table of Contents

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 10-K

FOR ANNUAL AND TRANSITION REPORTS

PURSUANT TO SECTION 13 OR 15(d) OF THE

SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended December 31, 2002

OR

For the transition period from                         to                        

Commission file number 000-26819

WATCHGUARD TECHNOLOGIES, INC.

(Exact name of registrant as specified in its charter)

505 Fifth Avenue South, Suite 500, Seattle, WA 98104

(Address of principal executive offices) (zip code)

(206) 521-8340

(Registrant’s telephone number, including area code)

Securities registered pursuant to Section 12(b) of the Act:

None

Securities registered pursuant to Section 12(g) of the Act:

Common Stock, $.001 par value

Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports) and (2) has been subject to such filing requirements for the past 90 days.    Yes  x    No  ¨

Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K.    x

Indicate by check mark whether the registrant is an accelerated filer (as defined in Exchange Act Rule  12b-2)    Yes  x    No  ¨

The aggregate market value of the voting and nonvoting common equity held by nonaffiliates of the registrant, based on the last sales price of the registrant’s common stock on June 28, 2002, as reported on the Nasdaq National Market, was approximately $141,543,691.

As of March 17, 2003, there were 32,828,311 shares of the registrant’s common stock outstanding.

DOCUMENTS INCORPORATED BY REFERENCE

The information required by Part III of this report, to the extent not set forth herein, is incorporated into this report by reference to the registrant’s definitive proxy statement for the annual meeting of stockholders to be held on May 22, 2003. The definitive proxy statement will be filed with the Securities and Exchange Commission within 120 days after December 31, 2002, the end of the fiscal year to which this report relates.

Table of Contents

WATCHGUARD TECHNOLOGIES, INC.

ANNUAL REPORT ON FORM 10-K

FOR THE FISCAL YEAR ENDED DECEMBER 31, 2002

TABLE OF CONTENTS

Table of Contents

PART I

Forward-Looking Statements

Our disclosure and analysis in this annual report contain forward-looking statements, which provide our current expectations or forecasts of future events. Forward-looking statements in this annual report include, without limitation:

Words such as “believes,” “anticipates” and “intends” may identify forward-looking statements, but the absence of these words does not necessarily mean that a statement is not forward-looking. Forward-looking statements are subject to known and unknown risks and uncertainties and are based on potentially inaccurate assumptions that could cause actual results to differ materially from those expected or implied by the forward-looking statements. Our actual results could differ materially from those anticipated in the forward-looking statements for many reasons, including the factors described in the section entitled “Important Factors That May Affect Our Business, Our Results of Operations and Our Stock Price” in this annual report. Other factors besides those described in this annual report could also affect actual results. You should carefully consider the factors described in the section entitled “Important Factors That May Affect Our Business, Our Results of Operations and Our Stock Price” in evaluating our forward-looking statements.

You should not unduly rely on these forward-looking statements, which speak only as of the date of this annual report. We undertake no obligation to publicly revise any forward-looking statement to reflect circumstances or events after the date of this report, or to reflect the occurrence of unanticipated events. You should, however, review the factors and risks we describe in the reports we file from time to time with the Securities and Exchange Commission, or SEC.

ITEM 1.     BUSINESS

Overview

WatchGuard is a leading provider of Internet security solutions designed to protect enterprises that use the Internet for e-commerce and secure communications. Our mission is to provide enterprises worldwide with stronger Internet security solutions by offering integrated, multi-layered defenses and tools that protect against known and future threats in a smart way by including simplified implementation and management and proactive security with our LiveSecurity Service. With the risk that threats and attacks will compromise multiple points in a corporate network, the requirements of a security solution have expanded beyond the core requirement of firewalls for access control and virtual private networks, or VPNs, for secure communications. The comprehensive nature of an effective security solution, however, requires a robust and intuitive system that simplifies the implementation and management of the system. Because the security landscape is constantly evolving, an effective security solution must also be dynamic to allow an enterprise to keep its defenses ahead of the latest threats and attacks.

3

Table of Contents

Thousands of enterprises worldwide use WatchGuard’s award-winning products and services to address these challenges. These products and services include our high-performance Firebox and RapidStream firewall and VPN appliances for access control, secure communications and (with certain of our Firebox products) network-based intrusion protection capabilities, and our ServerLock technology and anti-virus solution for content and application security for servers and desktops with host-based intrusion protection capabilities. The centralized point-and-click management of our solutions allows even the non-security professional to effectively install, configure and monitor our security products while the networking features of our Firebox Vclass product line provide the functionality required for more complex network installations. In addition, our innovative subscription-based LiveSecurity Service enables our customers, with minimal effort, to protect their data and communications in a continuously changing environment.

Our core market spans the small- to medium-sized enterprise, or SME, market, from companies at the lower end, where ease-of-use is a key requirement, to companies at the high end, including those with high-speed connections supporting VPNs between the corporate headquarters and geographically dispersed branch offices, where performance, scalability and networking features are key requirements. In addition, with the recent addition of our RapidStream line of “Secured by Check Point” appliances, we also have the opportunity to leverage Check Point Software Technologies Ltd.’s established presence in the large enterprise market. Our security solutions also give enterprises a security management choice. An enterprise can manage its own Internet security with our product offerings or outsource its security management to an Internet service provider, or ISP, or other managed service provider implementing our managed security solutions. For the service provider, our technology improves the economics of managed security services through a scalable delivery platform that enables the service provider to remotely configure and manage thousands of customer sites quickly and easily.

We sell our Internet security solutions indirectly to end-users through thousands of distributors and resellers, with customers located in over 125 countries. We also sell directly and indirectly to a number of service providers that implement our managed security solution. As of December 31, 2002, we had shipped over 150,000 of our security appliances.

We initially incorporated in Washington in 1996 and reincorporated in Delaware in 1997. References to “we,” “our,” “us” and “WatchGuard” in this annual report refer to WatchGuard Technologies, Inc., our subsidiaries and our predecessor. Our executive offices are located at 505 Fifth Avenue South, Suite 500, Seattle, Washington 98104, and our telephone number is (206) 521-8340. We make available on our Web site, free of charge, copies of our annual report on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to those reports filed with or furnished to the SEC, as soon as reasonably practicable after filing or furnishing the information to the SEC. This information can be found in the investor relations portion of our Web site, which is located at www.watchguard.com. You may also inspect and copy the documents that we have filed with the SEC, at prescribed rates, at the SEC’s Public Reference Room at 450 Fifth Street, N.W., Washington, D.C. 20549. You may obtain information regarding the operation of the Public Reference Room by calling the SEC at 1-800-SEC-0330. In addition, the SEC maintains a Web site that contains reports, proxy and information statements and other information regarding issuers that file with the SEC, at http://www.sec.gov.

Industry Background

Reliance on the Internet

The growth in the Internet has provided enterprises, regardless of size, with new revenue opportunities through global distribution of products and services and has enabled significant reductions in sales and marketing costs through automation and instantaneous access. Because of its affordability, global reach and versatility, the Internet is a particularly powerful and necessary tool for enterprises. Enterprises are increasingly required to establish secure Internet access to facilitate and support strategic business objectives. In a marketplace that is becoming more competitive, enterprises are increasingly utilizing new business tools and initiatives, such as remote access, e-commerce, online customer service and supply chain management to gain competitive advantage.

4

Table of Contents

The need for Internet security

The increased importance of e-commerce and the proliferation and growth of corporate intranets have dramatically increased the openness of computer networks, with the Internet becoming a widely accepted platform for many business-to-business and business-to-consumer transactions. The accessibility and relative anonymity of users in open computing environments, however, make systems and the integrity of information stored on them increasingly vulnerable to security threats. Open systems present inviting opportunities for computer hackers, terrorists, curious or disgruntled employees and contractors, and competitors to compromise, alter or destroy sensitive information within the system or to disrupt operations and Internet access. In addition, open computing environments are complex and typically involve a variety of hardware, operating systems and applications supplied by a variety of vendors, making networks difficult to manage, monitor and protect from unauthorized access. In addition, because even smaller organizations are rapidly adopting public-facing Web and application servers, they now face the types of threats and vulnerabilities that had been previously reserved for much larger organizations that could deploy sufficient personnel to meet that challenge.

New attacks and security vulnerabilities are created or discovered on almost a daily basis. According to the Computer Emergency Response Team, a federally funded research and development center, not only is the number of cyber incidents and attacks increasing at an alarming rate, but the number of vulnerabilities is increasing as well. The number of vulnerabilities, or faults in software and hardware that may permit unauthorized network access or allow an attacker to cause network damage, has increased almost four-fold in two years, from 1,090 reported vulnerabilities in 2000 to 4,129 reported vulnerabilities in 2002. The annual Computer Security Institute, or CSI, survey conducted in 2002 highlights the potential risks faced by organizations connected to the Internet. The CSI survey revealed that 90% of companies responding had experienced security breaches and that 70% of these breaches were considered serious, with companies experiencing theft of proprietary information, financial fraud, or sabotage of data or networks. The average loss due to financial fraud or theft was estimated at over $1 million. But the risks extend beyond outside attackers—71% of surveyed companies reported insider attacks. In addition to an increase in the number of attacks, the speed of propagation of these attacks is increasing as well. For example, NIMDA, an automated Internet attack that was a blend of a computer worm and a computer virus, spread across the United States in approximately one hour, lasted for days, and attacked approximately 86,000 computers. Code Red, another Internet attack, infected approximately 150,000 computer systems in approximately 14 hours. Organizations therefore often do not have the luxury of waiting for an alert about a current threat, but must be proactive in their defense against Internet security attacks.

The need for increased Internet security has been recognized at the highest national levels. In November 2002, President George W. Bush signed legislation creating the Department of Homeland Security. For fiscal year 2004, the Bush administration has requested $4.7 billion for Internet security, up from $4.2 billion in fiscal year 2003 and $2.7 billion in fiscal year 2002.

