Re: Watchguard V60 capacity

[Tosk <tosktosk () yahoo com>]

We have a client that uses some v80's in a similar way and they report 
no dropped packets... apparently there is a big difference between the 
two models internals.
Are you running Vlans? Check your settings I have had situations where 
the Vlan settings were set incorrectly and the Wguard traffic log 
reported that the traffic went through but no packet was passed....

good luck.



User Scarr wrote:

> Hey all,
>
>     I'm wondering if anyone else on this list actively uses Watchguard 
> Vclass units, and has run into some of the same "challenges" we have 
> with them.  We're using them to firewall a fairly active client with a 
> good amount of web and SMTP traffic.  We've got two of them in HA.  
> What I'm hoping for (more than a rant session) is that someone has 
> found some working solutions, or at least has the same issues we do.  
> I suspect a fair number of these are Watchguard bugs, but I don't want 
> to pay $250 each for the privilege of reporting them...
>
> Some of the biggies at the tip of the iceberg;
>
>     - Packet loss.  I've identified the Watchguard Vclass units as the 
> center of between 1% and 10% packet loss on a regular basis (ruling 
> out switches and routers and even cables, which has been a bit of a 
> process).  Watchguard's support has suggested that I lower a 
> connection idle timeout setting in debug mode from 3 minutes to 1 
> minute, which sounds reasonable, but I haven't tried it yet 
> (production hours).
>
>     - High availability syncing.  I've seen this on other HA devices, 
> but never like this.  The HA constantly complains that it can't sync, 
> even though it does, and manual sync attempts (when editing or adding 
> policies) seem to freeze the units, adding to the packet loss.   The 
> HA is fairly seamless though when it does happen, so they get points 
> there.
>
>     - The built in load balancing.  I know I know, I should probably 
> get an independent device to handle the LB.  The load balancing seems 
> to freeze at random, and I end up with error messages in the logs 
> like; "The load balancing server 0.0.0.0 is not responding".   Of 
> course, there's no server specified with that address.  I'm using 
> weighted least connections between two SMTP servers running Postfix.
>
>     I've used Netscreen, and to a lesser extent PIX devices in the 
> past (and a few free software firewalls like IPFW and iptables / 
> ipchains, etc), so the number of and severity of recent troubles I've 
> had with these is a new experience for me.   I have a feeling a lot of 
> the problems are due to load, but since Watchguard boasts up to 
> 200Mbps throughput (with the units in active/active HA) I can't 
> imagine our 7Mbps spikes are causing them any heartburn.
>
> Any thoughts, etc?
>
> Thanks,
> --
> Simon Carr
> Ineocom Technologies Inc.
> http://www.ineocom.com/
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards