Any firewall admins w/watchguard experience?

[brad310]

I have set up a couple of small watchguard firewalls a while back and just ordered 2 mid sized ones to replace an ISA. These will be my first true firewalls to deploy. I opted to go with these over the ASA b/c of price. I went with them over Sonicwall b/c google is filled with horror stories of their instability.

I was just curious if anyone has any first hand experience with these long term - in terms of stability and support. I feel confident setting it up for what we need, but i have no experience with Watchguard as a company for support.

Im in a smaller city and dont know anyone that works with this kind of stuff.

 

[drebo]

Watchguards are terrible. The only thing worse are SonicWalls.

They're obtuse, their management "utility" is about as well written as Shakespeare written by a retarded monkey, and they're filled with great little bugs like if you have too many RTP paths through one, they start dropping ALL traffic.

All in all, my recommendation would be to return them and buy real firewalls, like Juniper SRXs.

 

[rasczak]

Watchguards are terrible. The only thing worse are SonicWalls.

They're obtuse, their management "utility" is about as well written as Shakespeare written by a retarded monkey, and they're filled with great little bugs like if you have too many RTP paths through one, they start dropping ALL traffic.

All in all, my recommendation would be to return them and buy real firewalls, like Juniper SRXs.

What makes Sonicwall a bad firewall in your opinion? I am currently working at a site that runs a Sonicwall. Any advice would be great.

 

[drebo]

What makes Sonicwall a bad firewall in your opinion? I am currently working at a site that runs a Sonicwall. Any advice would be great.

More or less the same issues that make Watchguards bad apply to SonicWalls...except that SonicWalls are even more obtuse.

I also don't like their whole subscription model, and they're expensive for what they are.

For significantly less than the comparable SonicWall, you can get an SRX100H that is quite a bit more feature-rich and much easier to use.

 

[gsaldivar]

Another thumbs-down for Watchguard.

 

[Exterous]

What makes Sonicwall a bad firewall in your opinion? I am currently working at a site that runs a Sonicwall. Any advice would be great.

Well I don't have experience with anything else but I find NATing them a pain. You have to create an Address Object in one section, then the private address object, then create an access rule in another section before finally creating the NAT policy in a third section

Their content filtering is a bit of a pain to work with as there are quite a number of ways it can be setup (specific users, specific groups, specific zones, specific IP addresses with no displayed hierarchy so its anyones guess which one takes precedent)

I will say that I have been pretty pleased with their support though

 

[brad310]

All in all, my recommendation would be to return them and buy real firewalls, like Juniper SRXs.

What can you tell me about the Juniper interface. The watchguard i set up was pretty straight forward. Nat. Some static routes. I dont have anything to compare with but i liked the interface after a short time.