The Internet security challenge

Adequate Internet security is not a response to a single challenge, but rather a response to a variety of business requirements. For example, because enterprises need to control the flow of information between their internal networks and the Internet, they need firewalls, which are important components of a comprehensive security solution. A firewall, a security component that varies in complexity, is designed to block access from the Internet to an enterprise’s internal networks, as well as control the flow of and access to information shared between the networks and the Internet. A comprehensive security solution should also integrate several other sophisticated security layers, such as VPNs, to enable encrypted communications between points on the Internet, and content and application security for servers and desktops to protect critical data and services against unauthorized or unintentional changes.

Even a comprehensive solution, however, must be easy to install, configure and manage to be truly effective. With businesses increasingly establishing secure Internet access for branch offices, trading partners and traveling employees, an enterprise must deploy point solutions such as firewalls and VPNs to fully protect the

5

Table of Contents

corporate network, as well as protect multiple servers and desktops in various locations. Without a robust, intuitive and easy-to-use system to manage these point solutions, the complexity and difficulty of successfully implementing a corporate information security solution rises dramatically.

To further complicate matters, the dangers against which an effective Internet security solution must protect are dynamic rather than static, with new types of intrusion schemes, worms, viruses and other security threats and vulnerabilities emerging constantly. CERT handled 82,094 security incidents in 2002, approximately 56% more than the 52,658 security incidents handled in 2001, and almost four times the 21,756 security incidents handled in 2000. In addition, unless an enterprise can timely and easily implement updates across the enterprise’s point solutions protecting its network, the enterprise may need dedicated, and expensive, security experts to proactively identify, obtain and manually implement these updates quickly and correctly.

The Internet security opportunity

According to the VPN and Firewall Products Quarterly Worldwide Market Share and Forecasts for 4Q02 report from Infonetics Research, Inc., “end-user demand is clearly a fundamental driver for deployment of VPN and firewall products, and demand is skyrocketing.” Infonetics reports that the worldwide market for VPN and firewall appliances reached $1.4 billion in 2002 and is forecasted to grow to $2.2 billion in 2006, at a compound annual growth rate, or CAGR, of 22%. In addition, Infonetics believes that most end-users are moving from a model of centralized Internet connectivity to distributed connectivity, taking advantage of the cost savings offered by VPNs.

Enterprises require a robust, comprehensive Internet security solution that secures all vulnerable points in the corporate network, that can be installed, configured and managed easily, and that can be kept up to date quickly and effectively, all for an economical price. In addition, many enterprises would rather outsource the management of their Internet security to ISPs and other managed service providers. Service providers face challenges, however, in delivering affordable security services that can be rapidly and economically deployed to thousands of customer sites and easily managed from a central location.

The WatchGuard Solution

WatchGuard’s security products and services offer an innovative approach to Internet security. Our solution has the following key benefits:

6

Table of Contents

Strategy

Our objective is to be the leading provider of Internet security solutions to SMEs worldwide and opportunistically expand our presence into other market segments. Our strategy to achieve these goals is based on the following key elements:

Continue to extend our leadership position in our core portion of the SME market and expand into the high end of the SME market with technological innovation

We intend to both solidify and further extend our SME market leadership position by expanding and enhancing our integrated Internet security solutions. We plan to accomplish this by increasing the breadth and depth of our multi-layered defense with additional intrusion detection and prevention, or IDP, technology, vulnerability assessment tools and services, and enhanced spam filtering and application layer security, while integrating these layers in a single, easily-managed appliance. Over time, we also intend to converge the security, management and hardware technology of our core product lines while preserving our existing customer base. This will allow us to provide higher performance appliances to the lower end of the SME market and increase the security features and functionality available to the higher end of the SME market, in addition to reducing our development and manufacturing costs and our time-to-market for future technology.

Expand, enhance and leverage our innovative LiveSecurity Service

Our subscription-based LiveSecurity Service is an innovative, value-added security service that provides information and virus alerts, threat responses, software updates, support flashes and expert editorials, along with training and technical support, over the Internet directly to our subscribers and service provider partners. We plan to expand and enhance our LiveSecurity Service, and therefore the value of our subscription service, by adding new software and services through internal development and partnering with third-party providers. We also intend to better leverage this relationship with our installed customer base by increasing the number of software and service add-ons sold through this service to these existing customers. As we expand and enhance our LiveSecurity Service, we plan to ensure that it remains easy to implement and use by enterprises of all sizes and by service providers.

Utilize our innovative ASIC-based hardware technology to differentiate and distance our solutions from our competition

We intend to utilize our innovative application-specific integrated circuit, or ASIC, architecture to facilitate the integration and efficiency of additional security layers in our easily-managed security appliance, while reducing our manufacturing costs and increasing our product development flexibility. We expect that our next-generation ASIC-based solutions will accomplish this with hardware designed to accelerate the performance of these additional layers without degrading the performance of the core firewall and VPN functionality and allow

7

Table of Contents

“stacking” of multiple ASICs to leverage the same technology across a broad range of products. We believe this will allow us to provide a multi-layered defense integrated into an appliance that offers customers significant price and performance benefits.

Leverage third-party technology and resources to enhance our product offerings and penetrate the large enterprise market

In addition to utilizing internal development efforts, we plan to increase the breadth and depth of our multi-layered defense by leveraging the technology of third parties, which may involve either partnering or acquisition strategies. We also plan to continue to leverage Check Point’s established presence in the large enterprise market by making a Check Point software solution available on the same hardware platforms we utilize for our core product lines, which allows us to address a market we could not otherwise efficiently address. This strategy allows us to further increase our time-to-market and reduce our development risk while gaining the benefit of other parties’ expertise in particular technologies or markets.

Continue to expand WatchGuard brand awareness

We believe that we have an opportunity to make the WatchGuard brand synonymous with Internet security worldwide. We will continue to participate in public relations activities, seminars and trade shows, both domestically and abroad, to secure WatchGuard’s position as an expert and innovator in Internet and network security, as well as leverage our Web site and increase our end-user demand generation activities. Through online and print advertising, direct mail, e–mail and telemarketing campaigns, and particularly through our Web site and sales tools, we intend to leverage our marketing activities worldwide to uniquely position WatchGuard in the marketplace and clearly communicate the benefits of our comprehensive solutions to our customers and partners. We also intend to introduce innovative programs designed to simplify the purchase of our products, and to offer end-users product and service options that allow them to customize the solution to better address their needs. We will also strengthen our focus on specific vertical markets, such as state and local government agencies and education and health care organizations, to expand our customer base and provide the right solutions to address the special needs of these vertical markets.

We have not determined a schedule for implementing these components of our strategy. The timing for executing our strategies will depend on market conditions, the availability of strategic opportunities and the availability of management resources.

Products and Services

Our comprehensive security solutions include an integrated suite of security and management software, an Internet security appliance and a dynamic Internet-based service to keep security defenses current. These solutions provide access control, VPN, intrusion prevention capabilities and content and application security for servers and desktops. Enterprises may use our products to internally manage their Internet security or elect to outsource security management to a service provider implementing our managed security solution.

Security Layers

Firewall and VPN

By using our Firebox products, an enterprise can quickly and affordably deploy comprehensive perimeter security protection and VPN capability across its network, but still retain centralized control and administration. In addition, our LiveSecurity Service enables enterprises to augment their information technology staff with our security experts, which we believe substantially reduces personnel costs. Our Firebox III products include an initial one-year subscription to our LiveSecurity Service and our Firebox SOHO and Firebox Vclass products include an initial 90-day subscription to our LiveSecurity Service.

8

Table of Contents

We currently offer the following Firebox III/Firebox SOHO and Firebox Vclass models:

9

Table of Contents

10

Table of Contents

RapidStream currently offers the following models:

    Server Security

For enterprises of all sizes, the ServerLock System provides host-based intrusion protection capabilities and server content and application security that protects critical data and services against unauthorized or unintentional access or manipulation, such as Web site defacement and the deposit of malicious code. This protection is offered through a combination of kernel-level software, secured remote communications, centralized management and a simplified dual-mode administrative model. We also offer an application-specific version of our server security software for Web sites residing on a Windows NT or Windows 2000 server using Microsoft IIS. Every standard ServerLock System product includes an initial one-year subscription to our LiveSecurity Service. We currently offer the following server security products:

11

Table of Contents

Desktop Security

Through our relationship with Network Associates, Inc., we currently offer desktop virus protection with the McAfee Virus Scan ASaP product for Microsoft Windows 98, NT and 2000 operating systems. Every standard Firebox product includes either one annual Virus Scan ASaP license for our SOHO-class Firebox products or five annual Virus Scan ASaP licenses for all of our other Firebox products. Additional licenses may also be purchased separately.

Security Layer Management and Monitoring

We offer robust and intuitive management and monitoring of our comprehensive Internet security layers that reduce the complexity and difficulty of successful implementation and provide for better visibility of the security environment. Our management and monitoring tools include:

12

Table of Contents

LiveSecurity Service

Our subscription-based LiveSecurity Service for both enterprises and managed security providers and their customers includes (1) information alerts that offer timely analyses of breaking Internet security news combined with instructions on how customers can keep their networks secure, (2) virus alerts with information from McAfee that provide real-time virus alerts and specific information on how customers can protect their systems, (3) security threat responses that provide detailed information on high-profile security vulnerabilities as they develop, including information on how they may affect systems and what WatchGuard is doing to help its customers keep their networks secure and, when appropriate, software updates to address specific threats, (4) software updates, (5) support flashes with tips for managing WatchGuard products, (6) expert editorials to provide continuing education about Internet security, (7) interactive and Web-based technical support and (8) interactive and Web-based customer training. We currently offer standard and enhanced versions of our LiveSecurity Service, each of which provides end-users with differing levels of interactive technical support:

Standard Technical Support Service

Gold Technical Support Service Upgrade

Other Products

We offer additional products and options, including

13

Table of Contents

Customer Service

We make customer service a priority and consider it a competitive advantage for WatchGuard. Our staff of technical support representatives serves our end-users and our reseller, distributor and service provider partners by phone and via the Internet. Support is available to our partners that have representatives who have passed required WatchGuard technical training. For our end-users, we offer the two technical support programs described above, our Standard Technical Support Service and our Gold Technical Support Service Upgrade. In addition to the WatchGuard technical support staff, we offer all authorized WatchGuard customers access to our Web-based technical support self-help toolset 24 hours a day, seven days a week. These tools include comprehensive frequently asked questions, a listing of all known issues with our current software version (and any available work-arounds or fixes), and an interactive Web forum that allows customers to post WatchGuard-related technical questions to other customers and the WatchGuard technical moderator.

