RE: FW: [fw-wiz] Opinion: Worst interface ever.

• From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 6 Jul 2005 08:52:54 +1000

Dealt with a couple of watchguards last week.. I agree with the
description of the interface and the functionality this piece of kaka
had.. Granted it wasn't the enterprise level box *shudders*

I love not having logs, aint it great. Fantastic for troubleshooting.

Greg Mulholland
Clear IT
Level 10, 530 Little Collins Street
Melbourne, VIC 3000
Ph: (03) 99097411 Fax: (03) 99097091

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Tuesday, 5 July 2005 11:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FW: [fw-wiz] Opinion: Worst interface ever.

http://www.ISAserver.org

That's one for the boys & girls at work...

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Tuesday, July 05, 2005 6:24 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] FW: [fw-wiz] Opinion: Worst interface ever.

http://www.ISAserver.org



-----Original Message-----
From: firewall-wizards-admin@xxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-admin@xxxxxxxxxxxxxxxxxx] On Behalf Of Paul D.
Robertson
Sent: Tuesday, July 05, 2005 7:55 AM
To: firewall-wizards@xxxxxxxxxxxx
Subject: [fw-wiz] Opinion: Worst interface ever.

I spent some time last week installing a new Watchguard X series
appliance at a customer site.  It's the single most frustrating firewall
install I think I've ever done.  Now, I've got a lot of not-my-favorite
things on my firewall list, but Watchguard has pretty much moved near
the top just based on the software interface.

I have a second customer co-located with this one, and they have a
Watchguard V series appliance with the Vcontroller software.  I figured
I'd make it easy on anyone administering both sites by using the same
firewall vendor.  While the V series software isn't the prettiest thing,
it's at least intuitive and functional to me.

The new Watchguard software "automatically" decides ruleset evaluation
order, and there's no easy way that I can find to figure out what order
something's going to be evaluated in.  Worse-yet, the logging software
for Windows doesn't even appear to be on the CD with the other software,
so "check the logs" starts to become an exercise in futility (thank
goodness I had a Linux box in the DMZ that I could syslog to- if it
didn't support syslog, it was getting shipped back!)

In the old software, it took me a whopping half a minute to set up an
inbound rule with authentication and NAT *without* reading the
documentation.  In the new software we're talking ~45 minutes
*following*
the documentation to get it set up and actually functional (set up was
easy, functional seemed to be rather quirky, and I'm still not sure
why.)

Calling for support got me a "we just outsourced out support to India,
if you want a call back from US support press $foo" message that gets
you to a receptionist who happily transfers you to hold music in India.
I got it working (but not figured out) while on hold, so I decided that
I didn't want to experience support that came with a "if you can't
understand"
warning up front- mostly because I was too upset to deal with some 1st
level support person who was new at their job in any type of civil
manner even without potential communication issues.

The firewall functions fine, tests just fine, and once it's configured,
seems to do the right thing.  However, I've installed a fair number of
firewalls in my day, and this is the only time the experience has been
so frustrating that even after a long weekend, I'm *still* agitated over
the experience enough to rant about it.

I can't even imagine trying to audit the "we'll pick the most exact
match"
ruleset evaluation of one of these beasts.  If I thought there was any
chance the old software would work with the new box, I'd be loading that
tomorrow.  My "same vendor" rationale is right out the window- the two
products aren't even close- other than the fact they're both red.

Maybe I'm too stupid for the new interface.  Maybe I can't follow the
instructions in the manual well.  As I said, the product functions just
fine, I just can't deal with the interface at all.

Adding to my frustration, every link in the manual requires you to have
authentication credentials for their Web site.  Of course, in my case,
the person who set all that up was out for the holiday weekend, making
finding additional information a "call support" type of activity.

While I'm ranting- what's with support hours from 9-6pm *at my
location*?
Hello Watchguard- firewalls are *production* boxes, downtime doesn't get
scheduled for when the users are still working!

I'll be happy to approve responses from anyone who feels the least bit
slighted by my opinions, or who wants to address any of this directly.
I'll also happily take personal e-mails on the issues.

Paul
------------------------------------------------------------------------
-----
Paul D. Robertson      "My statements in this message are personal
opinions
paul@xxxxxxxxxxxx       which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmulholland@xxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
























All mail to and from this network has been scanned for viruses

Other related posts:

• » FW: [fw-wiz] Opinion: Worst interface ever.
• » RE: FW: [fw-wiz] Opinion: Worst interface ever.
• » RE: FW: [fw-wiz] Opinion: Worst interface ever.
• » RE: FW: [fw-wiz] Opinion: Worst interface ever.
• » RE: FW: [fw-wiz] Opinion: Worst interface ever.

1. Home
2. isalist
3. Archive
4. 07-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---