[fw-wiz] Watchguard update

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 07/06/05

  • Next message: Devdas Bhagat: "Re: [fw-wiz] Firewall Log Analysis - Computer vs. Human"
    To: firewall-wizards@honor.icsalabs.com
    Date: Wed, 6 Jul 2005 15:28:39 -0400 (EDT)

    I just spent an hour on the phone with Watchguard support. Apparently, we
    had NAT all FUBARed. The option that sounds like PAT (Enable
    service-based NAT) isn't; after a few changes and a reboot, it looks like
    things are good to go. So, our big wrong turn that made things go
    downhill was in the NAT config, and though some things worked, the
    Watchguard terminology is a little strange- I'm going to go back through
    the docs and see where things land with the new config in hand.

    Having talked to Tech support and the PM for the interface, I do get the
    impression that these folks care more about the right thing than a lot of
    companies I've dealt with. While I still think the interface needs
    significant work, it's offset by one of the most positive vendor
    experiences I've had in a while.

    Some other comments:

    I've heard quite a few times, from different sources that the product is
    great for folks who don't do firewalls, and not so great for those who do-
    unfortunately, I think I'm likely to be cleaning up more of those in the
    future than I have in the past. I hope they can strike a happier balance.

    Apparently I caught their call center vendor on the day from hell, so the
    "transfer me to where I don't wanna go" thing was a one-time issue that
    just jumped in to drive my blood pressure a few points higher.

    I was under the assumption that the ITAR thing was mostly fixed, but WG
    keeps all their encrypted images online, and not in shipping product. I'm
    not sure if this is an artifact, or if we collectively need to beat
    Commerce about the head- Linux kernels with IPSec are downloadable from
    all over the planet, it's time we[1] got over that.

    I'm still grumpy about three physical interfaces that I can't use (it
    would have made life a lot easier if I had one more interface,) but I
    understand the market dynamics involved in making large users part from
    more money than small users.

    I'd like to thank everyone who gave me feedback, assistance and offers of
    tech support both on and off list.


    [1] The royal US-based we.
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    firewall-wizards mailing list

  • Next message: Devdas Bhagat: "Re: [fw-wiz] Firewall Log Analysis - Computer vs. Human"