The WatchGuard Team of Experts

Rapid Response Team.    Our rapid response team identifies, analyzes and generates responses to new Internet security threats. To identify new threats, the team monitors a wide variety of Internet sources related to network security, including newsgroups, vendor Web sites and security-related bulletin boards. When the rapid response team identifies a new security threat, we send an advisory to our LiveSecurity Service subscribers informing them of what they need to do to keep their system secure and, if appropriate, provide software updates that address the threat. The team also provides other information of interest relating to Internet security.

LiveSecurity Advisory Council.    Our LiveSecurity Advisory Council provides continuing education and editorials on the rapidly changing subject of Internet security. The Council also contributes to the efforts of our rapid response team. Currently, the LiveSecurity Advisory Council is composed of Jack Danahy, Rik Farrow and David Piscitello.

Jack Danahy.    Formerly Vice President of Server Security at WatchGuard, Jack Danahy has more than 15 years of engineering and business development experience. Mr. Danahy founded Qiave Technologies Corporation, which was subsequently acquired by WatchGuard. Mr. Danahy is a frequent speaker on Internet security topics and has been a contributor to the U.S. Army War College, the Center on Law, Ethics and National Security, the 1997 President’s Commission on Critical Infrastructure Protection and the House Subcommittee on Information Technology. He is a charter member of the International Computer Security Association consortia on cryptography and ISP security and a member of the High Technology Crime Investigators’ Association. Mr. Danahy holds patents or has patents pending in kernel security, secure remote communications, systems management and distributed computing.

Rik Farrow.    Mr. Farrow provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984 and with TCP/IP networks since 1988. He has taught in a number of countries and for a variety of organizations, and consults with firms in designing and implementing

14

Table of Contents

security applications. Mr. Farrow is the author of UNIX System Security and is the co-author, with Rebecca Thomas, of UNIX Administrator’s Guide to System V. He writes a column for ;login:, the magazine of the USENIX Association, and a network security column for Network magazine.

David Piscitello.    Mr. Piscitello is an internationally recognized expert in internetworking and fast-packet technology. He founded Core Competence, a full-service internetworking, broadband, security and network management consulting firm with offices in Pennsylvania and South Carolina. He is the recipient of a Bellcore President’s Recognition Award for his contributions to SMDS, or Switched Multimegabit Data Service, ATM, or Asynchronous Transfer Mode, and customer network management for switched data services. Mr. Piscitello has authored books on internetworking and remote access and publishes articles regularly on a variety of subjects, including network security, wireless data networking, switched internetworking, Internet security and VPNs. Mr. Piscitello does testing, product reviews and evaluations of VPNs, firewalls, intrusion detection and other security products for leading trade publications and consults for Fortune 100 companies on extranets and Internet security. He is chairman of the Networld + Interop Program Committee and the founder and program chairman of the Internet Security Conference.

Licensing and Pricing

We offer our resellers, distributors and service provider partners discounts from our suggested retail prices. In addition, we offer educational discounts and promotional pricing as appropriate. All customers purchasing our Firebox and ServerLock products receive a perpetual license for our security and management software, which is included in the system price. Depending on the product purchased, each end-user purchaser of our standard products also receives a renewable one-year or 90-day subscription to our standard LiveSecurity Service. For our managed security solution, the service provider buys a license to use our network operations center security suite management and security software. In addition, the service provider must have an active subscription to the LiveSecurity Service for each end-user security appliance that it manages.

Sales, Marketing and Distribution

Because the need for Internet security crosses geographic and economic boundaries, our business opportunity extends worldwide to all business segments. Since our inception, we have invested heavily in worldwide sales and marketing. International sales generated 56% of our revenues in 2001 and 58% of our revenues in 2002.

We sell our security solutions through distributors, value-added resellers, or VARs, and service providers. We also sell our managed security solution products and services directly to service providers. We resell our products and services directly and indirectly through distributors, resellers and service providers, including

As part of our distribution network, thousands of resellers worldwide sell our security solutions. In 2002, we significantly realigned our channel network to focus our efforts on channel customers capable of assisting us in growing our business and expanding our reach into the higher end of the SME market and required many of our

15

Table of Contents

smaller channel customers to purchase our products and services through our established distribution partners. One of the key programs we implemented worldwide in our reseller channel to implement this realignment was our authorized reseller program, called the WatchGuard Secure Partner Program, or WSP Program. The WSP Program offers programs and financial benefits to security-focused resellers who meet technical and sales certifications and promote WatchGuard to end-users. At the end of 2002, we authorized over 500 WatchGuard Secure Partners worldwide. Our agreements with our distribution network are nonexclusive. As of December 31, 2002, we had shipped over 150,000 of our security appliances to our distribution network, which resells our products and services to end-users spanning a wide variety of industries and more than 125 countries.

We divide our sales organization geographically and by channel customer focus. We have sales teams specifically responsible for the Americas, Europe/Middle East/Africa and Asia Pacific. Our sales professionals are typically local nationals who live and work in their designated geographic regions. We also assign sales resources to specific channel categories, including distribution, resellers and managed security providers. In the Americas, our national account managers are responsible for our relationships with our distribution network, helping them sell and support key reseller accounts and acting as a liaison to our marketing and product development organizations. Our enterprise sales team works directly with resellers who purchase through distribution. The enterprise sales team recruits new resellers, provides training on WatchGuard products and assists in selling to end-user customers.

We have a dedicated channel marketing team responsible for delivering programs, sales tools and communication specific to the categories of channel customers. The team supporting national accounts works closely with distributors to market our products to their resellers through advertising, e–mail, training opportunities and seminars. The team supporting enterprise accounts promotes and manages the WSP Program, organizes training seminars and assists with co-marketing opportunities presented by our resellers. We actively participate in public forums to inform existing and potential end-user customers, distributors, resellers and service providers about the capabilities and benefits of our products. These include industry trade shows in every major geographic region, product technology conferences, regional awareness programs, trade publications and journals. We use the Web extensively to deliver information to both end-users and our channel customers and have a dedicated, secure Web site that provides extensive information to channel customers. We offer resellers access to white papers, competitive information, graphics to assist their advertising efforts, product and sales training modules and the opportunity to post information about their events online. In addition, partners receive communications from us through the LiveSecurity Service.

We offer comprehensive online training on our security solutions through our Web site. Our interactive training system guides both end-user customers and resellers through the installation, setup and management of our Firebox security solutions and provides new product information. Training modules cover firewall basics, VPN, server security and sales training (for resellers only), and include live-action video and audio question-and-answer segments. Online certification testing is offered for both end-user customers and resellers to confirm their product knowledge.

The growth rate of our domestic and international sales has been and may in the future be lower in the summer months, when businesses often defer purchasing decisions. Also, as a result of customer buying patterns and the efforts of our sales force to meet or exceed quarterly and year-end quotas, historically we have received a substantial portion of a quarter’s sales orders and earned a substantial portion of a quarter’s revenues during the quarter’s last month and the latter half of the last month.

Technology and Architecture

Firebox III and Firebox SOHO Products

For smaller enterprises, or those that require an easy-to-use solution, the Firebox III and Firebox SOHO products provide access control and VPN through three key components: our security management system

16

Table of Contents

software with security and management features, our security appliance and a subscription to our Internet-based LiveSecurity Service.

Security features.    The Firebox III and Firebox SOHO products contain the following security features:

Our Firebox III and Firebox SOHO products utilize an innovative distributed architecture through which a basic processor in a security appliance receives and executes software directed to it from a remote management system. This technology allows us to keep our customers’ security up to date with our LiveSecurity Service, which provides new security software and operating system configurations while still enabling us to take advantage of hardware acceleration for key functions.

17

Table of Contents

Our Firebox III and Firebox SOHO products encrypt communications between WatchGuard, the management system software and the security appliance. This allows the management system and the appliance to be separated within an enterprise’s local- or wide-area network or between a service provider and its subscriber. Typically, to install software on a computer using a general-purpose operating system such as Windows, a person must be physically present at the computer. Our distributed architecture, however, allows our customers to remotely install our software on the security appliances and receive our LiveSecurity Service over the Internet, thereby eliminating the need for someone to be physically present at each location.

Operating system software.    Our Firebox III products use a Linux operating system and our Firebox SOHO products use a VxWorks operating system. For the Linux operating system, we use a custom-configured kernel under an open source license, which enables us to review the source code and generate a flexible, robust and secure operating system. We use specially designed application programming interfaces in all of our Firebox III and Firebox SOHO products to facilitate secure loading of the operating system and security software that our management software sends to the appliance.

