Firewall Wizards mailing list archives
Opinion: Worst interface ever.
From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 5 Jul 2005 08:54:40 -0400 (EDT)
I spent some time last week installing a new Watchguard X series appliance at a customer site. It's the single most frustrating firewall install I think I've ever done. Now, I've got a lot of not-my-favorite things on my firewall list, but Watchguard has pretty much moved near the top just based on the software interface. I have a second customer co-located with this one, and they have a Watchguard V series appliance with the Vcontroller software. I figured I'd make it easy on anyone administering both sites by using the same firewall vendor. While the V series software isn't the prettiest thing, it's at least intuitive and functional to me. The new Watchguard software "automatically" decides ruleset evaluation order, and there's no easy way that I can find to figure out what order something's going to be evaluated in. Worse-yet, the logging software for Windows doesn't even appear to be on the CD with the other software, so "check the logs" starts to become an exercise in futility (thank goodness I had a Linux box in the DMZ that I could syslog to- if it didn't support syslog, it was getting shipped back!) In the old software, it took me a whopping half a minute to set up an inbound rule with authentication and NAT *without* reading the documentation. In the new software we're talking ~45 minutes *following* the documentation to get it set up and actually functional (set up was easy, functional seemed to be rather quirky, and I'm still not sure why.) Calling for support got me a "we just outsourced out support to India, if you want a call back from US support press $foo" message that gets you to a receptionist who happily transfers you to hold music in India. I got it working (but not figured out) while on hold, so I decided that I didn't want to experience support that came with a "if you can't understand" warning up front- mostly because I was too upset to deal with some 1st level support person who was new at their job in any type of civil manner even without potential communication issues. The firewall functions fine, tests just fine, and once it's configured, seems to do the right thing. However, I've installed a fair number of firewalls in my day, and this is the only time the experience has been so frustrating that even after a long weekend, I'm *still* agitated over the experience enough to rant about it. I can't even imagine trying to audit the "we'll pick the most exact match" ruleset evaluation of one of these beasts. If I thought there was any chance the old software would work with the new box, I'd be loading that tomorrow. My "same vendor" rationale is right out the window- the two products aren't even close- other than the fact they're both red. Maybe I'm too stupid for the new interface. Maybe I can't follow the instructions in the manual well. As I said, the product functions just fine, I just can't deal with the interface at all. Adding to my frustration, every link in the manual requires you to have authentication credentials for their Web site. Of course, in my case, the person who set all that up was out for the holiday weekend, making finding additional information a "call support" type of activity. While I'm ranting- what's with support hours from 9-6pm *at my location*? Hello Watchguard- firewalls are *production* boxes, downtime doesn't get scheduled for when the users are still working! I'll be happy to approve responses from anyone who feels the least bit slighted by my opinions, or who wants to address any of this directly. I'll also happily take personal e-mails on the issues. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Opinion: Worst interface ever. Paul D. Robertson (Jul 05)
- Re: Opinion: Worst interface ever. Marcus J. Ranum (Jul 05)
- Re: Opinion: Worst interface ever. Paul D. Robertson (Jul 05)
- Re: Opinion: Worst interface ever. Marcus J. Ranum (Jul 05)
- Re: Opinion: Worst interface ever. Darren Reed (Jul 06)
- Re: Opinion: Worst interface ever. Paul D. Robertson (Jul 06)
- Re: Opinion: Worst interface ever. Paul D. Robertson (Jul 05)
- Re: Opinion: Worst interface ever. Adam Jones (Jul 05)
- Re: Opinion: Worst interface ever. Dave Piscitello (Jul 05)
- Re: Opinion: Worst interface ever. Paul D. Robertson (Jul 05)
- Re: Opinion: Worst interface ever. Marcus J. Ranum (Jul 05)
- Re: Opinion: Worst interface ever. StefanDorn (Jul 05)
- Re: Opinion: Worst interface ever. Paul D. Robertson (Jul 05)