Re: [fw-wiz] Anyone have any informed opinions on the Watchguard product line?

I have had a lot of experience with WG products and was quite
pleased with ease of set up, the ability to control logging and how easy it
was to add deny statements to the box. One of the drawbacks as Paul had
mentioned was the VPN feature set up for site to site and the versions I
have used only allowed up to 100 deny statements. This means a lot of
network aggregation in order to make sure you were not receiving traffic
from places you did not want.
There was also a nice GUI interface that showed in real time who was
attempting to attach to various devices on your network, which mad killing
the spammer attempts much easier. Be sure to do a whois or a trace route
before you include a deny statement since this can cause trouble if you need
transit from the network you just denied. Overall a pretty nice product, but
I still prefer the PIX or some of the other firewall feature sets built into
later versions of the IOS.

most sincerely, Richard

-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Paul
D. Robertson
Sent: Monday, December 24, 2007 11:57 AM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Anyone have any informed opinions on the watchguard
product line?

On Tue, 18 Dec 2007, AMuse wrote:

Does anyone have an informed opinion on whether these products are any
good, that I can pass along to my friend?

They work well enough, VPN setup is a little weird if you're doing
site-to-site (at least I ended up dropping back and punting to OpenVPN at
one customer.)

The nice thing is that the HTTP proxy does MIME type filtering, which
stops a lot of junk if you don't open it up wide.

Paul D. Robertson "My statements in this message are personal opinions
paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."

firewall-wizards mailing list

firewall-wizards mailing list