Security feature implementation.    The Firebox III and Firebox SOHO products implement our security features through a number of software modules. Each module provides the specific function that the management system defines in security rules and transmits to the appliance. For example, the firewall features that control network traffic are based on an extensible set of network service protocols, such as HTTP (Web traffic) and SMTP (e–mail). Our firewall differs from other appliance firewalls in that we provide two different levels of protection, stateful packet filtering, which has become the de facto standard in the industry, plus transparent application proxying that allows us to examine the content of a data stream in detail and provide enhanced protection against specific threats that stateful packet filters cannot detect. This is particularly important for the four key business protocols, HTTP, SMTP, FTP (file transfer) and DNS (Internet name services). The Firebox III or Firebox SOHO appliance applies the security policies defined by the management system to all incoming or outgoing traffic. Additional modules implement other security features, such as authentication and Web-surfing control, which also are defined in the security policies that the management system transmits to the appliance. If Web-surfing control is activated, for example, the Web-surfing control software module will automatically check the details of all outgoing Web traffic to make sure it complies with the defined policies.

We use an open architectural structure to allow integration with common standards for network security. For example, our VPN component currently supports IPSec and IKE standards and the authentication module in our Firebox III products supports a variety of standard authentication methods. We intend to adopt additional standards as they mature in the market.

Management features.    Our management software allows a customer to manage and monitor the enterprise’s Internet security with an intuitive, point-and-click user interface.

Integrated suite of system management tools.    Our Firebox III products use a Windows-based security management system that packages, configures and deploys security software, security policies and the operating system from the in-house manager’s desktop computer to the enterprise’s security appliances. The management system also includes logging and notification functions and real-time monitoring and historical reporting of network, service and bandwidth usage. Our Firebox SOHO products are managed by a Web-based interface accessed from the appliance itself or from remote management software. Our management tools allow the management of multiple security appliances from a single location.

Because enterprise, distributed VPN and service provider environments are very different, we designed separate management systems for each. Our Firebox III and Firebox SOHO management software enables quick installation and management by an in-house manager using a standard Windows-based system. The VPN management software in each of our security appliance types is designed specifically for ease of configuration and visual representation of multiple VPNs in a network. We designed our managed security solution management software, on the other hand, for a trained operator using a dedicated management console to

18

Table of Contents

configure and manage the security of a large subscriber base. All management systems have the ability to remotely deploy new security software to the appliances or update their security engines from the management console. Our SOHO and telecommuter customers can also choose a simple Web-based management interface, which removes the need to install management software.

Automated installation guides.    Our automated installation guides enable enterprises to install and configure our systems in as quickly as 15 to 30 minutes. Software updates or upgrades are also accessed through easy-to-use installation guides.

Firebox Vclass Products

For larger enterprises, or for those that require greater performance, scalability and networking features, our Firebox Vclass products provide access control and high-performance VPN through three key components: our security management system software with security and management features, our security appliance and a subscription to our innovative LiveSecurity Service.

Security and networking features.    The Firebox Vclass products contain the following security and networking features:

19

Table of Contents

Our Firebox Vclass products use a high-speed custom security ASIC processor featuring our cut-through architecture. With this architecture, the first packet or first few packets of a connection are forwarded to the firewall/VPN software to find the matching policy action. Once a policy decision is made, the policy actions are downloaded to the security ASIC processor so subsequent policy actions of the same connection can be processed in the high-performance security ASIC processor. This cut-through architecture not only improves firewall and VPN performance, but also leaves the central processing unit more bandwidth to process logging and other management tasks. The security ASIC processor accelerates firewall, VPN, NAT and QoS functionalities. The security ASIC processor also has four embedded RISC processors for greater feature flexibility to meet the needs of the most demanding network security applications.

Our Firebox Vclass products encrypt communications between corporate offices and between the appliance and the management software. This allows the management system and the appliance to be separated within an enterprise’s local- or wide-area network or between a service provider and its subscriber. Typically, to install software on a computer using a general-purpose operating system such as Windows, a person must be physically present at the computer. Our distributed architecture, however, allows our customers to remotely install our software on the security appliances and receive our LiveSecurity Service over the Internet, thereby eliminating the need for someone to be physically present at each location.

Operating system software.    Our Firebox Vclass products incorporate a Linux operating system using a custom-configured kernel under an open source license, which enables us to review the source code and generate a flexible, robust and secure operating system. We use specially designed application programming interfaces in all of our Firebox Vclass products to facilitate secure loading of the operating system and security software that our management software sends to the appliance.

Security feature implementation.    Our Firebox Vclass products implement our security features through a number of software modules. Each module provides the specific function that the management system defines in security rules and transmits to the appliance. For example, the firewall features that control network traffic are based on an extensible set of network service protocols, such as HTTP and SMTP. The Firebox Vclass appliances apply security policies defined by the management system to all incoming or outgoing traffic. Additional modules implement other security features, such as authentication, NAT, and QoS functions.

We use an open architectural structure to allow integration with common standards for network security. For example, our VPN component currently supports IPSec and IKE standards and the authentication module in our medium-large enterprise Firebox Vclass products support a variety of standard authentication methods.

Management features.    Our management software allows a customer to manage and monitor the enterprise’s Internet security with an intuitive, point-and-click user interface or Command Line Interface.

Integrated suite of system management tools.    Our medium-large enterprise Firebox Vclass products use a Windows-based security management system that packages, configures and deploys security software, security policies and the operating system from the in-house manager’s desktop computer to the enterprise’s security appliances. The management system also includes logging and notification functions and real-time monitoring. Our management tools allow the management of multiple security appliances from a single location.

20

Table of Contents

Because larger, distributed enterprise environments can be very different from single site deployments, we designed separate management systems for each. Our Firebox Vclass single appliance management software,

Firebox Vcontroller, enables quick installation and management by an in-house manager using a standard Windows-based system. The WatchGuard CPM management software is designed specifically for ease of configuration and visual representation of a multiple appliance deployment. All management systems have the ability to remotely deploy new security software to the appliances or update their security engines from the management console.

Automated installation guides.    Our automated installation guides enable enterprises to install and configure our Firebox Vclass products in as quickly as 15 to 30 minutes. Software updates or upgrades are also accessed through easy-to-use installation guides.

RapidStream “Secured by Check Point” Products

The RapidStream family of “Secured by Check Point” products are high-performance VPN and firewall appliances designed for customers ranging from mid-sized enterprises to Global 1000 companies. The RapidStream line of products, which is based on the same platform and similar hardened Linux-based operating system as our Firebox Vclass line of products, has similar hardware features but runs Check Point Next Generation, or NG, Firewall-1 and VPN-1 security software. This enables WatchGuard to address the specific needs of organizations that have standardized on Check Point software but need the high-performance hardware platform offered in the Firebox Vclass product line. RapidStream security appliances, which have passed Check Point certification, are also interoperable with over 300 complimentary solutions from OPSEC partners, Check Point’s open, multi-vendor security framework for the “best of breed” security approach traditionally favored by large enterprise end-users.

ServerLock System

For enterprises of all sizes, the ServerLock System provides server content and application security that protects critical data and services against unauthorized or unintentional access or manipulation. This protection is offered through a combination of kernel-level software, secured remote communications, centralized management and a simplified dual-mode administrative model. ServerLock represents a new model for protecting data, applications and the core of mission-critical systems by creating a new form of protection on the server.

System structure.    The ServerLock System is comprised of the following components:

21

Table of Contents

LiveSecurity Service.    ServerLock customers also receive the benefits of our LiveSecurity Service. This includes access to technical support, software updates, threat responses, expert editorials, support flashes, virus alerts and interactive training.

AppLock/Web

Based on WatchGuard’s ServerLock kernel protection, AppLock/Web specifically protects Microsoft NT/2000 IIS Web servers from both malicious and unintentional damage. This protection applies to the server operating system, the IIS application, and over 200 types of common content. This protection is offered through a combination of kernel-level software and a simplified dual-mode administrative model. Content protection is managed through a simple point-and-click customization interface.

System structure.    AppLock/Web is comprised of the following components:

operations by the user and execution by the operating system. This protects the system against unauthorized or unintentional changes by even the most privileged user, the system administrator. Acting as a filter between requests for changes and the actual execution of those changes within the operating system kernel, AppLock/Web prevents changes to the operating system’s static components and the configurations that implement that server’s security policies. This protection is applied, and the content to be protected is discovered, automatically during the installation of the product.

22

Table of Contents

LiveSecurity Service.    AppLock/Web customers also receive the benefits of our LiveSecurity Service. This includes access to technical support, software updates, threat responses, expert editorials, support flashes, virus alerts and interactive training.

LiveSecurity Service

Our subscription-based LiveSecurity Service includes:

Our scalable LiveSecurity Service, which runs on a collection of secured servers, registers subscribers, facilitates downloading our software to the desktop computers of registered subscribers and delivers LiveSecurity content to subscribers. To facilitate a high level of security and authenticity, we protect our servers with our own security system and strongly encrypt data communication between servers.

Managed Security Solution

WatchGuard’s managed security solution for service providers has three main components: our network operations center, or NOC, security suite software with security and management features, our security appliances and our LiveSecurity Service.

Security features.    Our managed security solution includes the same comprehensive set of security features offered in our Firebox products.

Management features.    We designed our managed security solution management software for a trained operator using a dedicated management console to configure and manage the security of a large subscriber base. Centrally located at the service provider’s NOC, our Global Policy Manager software provides security

23

Table of Contents

intelligence and configuration for all customer sites under management. Our software allows the service provider to create and store various security policy configurations for different customer groups or service plans. For example, our service provider customers can choose to separately and remotely deploy select security features, such as VPN and Web blocking. This gives service providers the ability to incrementally add for-fee services to their basic service offering, without the expense of sending personnel to their customers’ sites. To enable service providers to configure, monitor and manage the Internet security of thousands of customers, our managed security solution includes scalable logging and monitoring software called WatchGuard event processors. The event processors run on Sun Solaris-based workstations and can be located in the NOC or distributed at the service provider’s point of presence. Each event processor manages the logging and notification features of up to 500 security appliances through commands issued from the Global Policy Manager at the NOC.

