Dealt with a couple of watchguards last week.. I agree with the description of the interface and the functionality this piece of kaka had.. Granted it wasn't the enterprise level box *shudders* I love not having logs, aint it great. Fantastic for troubleshooting. Greg Mulholland Clear IT Level 10, 530 Little Collins Street Melbourne, VIC 3000 Ph: (03) 99097411 Fax: (03) 99097091 -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Tuesday, 5 July 2005 11:36 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FW: [fw-wiz] Opinion: Worst interface ever. http://www.ISAserver.org That's one for the boys & girls at work... -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, July 05, 2005 6:24 AM To: [ISAserver.org Discussion List] Subject: [isalist] FW: [fw-wiz] Opinion: Worst interface ever. http://www.ISAserver.org -----Original Message----- From: firewall-wizards-admin@xxxxxxxxxxxxxxxxxx [mailto:firewall-wizards-admin@xxxxxxxxxxxxxxxxxx] On Behalf Of Paul D. Robertson Sent: Tuesday, July 05, 2005 7:55 AM To: firewall-wizards@xxxxxxxxxxxx Subject: [fw-wiz] Opinion: Worst interface ever. I spent some time last week installing a new Watchguard X series appliance at a customer site. It's the single most frustrating firewall install I think I've ever done. Now, I've got a lot of not-my-favorite things on my firewall list, but Watchguard has pretty much moved near the top just based on the software interface. I have a second customer co-located with this one, and they have a Watchguard V series appliance with the Vcontroller software. I figured I'd make it easy on anyone administering both sites by using the same firewall vendor. While the V series software isn't the prettiest thing, it's at least intuitive and functional to me. The new Watchguard software "automatically" decides ruleset evaluation order, and there's no easy way that I can find to figure out what order something's going to be evaluated in. Worse-yet, the logging software for Windows doesn't even appear to be on the CD with the other software, so "check the logs" starts to become an exercise in futility (thank goodness I had a Linux box in the DMZ that I could syslog to- if it didn't support syslog, it was getting shipped back!) In the old software, it took me a whopping half a minute to set up an inbound rule with authentication and NAT *without* reading the documentation. In the new software we're talking ~45 minutes *following* the documentation to get it set up and actually functional (set up was easy, functional seemed to be rather quirky, and I'm still not sure why.) Calling for support got me a "we just outsourced out support to India, if you want a call back from US support press $foo" message that gets you to a receptionist who happily transfers you to hold music in India. I got it working (but not figured out) while on hold, so I decided that I didn't want to experience support that came with a "if you can't understand" warning up front- mostly because I was too upset to deal with some 1st level support person who was new at their job in any type of civil manner even without potential communication issues. The firewall functions fine, tests just fine, and once it's configured, seems to do the right thing. However, I've installed a fair number of firewalls in my day, and this is the only time the experience has been so frustrating that even after a long weekend, I'm *still* agitated over the experience enough to rant about it. I can't even imagine trying to audit the "we'll pick the most exact match" ruleset evaluation of one of these beasts. If I thought there was any chance the old software would work with the new box, I'd be loading that tomorrow. My "same vendor" rationale is right out the window- the two products aren't even close- other than the fact they're both red. Maybe I'm too stupid for the new interface. Maybe I can't follow the instructions in the manual well. As I said, the product functions just fine, I just can't deal with the interface at all. Adding to my frustration, every link in the manual requires you to have authentication credentials for their Web site. Of course, in my case, the person who set all that up was out for the holiday weekend, making finding additional information a "call support" type of activity. While I'm ranting- what's with support hours from 9-6pm *at my location*? Hello Watchguard- firewalls are *production* boxes, downtime doesn't get scheduled for when the users are still working! I'll be happy to approve responses from anyone who feels the least bit slighted by my opinions, or who wants to address any of this directly. I'll also happily take personal e-mails on the issues. Paul ------------------------------------------------------------------------ ----- Paul D. Robertson "My statements in this message are personal opinions paul@xxxxxxxxxxxx which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards@xxxxxxxxxxxxxxxxxx http://honor.icsalabs.com/mailman/listinfo/firewall-wizards ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmulholland@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this network has been scanned for viruses