Firewall Wizards mailing list archives
Watchguard update
From: "Paul D. Robertson" <paul () compuwar net>
Date: Wed, 6 Jul 2005 15:28:39 -0400 (EDT)
I just spent an hour on the phone with Watchguard support. Apparently, we had NAT all FUBARed. The option that sounds like PAT (Enable service-based NAT) isn't; after a few changes and a reboot, it looks like things are good to go. So, our big wrong turn that made things go downhill was in the NAT config, and though some things worked, the Watchguard terminology is a little strange- I'm going to go back through the docs and see where things land with the new config in hand. Having talked to Tech support and the PM for the interface, I do get the impression that these folks care more about the right thing than a lot of companies I've dealt with. While I still think the interface needs significant work, it's offset by one of the most positive vendor experiences I've had in a while. Some other comments: I've heard quite a few times, from different sources that the product is great for folks who don't do firewalls, and not so great for those who do- unfortunately, I think I'm likely to be cleaning up more of those in the future than I have in the past. I hope they can strike a happier balance. Apparently I caught their call center vendor on the day from hell, so the "transfer me to where I don't wanna go" thing was a one-time issue that just jumped in to drive my blood pressure a few points higher. I was under the assumption that the ITAR thing was mostly fixed, but WG keeps all their encrypted images online, and not in shipping product. I'm not sure if this is an artifact, or if we collectively need to beat Commerce about the head- Linux kernels with IPSec are downloadable from all over the planet, it's time we[1] got over that. I'm still grumpy about three physical interfaces that I can't use (it would have made life a lot easier if I had one more interface,) but I understand the market dynamics involved in making large users part from more money than small users. I'd like to thank everyone who gave me feedback, assistance and offers of tech support both on and off list. Thanks, Paul [1] The royal US-based we. ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Watchguard update Paul D. Robertson (Jul 06)
- <Possible follow-ups>
- RE: Watchguard update Behm, Jeffrey L. (Jul 06)