Re: Firewall Hardware Recommendations

["Naren" <naren () pactech net>]

Hi James,

I am not trying to question your working experience with WG: I work for a
company who support Watchguard, apart from other products .... including
Sonicwall and Borderware ...

Since I started supporting Watchguard, around 2000, and may have
criss-crossed about atleast 150 to 200 fireboxes / customers or more, and
still supporting a majority of this number, and the scenarios you mentioned
were (occasionally) showing up on the older softwares, where they used a
different interface and a bit messy management GUI (SMS .. and all .. ).

Since Version 4.61 - I am yet to see even any of the problems you have
mentioned ..  One of my customers has a large Watchguard deployment, with
over 14 boxes all over Asia, and they are so impressed with the Watchguard's
reliability and easy GUI and remote management capability, they have
standardised on Watchguard: and in the process removing a few PIX boxes they
had. They have boxes sitting in countries like PNG, Vietnam, Cambodia and
all the way to LA (US). Same goes for a few MNCs, who chose WG due to it's
excellent proxy-arp and a few other features which made deployments seamless
... and least troublesome ..

Well, if the older version kernels were unstable, I got to say this - there
is no picture perfect product from day 1: however, comparatively, Watchguard
can stand up and say that they have a mature product in the Firebox series
....

End of the day, perceptions differ .... above is mine !

I rest my case to you .. :-)  No flaming .. and that's end of my chatter :-)

Happy new year ....

Naren
Singapore

----- Original Message -----
From: <jamesworld () intelligencia com>
To: "Shawn Jackson" <sjackson () horizonusa com>
Cc: <jamesworld () intelligencia com>; "Keith Duemling" <kduemling () cox net>;
<security-basics () securityfocus com>
Sent: Tuesday, December 30, 2003 9:26 AM
Subject: RE: Firewall Hardware Recommendations


> Don't worry about the docs on the PDM.  It's very intuitive.
>
> I've had 12,000+ hum through a PIX 515 without any issue.
>
> As far as the routers, you can use SDM also now.  Do a search on SDM @
> cisco.com
>
> WG crashes.....
>
> update a config with interface PAT and 2 of the same proxies for different
> subnets (HTTP or SMTP).
> Change a VPN key.
> Change/rename a PPTP users name
> changed the outside IP and subnet while traffic from the inside was still
> trying to get out. (ISP change)
>
> There have been a few others, but the details escape me at this hour.

Attachment: InterScan_Disclaimer.txt
Description:

---------------------------------------------------------------------------
----------------------------------------------------------------------------