[fw-wiz] Watchguard update
From: Paul D. Robertson (paul_at_compuwar.net)
To: email@example.com Date: Wed, 6 Jul 2005 15:28:39 -0400 (EDT)
I just spent an hour on the phone with Watchguard support. Apparently, we
had NAT all FUBARed. The option that sounds like PAT (Enable
service-based NAT) isn't; after a few changes and a reboot, it looks like
things are good to go. So, our big wrong turn that made things go
downhill was in the NAT config, and though some things worked, the
Watchguard terminology is a little strange- I'm going to go back through
the docs and see where things land with the new config in hand.
Having talked to Tech support and the PM for the interface, I do get the
impression that these folks care more about the right thing than a lot of
companies I've dealt with. While I still think the interface needs
significant work, it's offset by one of the most positive vendor
experiences I've had in a while.
Some other comments:
I've heard quite a few times, from different sources that the product is
great for folks who don't do firewalls, and not so great for those who do-
unfortunately, I think I'm likely to be cleaning up more of those in the
future than I have in the past. I hope they can strike a happier balance.
Apparently I caught their call center vendor on the day from hell, so the
"transfer me to where I don't wanna go" thing was a one-time issue that
just jumped in to drive my blood pressure a few points higher.
I was under the assumption that the ITAR thing was mostly fixed, but WG
keeps all their encrypted images online, and not in shipping product. I'm
not sure if this is an artifact, or if we collectively need to beat
Commerce about the head- Linux kernels with IPSec are downloadable from
all over the planet, it's time we got over that.
I'm still grumpy about three physical interfaces that I can't use (it
would have made life a lot easier if I had one more interface,) but I
understand the market dynamics involved in making large users part from
more money than small users.
I'd like to thank everyone who gave me feedback, assistance and offers of
tech support both on and off list.
 The royal US-based we.
Paul D. Robertson "My statements in this message are personal opinions
firstname.lastname@example.org which may have no basis whatsoever in fact."
firewall-wizards mailing list