Security appliances.    One or more of our security appliances reside on the premises of each managed customer of the service provider or are hosted in the service provider’s data center. The appliances receive and implement the security software and security policies sent by the service provider. All of our security appliances may be centrally managed by the service provider.

LiveSecurity Service.    Through our LiveSecurity Service, the service provider’s NOC receives information and virus alerts, threat responses, software updates, support flashes and expert editorials, as well as access to training and service provider-specific technical support. The service provider then updates the security policies of its customers and transmits these policy updates over its network to its customers.

By receiving the benefits of our security solution through a service provider, an enterprise gains a number of added advantages. The service provider can:

Managed service providers, particularly those engaged in the fast-growing area of Web hosting, continue to vie for competitive advantage in their industry. With ServerLock, service providers can offer increased security for hosted content with only minimal incremental cost. ServerLock’s management and deployment models enable lower cost of management and overhead through the same intuitive design that minimizes the administrative costs for an enterprise managing its own security.

Research and Development

We focus our research and development efforts on enhancing our existing products and services, developing new products based on our innovative distributed-appliance architecture, developing new high-performance ASIC technology and developing services that capitalize on our LiveSecurity Service infrastructure. We use a modular design, which allows us to develop new applications that plug into our existing product line. As a result, our products can be deployed in stages, either directly by an enterprise or by a service provider if the enterprise has outsourced its security management. As we develop new products, our LiveSecurity Service end-users and service provider partners can incorporate the new products and services into their systems with minimal system interruption.

As of December 31, 2002, we employed 118 people on our research and development staff. Research and development expenses were $13.9 million in 2000, $18.9 million in 2001 and $20.9 million in 2002. We have product development facilities in Seattle, Washington, San Jose and Tustin, California and Waltham, Massachusetts.

24

Table of Contents

Competition

We compete in a market that is intensely competitive, highly fragmented and rapidly changing. We face competition in sales both of products and services designed for enterprises and those designed for service providers. We have experienced and will continue to experience increasing competition from current and emerging competitors, many of which have significantly greater financial, technical, marketing and other resources than we do.

In the market for Internet security solutions, we compete on the basis of technological expertise and functionality, breadth of service and product technology and features, ease of installation and management, performance, updatability, scalability, brand recognition, price, customer support and distribution capability. Currently, the primary competitors in our industry include Check Point, Cisco Systems, Inc., Netscreen Technologies, Inc., Nokia Corporation, SonicWALL, Inc. and Symantec Corporation. Other competitors offering security products include hardware and software vendors such as Lucent Technologies, Inc. and Network Associates, Inc., operating system vendors such as Microsoft Corporation, Novell, Inc. and Sun Microsystems, Inc., and a number of smaller companies.

Our competitors may be able to respond more quickly to new or emerging technologies and changes in customer requirements than we can. In addition, our current and future competitors may bundle their products with other software or hardware, including operating systems and browsers, in a manner that may discourage users from purchasing the products and services we offer. Many of our current and potential competitors have greater name recognition, larger customer bases to leverage and greater access to proprietary technology, and could therefore gain market share to our detriment. In addition, our current and potential competitors may establish cooperative relationships among themselves or with third parties that may further enhance their resources, such as the relationship between Check Point and Nokia. We expect additional competition as other established and emerging companies enter the Internet security market and new products and technologies are introduced.

While some of our competitors have traditionally targeted large-enterprise security needs, these vendors could adapt their existing products to make them more attractive to our markets. If these or other of our competitors were to focus their greater financial, technical and marketing resources on our markets, our business could be harmed. In addition, as our security solutions are adopted by larger enterprises, we expect to see increased competition. Increased competition in any of our markets could result in price reductions, fewer customer orders, reduced gross margins and loss of market share.

Proprietary Rights

To protect our proprietary rights, we rely primarily on

The following are trademarks of ours or our affiliates: WatchGuard^® is a registered trademark in the United States, the European Union, Canada, Norway, Australia, New Zealand, Indonesia, Singapore and Japan, RapidStream^® is a registered trademark in the United States and South Korea, Designing Peace of Mind^® is a registered trademark in the United States, the WatchGuard logo is a registered trademark in the United States,

25

Table of Contents

LiveSecurity^® is a registered trademark in the United States, the European Union, Canada and Mexico, Firebox^® is a registered trademark in the United States, RapidCore^® is a registered trademark in the United States, the European Union and Japan, ServerLock^® is a registered trademark in the United States, Australia, Japan, Norway and Singapore, AppLock^® is a registered trademark in the United States and LockSolid^® is a registered trademark in the United States, Australia, Japan, New Zealand and Norway. Applications to register the WatchGuard, RapidStream, LiveSecurity, Firebox, RapidCore, ServerLock and LockSolid trademarks are pending in other jurisdictions. We also have other trademarks in use in the United States that do not currently have applications pending in any jurisdiction. Check Point, Firewall-1 and VPN-1 are either trademarks, service marks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. We have one issued patent and 20 patents pending.

Many of our products are designed to include software or other intellectual property licensed from third parties. While it may be necessary in the future to seek or renew licenses relating to various aspects of our products, we believe, based on past experience and standard industry practice, that such licenses generally could be obtained on commercially reasonable terms. Nonetheless, the necessary licenses may not be available on acceptable terms, if at all. Our inability to obtain certain licenses or other rights or to obtain such licenses or rights on favorable terms, or the need to engage in litigation regarding these matters, could have a material adverse effect on our business, financial condition and operating results. Moreover, inclusion in our products of software or other intellectual property licensed from third parties on a non-exclusive basis can limit our ability to protect our proprietary rights in our products.

U.S. Government Export Regulation Compliance

Our products are subject to U.S. governmental regulations governing the export of encryption commodities and software. In recent years, however, U.S. legislation has relaxed export controls on encryption. U.S. law now allows the export of encryption commodities and software of any strength to nongovernmental end-users located in any country except those designated as embargoed or otherwise restricted by the U.S. government, subject to streamlined reporting requirements. To satisfy these encryption export reporting requirements, we use data gathered from end-users during product registration. WatchGuard’s encryption commodities and software have been approved for export by the U.S. Department of Commerce’s Bureau of Industry and Security, or BIS, under an export license exception granted after previous technical reviews by the BIS. The approved commodities and software include our branch office and remote user VPN software and our Firebox II, Firebox III, Firebox Vclass and RapidStream “Secured by Check Point” lines of security appliances. The BIS has granted retail export status to our Firebox 700, Firebox V10 and Firebox SOHO security appliances, which use encryption in branch office VPN software. We are eligible to export products that qualify for retail export status to all nonembargoed and nonrestricted foreign end-users, including government entities.

Manufacturing

We currently outsource all hardware manufacturing and assembly for certain of our security appliances for SMEs and larger enterprises to Washington-based ETMA Corporation, our primary supplier, with Malaysia-based Unico Technology Berhad (an affiliate of ETMA Corporation) as our back-up supplier. For certain of our larger enterprise products, we outsource the board assembly to San Jose-based Alta Manufacturing Inc. For the remainder of our security appliances for SMEs and larger enterprises, we outsource all hardware manufacturing to Minnesota-based Reptron Electronic Inc. Our contract manufacturer for our Firebox SOHO security appliances is Sercomm Corporation, a Taiwan, Republic of China-based corporation. All contract manufacturers are certified as meeting the International Organization for Standardization’s quality assurance standards ISO 9001 and 9002. We are currently reviewing other contract manufacturers for potential engagement as either primary or back-up suppliers for current and future products. Worldwide distribution is currently performed at our distribution facility in Seattle, Washington.

Employees

As of December 31, 2002, we had 331 employees. Of these, 117 were employed in sales and marketing, 38 in finance and administration, 58 in customer support and operations and 118 in research and development. We

26

Table of Contents

are not a party to any collective bargaining agreements with our employees and we have not experienced any work stoppages. We believe we have good relations with our employees.

IMPORTANT FACTORS THAT MAY AFFECT OUR OPERATING RESULTS, OUR BUSINESS AND OUR STOCK PRICE

In addition to the other information contained in this annual report, you should carefully read and consider the following risk factors. If any of these risks actually occur, our business, financial condition or operating results could be adversely affected and the trading price of our common stock could decline.

We have incurred losses in the past and may not achieve or sustain consistent profitability, which could result in a decline in the value of our common stock.

Since inception, we have incurred net losses and experienced negative cash flows from operations in each quarter, except that we had net income and a positive cash flow from operations in the third quarter of 2000 and a positive cash flow from operations in the third quarter of 2001. As of December 31, 2002, we had an accumulated deficit of approximately $114 million. Although our revenues have increased each year since we began operations, we do not believe that the historical percentage growth rate of our revenues will be sustainable as our revenue base increases and we may not achieve or sustain profitability in future periods. We expect that over time we will have to increase our operating expenses in connection with

If we are unable to achieve or sustain profitability in future quarters, the trading price of our common stock could decline.

Our operating results fluctuate and could fall below expectations of securities analysts and investors, resulting in a decline in our stock price.

Our quarterly and yearly operating results have varied widely in the past and will probably continue to fluctuate. For this reason, we believe that period-to-period comparisons of our operating results may not be meaningful. In addition, our limited operating history makes predicting our future performance difficult. If our operating results for a future quarter or year fail to meet market expectations, this shortfall could result in a decline in our stock price.

The economic downturn in the U.S. economy has adversely affected the demand for our products and services and may continue to result in decreased revenue and growth rates. We do not know how long this economic downturn will last or how severe it will become. We also cannot predict the extent of the effect of the economic downturn in the United States on economies in other countries and geographic regions in which we conduct business. To the extent that this downturn continues or grows deeper in the United States or other geographic regions in which we operate, the Internet security industry and demand for our products and services are likely to be adversely affected.

We base our spending levels for product development, sales and marketing and other operating expenses largely on our expected future revenues. Because our expenses are largely fixed for a particular quarter or year, we may be unable to adjust our spending in time to compensate for any unexpected quarterly or annual shortfall in revenues. A failure to so adjust our spending in time also could cause operating results to fall below the expectations of securities analysts and investors, resulting in a decline in our stock price.

27

Table of Contents

If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our operating results could fall below expectations of securities analysts and investors, resulting in a decline in our stock price.

Our discussion and analysis of financial condition and results of operations in this annual report is based on our consolidated financial statements, which have been prepared in accordance with accounting principles generally accepted in the United States. The preparation of financial statements in conformity with generally accepted accounting principles requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. On an ongoing basis, we evaluate significant estimates used in preparing our consolidated financial statements, including those related to:

We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in our discussion and analysis of financial condition and results of operations in this annual report, the results of which form the basis for making judgments about the carrying values of assets and liabilities that are not readily apparent from other sources. Examples of such estimates include, but are not limited to, those associated with the costs of our 2001 and 2002 restructuring and impairment analysis of our Qiave intangible asset, as well as goodwill relating to the acquisitions of BeadleNet, Qiave and RapidStream. Although we do not anticipate further significant adjustments to our 2002 restructuring, the actual costs related to the restructuring may differ from estimate if it takes us longer than expected to find suitable tenants or if there are further changes in the real estate market where excess facilities are located. Actual results may differ from these and other estimates if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our operating results to fall below the expectations of securities analysts and investors, resulting in a decline in our stock price.

Because many potential customers do not fully understand or remain unaware of the need for comprehensive Internet security or may perceive it as costly and difficult to implement, our products and services may not achieve market acceptance.

We believe that many potential customers, particularly SMEs, do not fully understand or are not aware of the need for comprehensive Internet security products and services, particularly those products designed for server content and application security. Historically, only enterprises having substantial resources have developed or purchased comprehensive Internet security solutions. Also, there is a perception that comprehensive Internet security is costly and difficult to implement. We will therefore not succeed unless the market understands the need for comprehensive Internet security and we can convince our potential customers of our ability to provide this security in a cost-effective and administratively feasible manner. Although we have spent, and will continue to spend, considerable resources educating potential customers about the need for comprehensive Internet security and the benefits of our products and services, our efforts may be unsuccessful.

If potential customers do not accept our Firebox products and the related LiveSecurity Service, our business will not succeed.

We currently expect that future revenues will be primarily generated through sales of our Firebox products and the related LiveSecurity Service, including subscription fees, and we cannot succeed if the market does not accept these products and services. Our success depends on our ability and the ability of our distribution network, which includes distributors, VARs and Internet service providers and other managed service providers, to obtain and retain customers. Some of our Firebox products, particularly the Firebox Vclass products based on the

28

Table of Contents

RapidStream technology we acquired in the second quarter of 2002, however, are relatively new and unproven. The Firebox Vclass products were launched in May 2002 and delivered in June 2002, and the broadcast portion of our LiveSecurity Service has been available only since February 1999. The Firebox Vclass products are also directed at a new class of customer for us, one that requires a high-performance security solution with enterprise-level networking functionality and VPN scalability, and we may be unsuccessful in marketing and selling to this class of customer.

To receive our LiveSecurity Service, enterprises are required to pay an annual subscription fee, either to us or, if they obtain the LiveSecurity Service through one of our channel customers, to the channel customer. We are not aware of any other Internet security product that allows enterprises to keep their security solution current by receiving software updates and comprehensive security information over the Internet. Enterprises may be unwilling to pay a subscription fee to keep their Internet security up to date and to receive Internet security-related information. Because our LiveSecurity Service is an innovative service, we may not be able to accurately predict the rate at which our customers will renew their annual subscriptions. In addition, most businesses implementing security services have traditionally managed their own Internet security rather than using the services of third-party service providers. As a result, our products and services and the outsourcing of Internet security to third parties may not achieve significant market acceptance.

We may not realize any significant benefits from our relationship with Check Point Software Technologies Ltd. or the sale of the RapidStream-branded “Secured by Check Point” line of products.

Following our acquisition of RapidStream in the second quarter of 2002, we entered into a relationship with Check Point under which we market a line of products that includes Check Point security software. These products, which are sold under the RapidStream brand as “Secured by Check Point,” are new and unproven and may not achieve market acceptance. In addition, Check Point is a competitor of ours in the Internet security industry, and our relationship with Check Point is terminable by either party at will. If Check Point discontinues its relationship with us or fails to devote sufficient resources and attention to the marketing of our RapidStream products, we may not realize any benefits from our relationship with Check Point and may not generate significant revenues from the sale of the RapidStream line of products.

If we are unable to compete successfully in the highly competitive market for Internet security products and services, our business will fail.

The market for Internet security products is intensely competitive and we expect competition to intensify in the future, particularly with our expansion into the larger enterprise market with our products based on RapidStream technology. An increase in competitive pressures in our market or our failure to compete effectively may result in pricing reductions, reduced gross margins and loss of market share. Currently, the primary competitors in our industry include Check Point, Cisco Systems, Inc., NetScreen Technologies, Inc., Nokia Corporation, SonicWALL, Inc. and Symantec Corporation. Other competitors offering security products include hardware and software vendors such as Lucent Technologies, Inc. and Network Associates, Inc., operating system vendors such as Microsoft Corporation, Novell, Inc. and Sun Microsystems, Inc., and a number of smaller companies. Many of our competitors have longer operating histories, greater name recognition, larger customer bases and significantly greater financial, technical, marketing and other resources than we do. In addition, our current and potential competitors may establish cooperative relationships among themselves or with third parties that may further enhance their resources. As a result, they may be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of acquisition or other opportunities more readily or develop and expand their product and service offerings more quickly. In addition, our competitors may bundle products competitive with ours with other products that they may sell to our current or potential customers. These customers may accept these bundled products rather than separately purchasing our products.

29

Table of Contents

If our third-party channel customers fail to perform, our ability to sell our products and services will be limited.

We sell most of our products and services through our distribution network, and we expect our success to continue to depend in large part on the performance of this network. Our channel customers have the ability to sell products and services that are competitive with ours, to devote more resources to those competitive products or to cease selling our products and services altogether. Two of our channel customers, Ingram Micro and Tech Data, together accounted for 26% of our revenues in the year ended December 31, 2002. The loss of one of these distributors, a reduction in their sales, a reduction in our share of their sales of Internet security products, or a loss or reduction in sales involving one or more other channel customers, particularly if the reduction results in increased sales of competitive products, could harm our business. In addition, we are in the process of consolidating our channel by reducing the number of channel customers with whom we have a direct contract, while expanding our programs for our indirect partners to improve overall performance and efficiencies. While we have made progress in the Americas and Europe/Middle East/Africa regions, we are in an earlier stage of that process in the Asia Pacific region where, in addition to consolidation, a channel reorganization is required. If this consolidation and reorganization causes disruption, we could experience a loss or reduction in sales involving one or more of our channel customers.

Product returns, retroactive price adjustments and rebates could exceed our allowances, which could adversely affect our operating results.

We provide most of our channel customers with product return rights for stock rotation and price protection rights for their inventories, which they may exercise if we lower our prices for those products. We also provide promotional rebates to some of our channel customers. We may experience significant returns, price adjustments and rebate costs for which we may not have adequate allowances. The short life cycles of our products and the difficulty of predicting future sales increase the risk that new product introductions or price reductions by us or our competitors could result in significant product returns or price adjustments. When we introduced the Firebox II, and then later the Firebox III, security appliances, we experienced an increase in returns of previous products and product versions. Provisions for returns and allowances were $1.9 million in 2000, $6.9 million in 2001 and $4.6 million in 2002 or 3%, 10% and 6% of total revenues before returns and allowances. While we review and adjust our provision for returns and allowances in order to properly reflect the potential for promotional rebate costs, increased returns and pricing adjustments associated with new products, including new products resulting from our acquisition of RapidStream, the provision may still be inadequate.

Rapid changes in technology and industry standards could render our products and services unmarketable or obsolete, and we may be unable to introduce new products and services timely and successfully.

To succeed, we must continually change and improve our products in response to rapid technological developments and changes in operating systems, Internet access and communications, application and networking software, computer and communications hardware, programming tools, computer language technology and hacker techniques. We may be unable to successfully and timely develop these new products and services or achieve and maintain market acceptance. The development of new, technologically advanced products and services is a complex and uncertain process that requires great innovation and the ability to anticipate technological and market trends. Because Internet security technology is complex, it can require long development and testing periods.

Releasing new products and services prematurely may result in quality problems, and releasing them late may result in loss of customer confidence and market share. In the past, we have on occasion experienced delays in the scheduled introduction of new and enhanced products and services, and we may experience delays in the future. When we do introduce new or enhanced products and services, we may be unable to successfully manage the transition from the older products and services to minimize disruption in customer ordering patterns, avoid excessive inventories of older products and deliver enough new products and services to meet customer demand.

30

Table of Contents

Seasonality and concentration of revenues at the end of the quarter could cause our revenues to fall below the expectations of securities analysts and investors, resulting in a decline in our stock price.

The growth rate of our domestic and international sales has been and may in the future be lower in the summer months, when businesses often defer purchasing decisions. Also, as a result of customer buying patterns and the efforts of our sales force to meet or exceed quarterly and year-end quotas, historically we have received a substantial portion of a quarter’s sales orders and earned a substantial portion of a quarter’s revenues during the quarter’s last month and the latter half of the last month. If expected revenues at the end of any quarter are delayed, our revenues for that quarter could fall below the expectations of securities analysts and investors, resulting in a decline in our stock price.

We may be unable to adequately expand our operational systems to accommodate growth, which could harm our ability to deliver our products and services.

