Re: [fw-wiz] Opinion: Worst interface ever.

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 07/05/05

  • Next message: Dave Piscitello: "Re: [fw-wiz] Opinion: Worst interface ever."
    To: StefanDorn@bankcib.com
    Date: Tue, 5 Jul 2005 10:16:07 -0400 (EDT)
    
    

    On Tue, 5 Jul 2005 StefanDorn@bankcib.com wrote:

    > > I can't even imagine trying to audit the "we'll pick the most exact
    > match"
    > > ruleset evaluation of one of these beasts. If I thought there was any
    > > chance the old software would work with the new box, I'd be loading that
    > > tomorrow. My "same vendor" rationale is right out the window- the two
    > > products aren't even close- other than the fact they're both red.
    >
    >
    > The 7.x series of software does this- precedence is based on how specific
    > each rule is. The most specific rules are evaluated first, and so on. Of

    But what counts as specific? Is a port more or less specific than an
    address? Is a protocol less specific than a user? If they do an ASIC
    rev, is my happy little ruleset going to do something different if I have
    to replace a box?

    > course, the software itself does nothing to show you the order they are
    > in. I think I recall reading that in the newer "Fireware Pro" software,
    > you can manually set precedence. Maybe it hasn't been implemented yet.
    >

    I think their marketing department needs smacked. I didn't even start to
    go on about having three interfaces in the box I can't use unless I pay
    more money.

    > > While I'm ranting- what's with support hours from 9-6pm *at my
    > > location*?
    > > Hello Watchguard- firewalls are *production* boxes, downtime doesn't get
    > > scheduled for when the users are still working!
    >
    > The good news is, they have a support forum with some pretty helpful
    > Watchguard people moderating it, and even a few customers who try to help
    > people out. Bad news is, I've yet to get a question completely answered
    > via their incident response system. Barring disaster, I generally try to
    > figure a problem out myself, since every time I contact support they
    > immediately request that I let them connect and play with the
    > configuration..which isn't going to happen. It makes me wonder if
    > outsourcing can really be worth it, considering the fact that it generally
    > results in customers getting irritated with it and then requesting a US
    > representative anyway. Why not just get it right the first time?
    >

    I'm glad I'm not the only one left with that impression. I'm going to go
    back over my personal evaluation criteria and tweak the support parts to
    match what I see as good. I also think that I'm going to go back to
    building more open source based firewalls- the idea behind a commercial
    product is support and consistency. I'm not seeing good things in either
    department.

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Dave Piscitello: "Re: [fw-wiz] Opinion: Worst interface ever."