Our operational systems have not been tested at the customer volumes that may be required in the future. We may encounter performance difficulties when operating with a substantially greater number of customers. These performance difficulties could harm our ability to deliver our products and services. An inability to add software and hardware or to develop and upgrade existing technology or operational systems to handle increased traffic may cause unanticipated system disruptions, slower response times and poor customer service, including problems filling customer orders.

We may be required to defend lawsuits or pay damages in connection with the alleged or actual failure of our products and services.

Because our products and services provide and monitor Internet security and may protect valuable information, we may face claims for product liability, tort or breach of warranty relating to our products and services. Anyone who circumvents our security measures could misappropriate the confidential information or other property of end-users using our products and services or interrupt their operations. If that happens, affected end-users or channel customers may sue us. In addition, we may face liability for breaches caused by faulty installation and implementation of our products by end-users or channel customers. Although we attempt to reduce the risk of losses from claims through contractual warranty disclaimers and liability limitations, these provisions may be unenforceable. Some courts, for example, have found contractual limitations of liability in standard software licenses to be unenforceable because the licensee does not sign the license. Defending a suit, regardless of its merit, could be costly and could divert management attention. Although we currently maintain business liability insurance, this coverage may be inadequate or may be unavailable in the future on acceptable terms, if at all.

A breach of security could harm public perception of our products and services.

We will not succeed unless the marketplace is confident that we provide effective Internet security protection. Even networks protected by our software products may be vulnerable to electronic break-ins and computer viruses. If an actual or perceived breach of Internet security occurs in an end-user’s systems, regardless of whether the breach is attributable to us, the market perception of the efficacy of our products and services could be harmed. This could cause us or our channel customers to lose current and potential customers or cause us to lose potential channel customers. Because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques.

If we are unable to prevent attacks on our internal network system by computer hackers, public perception of our products and services will be harmed.

Because we provide Internet security, we are a significant target of computer hackers. We have experienced attacks by computer hackers in the past and expect attacks to continue. If attacks on our internal network system are successful, public perception of our products and services will be harmed.

31

Table of Contents

We may be unable to adequately protect our operational systems from damage, failure or interruption, which could harm our reputation and our ability to attract and retain customers.

Our operations, customer service, reputation and ability to attract and retain customers depend on the uninterrupted operation of our operational systems. Although we utilize limited off-site backup facilities and take other precautions to prevent damage, failure or interruption of our systems, our precautions may be inadequate. Any damage, failure or interruption of our computer or communications systems could lead to service interruptions, delays, loss of data and inability to accept and fill customer orders and provide customers with our LiveSecurity Service.

We may be unable to deliver our products and services if we cannot continue to license third-party technology that is important for the functionality of our products.

Our success will depend in part on our continued ability to license technology that is important for the functionality of our products. A significant interruption in the supply of a third-party technology could delay our development and sales until we can find, license and integrate equivalent technology. This could damage our

brand and result in loss of current and potential customers. Although we believe that we could find other sources for the technology we license, alternative technologies may be unavailable on acceptable terms, if at all. We depend on our third-party licensors to deliver reliable, high-quality products, develop new products on a timely and cost-effective basis and respond to evolving technology and changes in industry standards. We also depend on the continued compatibility of our third-party software with future versions of our products.

We may be unable to deliver our products and services if component manufacturers fail to supply component parts with acceptable quantity, quality and cost.

We obtain the component parts for our hardware from a variety of manufacturers. While our component vendors have produced parts for us in acceptable quantities and with acceptable quality and cost in the past, they may be unable to do so in the future. Companies in the electronics industry regularly experience lower-than-required component allocations, and the industry is subject to frequent component shortfalls. Although we believe that we could find additional or replacement sources for our hardware components, our operations could be disrupted if we have to add or switch to a replacement vendor or if our component supply is interrupted for an extended period. This could result in loss of customer orders and revenue.

Governmental controls over the export or import of encryption technology could cause us to lose sales.

Any additional governmental regulation of imports or exports or failure to obtain required export approval of our encryption technologies could adversely affect our international and domestic sales. The United States and various other countries have imposed controls, export license requirements and restrictions on the import or export of some technologies, especially encryption technology. In addition, from time to time governmental agencies have proposed additional regulation of encryption technology, such as requiring the escrow and governmental recovery of private encryption keys. Additional regulation of encryption technology could delay or prevent the acceptance and use of encryption products and public networks for secure communications. This, in turn, could result in decreased demand for our products and services. In addition, some foreign competitors are subject to less stringent controls on exporting their encryption technologies. As a result, they may be able to compete more effectively than we can in the U.S. and international Internet security markets.

We may be unable to adequately protect our proprietary rights, which may limit our ability to compete effectively.

Despite our efforts to protect our proprietary rights, unauthorized parties may misappropriate or infringe on our trade secrets, copyrights, trademarks, service marks and similar proprietary rights. We face additional risk when conducting business in countries that have poorly developed or inadequately enforced intellectual property laws. While we are unable to determine the extent to which piracy of our software products exists, we expect piracy to be a continuing concern, particularly in international markets and as a result of the growing use of the Internet.

32

Table of Contents

If we fail to obtain and maintain patent protection for our technology, we may be unable to compete effectively. We have one issued patent and 20 patents pending, but our patent applications may not result in issued patents. Even if we secure a patent, the patent may not provide meaningful protection. In addition, we rely on unpatented proprietary technology. Because this proprietary technology does not have patent protection, we may be unable to meaningfully protect this technology from unauthorized use or misappropriation by a third party. In addition, our competitors may independently develop similar or superior technologies or duplicate any unpatented technologies that we have developed, which could significantly reduce the value of our proprietary technology or threaten our market position.

Intellectual property claims and litigation could subject us to significant liability for damages and invalidation of our proprietary rights.

In the future, we may have to resort to litigation to protect our intellectual property rights, to protect our trade secrets or to determine the validity and scope of the proprietary rights of others. Any litigation, regardless of its success, would probably be costly and require significant time and attention of our key management and technical personnel. Litigation could also force us to

Although we have not been sued for intellectual property infringement, we may face infringement claims from third parties in the future. The software industry has seen frequent litigation over intellectual property rights, and we expect that participants in the Internet security industry will be increasingly subject to infringement claims as the number of products, services and competitors grows and functionality of products and services overlaps.

Undetected product errors or defects could result in loss of revenues, delayed market acceptance and claims against us.

Our products and services may contain undetected errors or defects, especially when first released. Despite extensive testing, some errors are discovered only after a product has been installed and used by customers. Any errors discovered after commercial release could result in loss of revenues or claims against us or our channel customers.

If we do not retain our key employees, our ability to execute our business strategy will be impaired.

Our future success will depend largely on the efforts and abilities of our senior management and our key development, technical, operations, information systems, customer support and sales and marketing personnel, and on our ability to retain them. These employees are not obligated to continue their employment with us and may leave us at any time.

In attempting to integrate the business and technology of any future acquisition, we could incur significant costs that may not be outweighed by any benefits of the acquisition.

As part of our business strategy, we may acquire other companies, products or technologies, and these acquisitions may result in substantial costs. The costs of any future acquisitions may include costs for:

33

Table of Contents

Successful integration of the operations, technology, products, customers, suppliers and personnel of any future acquisition could place a significant burden on our management and internal resources. The diversion of the attention of our management and any difficulties encountered in the transition and integration process could disrupt our business and have an adverse effect on our business and operating results.

If we do not expand our international operations and successfully overcome the risks inherent in international business activities, the growth of our business will be limited.

Our ability to grow will depend in part on the expansion of our international sales and operations, which are expected to continue to account for a significant portion of our revenues. Sales to customers outside of the United States accounted for approximately 55% of total revenues in 2000, 56% in 2001 and 58% in 2002. The failure of our channel customers to sell our products internationally would limit our ability to increase our revenues. In addition, our international sales are subject to the risks inherent in international business activities, including

Our international sales currently are U.S. dollar-denominated. As a result, an increase in the value of the U.S. dollar relative to foreign currencies has made and may continue to make our products less competitive in international markets.

We may need additional capital and our ability to secure additional funding is uncertain.

Our future revenues may be insufficient to support the expenses of our operations and the expansion of our business. We may therefore need additional equity or debt capital. We may seek additional funding through

We believe that existing cash and cash equivalent balances will be sufficient to meet our capital requirements for at least the next 12 months. Our capital requirements will depend on several factors, however, including

Financing may be unavailable to us when needed or on acceptable terms.

Our stock price is volatile.

The trading price of our common stock could be subject to fluctuations for a number of reasons, including

34

Table of Contents

In recent years, moreover, the stock market in general and the market for Internet-related technology companies in particular have experienced extreme price and volume fluctuations, often unrelated to the operating performance of the affected companies. Our common stock has experienced, and is likely to continue to experience, these fluctuations in price, regardless of our performance.

ITEM 2.     PROPERTIES

Our principal administrative, marketing, sales, development and operations facility is located in Seattle, Washington. We occupy approximately 100,000 square feet in this facility (including space that is subleased) under a lease that expires in September 2010. We have the option to extend the lease for an additional five-year term. We also maintain a product fulfillment and distribution warehouse in Seattle under a lease that expires in April 2006. In addition, we maintain offices in San Jose and Tustin, California and Waltham, Massachusetts. Our excess facilities at our corporate headquarters in Seattle, and in Aliso Viejo and San Jose, California, are partially subleased to tenants, with sublease terms that expire between 2003 and 2007.

ITEM 3.     LEGAL PROCEEDINGS

We are not currently a party to any material legal proceedings.

ITEM 4.     SUBMISSION OF MATTERS TO A VOTE OF SECURITY HOLDERS

No matters were submitted to a vote of our security holders during the fourth quarter of 2002.

35

Table of Contents

PART II

ITEM 5.     MARKET FOR REGISTRANT’S COMMON EQUITY AND RELATED STOCKHOLDER

                  MATTERS

Market Information

Our common stock began trading on the Nasdaq National Market on July 30, 1999 under the symbol WGRD. The following table lists, for the periods indicated, the high and low sales prices per share of our common stock as reported on the Nasdaq National Market.

The last reported sale price of our common stock on the Nasdaq National Market on March 17, 2002 was $5.00 per share.

Holders

As of March 17, 2003, there were approximately 175 holders of record of our common stock. This does not include the number of persons whose stock is held in nominee or “street name” through brokers or other fiduciaries.

Dividends

We have never paid cash dividends on our common stock. We currently intend to retain any future earnings to fund the development and growth of our business and therefore do not anticipate paying any cash dividends in the foreseeable future.

Recent Sales of Unregistered Securities

None.

ITEM 6.     SELECTED FINANCIAL DATA

When you read this selected financial data, it is important that you also read the historical consolidated financial statements and related notes included in this annual report, as well as the section entitled

36

Table of Contents

“Management’s Discussion and Analysis of Financial Condition and Results of Operations.” The historical results are not necessarily indicative of future results.

37

Table of Contents

ITEM 7.     MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND

 RESULTS OF OPERATIONS

Overview

WatchGuard is a leading provider of Internet security solutions designed to protect enterprises that use the Internet for e-commerce and secure communications. Our award-winning products and services include our high-performance Firebox and RapidStream firewall and VPN appliances for access control, secure communications and (with certain of our Firebox products) network-based intrusion protection capabilities, and our ServerLock technology and anti-virus solution for content and application security for servers and desktops with host-based intrusion protection capabilities. Our innovative subscription-based LiveSecurity Service delivers threat responses, software updates, expert editorials, support flashes and virus alerts, which enables our customers, with minimal effort, to protect their data and communications in a continuously changing environment. Our core market spans the small- to medium-sized enterprise, or SME, market, from companies at the lower end where ease-of-use is a key requirement, to companies at the high end, including those with high-speed connections supporting VPNs between the corporate headquarters and geographically dispersed branch offices, where performance, scalability and networking features are key requirements. In addition, with the recent addition of our RapidStream line of “Secured by Check Point” appliances, we also have the opportunity to leverage the established presence of Check Point Software Technologies Ltd., or Check Point, in the large enterprise market.

Since our inception, we have invested heavily in the development of our products as follows:

38

Table of Contents

Critical Accounting Policies

Our discussion and analysis of financial condition and results of operations is based on our consolidated financial statements, which have been prepared in accordance with accounting principles generally accepted in the United States. The preparation of financial statements in conformity with generally accepted accounting principles requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. On an ongoing basis, we evaluate significant estimates used in preparing our financial statements, including those related to (i) revenue recognition, including sales returns and allowances, (ii) the provision for bad debt, (iii) inventory reserves, (iv) restructuring reserves, (v) the allocation of the purchase price in business combinations to intangible assets and (vi) analysis of impairment of goodwill and intangible assets. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets and liabilities that are not readily apparent from other sources. Actual results may differ from these estimates if our assumptions change or if actual circumstances differ from those in our assumptions.

We believe the following critical accounting policies affect the more significant judgments and estimates used in preparing our consolidated financial statements.

Revenue Recognition

Revenue recognition rules for software companies are very complex. Although we follow very specific and detailed guidelines in measuring revenue, certain judgments affect the application of our revenue policy. The complexity of the revenue recognition rules and estimates inherent in the revenue recognition process makes revenue results difficult to predict, and any shortfall in revenue or delay in recognizing revenues could cause our operating results to vary significantly from quarter to quarter and could result in future operating losses.

We generate revenues through:

Product revenues include:

Revenues from products are generally recognized upon delivery if persuasive evidence of an arrangement exists, collection is probable, the fee is fixed and determinable, and vendor-specific objective evidence of fair

39

Table of Contents

value for undelivered elements of the arrangement has been established. While we generally recognize product revenues upon shipment, revenues on product sales for some of our major distributors are recorded when these distributors have sold the product to their customers.

Service revenues primarily include the initial fees for our LiveSecurity Service subscriptions, which have periods ranging from 90 days to one year and are sold as part of our security solutions, and for LiveSecurity Service subscription renewals, which have periods ranging from one to two years, from our enterprise customers and end-users. These service fees provide our customers access to our LiveSecurity Service for product updates, security threat responses, general security information and technical support. These service fees also enable our service provider customers access to the LiveSecurity Service and the ability to manage and update a specific number of their customers’ security appliances. Service subscription revenues are recognized ratably on a monthly basis, generally over periods ranging from 90 days to two years.

When service fees are bundled with the sales of our products in multiple element arrangements, the elements of those arrangements are unbundled using our objective evidence of the fair value of the undelivered elements represented by our customary pricing for each element when sold in separate transactions. Since customers receive the services over a period of time, WatchGuard determines the fair value of the service portion of the arrangement as an undelivered element, based on the renewal price of the service. Changes in the composition of such multiple-element arrangements, our ability to identify the existence of the vendor-specific objective evidence for the elements in the arrangement or our ability to estimate the fair value of elements in the arrangement could materially impact the amount of earned and unearned revenue.

We have established allowances for estimated returns, return rights and pricing protection rights. We also established an allowance for promotional rebates that may be earned by our customers. We estimate these reserves and adjust them periodically based on historical rates of returns and allowances, as well as the expected effect of current promotional programs and new product introductions. We estimate the allowance for promotional rebates based on the maximum amounts potentially available to the customers, unless we accumulate sufficient historic evidence for individual customers with respect to their realization of rebates. If new or expanded promotional programs are introduced, or new products are announced, additional allowances may be required. Alternatively, if actual promotional rebates fall below maximum exposure levels, we may reduce the allowances and recognize additional revenue.

Bad Debts

We maintain allowances for doubtful accounts for estimated losses resulting from the inability of our customers to make required payments. Significant judgment is required when we assess the ultimate realization of receivables, including the probability of collection and the creditworthiness of each customer. If the financial condition of our customers were to deteriorate, resulting in an impairment of their ability to make payments, additional allowances might be required.

Inventory Valuation

Our inventories are stated at the lower of cost or market, with cost being determined on a first-in, first-out basis. We write our inventories down to estimated market value based on assumptions about future demand and market conditions. Variation in market trends, customer preferences and introduction of new products that replace existing products or technological advances could, however, significantly affect these estimates and result in additional inventory write-downs.

Restructuring

In 2001 and 2002, we recorded significant accruals related to our restructuring plans. These accruals included estimates related to the abandonment of excess facilities. We had to adjust the restructuring accruals due to continued poor real estate market conditions in the areas where these excess facilities are located. The actual costs related to the restructuring may differ from our estimate if it takes us longer than expected to find suitable

40

Table of Contents

tenants for excess facilities or if there are further changes in the real estate market in those areas where excess facilities are located. Any additional adjustments resulting from these factors could have a material effect on our financial condition and operating results.

Accounting for Goodwill and Other Intangibles

Our business acquisitions have resulted in, and future acquisitions typically will result in, the recording of goodwill, which represents the excess of the purchase price over the fair value of assets acquired as well as capitalized technology and other definite-lived intangible assets.

Effective January 1, 2002, we adopted the provisions of Statement of Financial Accounting Standards, or SFAS, No. 141, “Business Combinations,” and SFAS No. 142, “Goodwill and Other Intangible Assets.” SFAS No. 141 required business combinations initiated after June 30, 2001 to be accounted for using the purchase method of accounting and broadens the criteria for recording intangible assets apart from goodwill.

SFAS No. 142 requires that purchased goodwill and certain indefinite-lived intangibles no longer be amortized, but instead be tested for impairment at least annually and written down and charged to results of operations only in periods in which the recorded value of those assets exceeds their fair value.

Before 2002, we amortized goodwill on a straight-line basis over its estimated useful life of five years. With the required adoption of SFAS No. 142, beginning January 1, 2002, we no longer amortize goodwill into earnings.

SFAS No. 142 prescribes the use of the two-phase approach for testing goodwill for impairment. The first phase is a screen for potential impairment, while the second phase, if necessary, measures the amount of impairment, if any. During 2002 we completed our first phase impairment analysis and found no instances of impairment. Accordingly, the second testing phase was not required.

Separable intangible assets that do not have indefinite lives continue to be amortized over their useful lives. These assets are also periodically reviewed for potential impairment indicators.

Effective January 1, 2002, we adopted the provisions of SFAS No. 144, “Accounting for the Impairment or Disposal of Long-Lived Assets.” SFAS No. 144 supercedes SFAS No. 121, “Accounting for the Impairment of Long-Lived Assets and Long-Lived Assets to be Disposed Of,” and the accounting and reporting provisions relating to the disposal of a segment of a business in Accounting Principles Board Opinion No. 30. In accordance with SFAS No. 144, the carrying value of intangible assets, other than goodwill, and other long-lived assets is reviewed on a regular basis for the existence of facts or circumstances, both internal and external, that may suggest impairment.

Acquisition of RapidStream, Inc.

On April 2, 2002, we acquired RapidStream, a privately held provider of high-performance, ASIC-based firewall and VPN appliances. The acquisition of RapidStream brought advanced ASIC technology and a family of high-performance systems that allows us to address customers that require a high-performance security solution with enterprise-level networking functionality and VPN scalability. Immediately after the RapidStream acquisition, WatchGuard announced a partnership with Check Point to deliver a new class of high-performance VPN and security appliances integrating Check Point next-generation software. These “Secured by Check Point” appliances were developed by RapidStream.

The acquisition of RapidStream had a significant impact on our financial position and operating results in 2002. Specifically:

41

Table of Contents

Results of Operations

The following table provides financial data for the periods indicated as a percentage of total revenues: