I know a couple of places that use it. It seems like a pretty good firewall. It is easy to configure. There are a couple of drawbacks to it though.
1. If you have multiple external addresses, you can't masquerade a servers outgoing connections as a particular IP address while another outgoing connection is another address. You can set this for incoming connections only. The main problem with this is that we wanted to setup a mail server to use one external IP address and a web proxy for the internal network to use another IP address. However, all outgoing connections get masqueraded to the same IP address. We could make requests sent to a particular IP address that is coming in from the outside world to go to a particular box, just not the reverse. 2. Another drawback that is actually more of a problem is that whenever you change a rule, you have to reboot the firebox to get it to take affect. You can't change rules on the fly. It is suppose to, but every change I've made has always required a reboot. Omar Koudsi wrote: >Hello everyone, > >I'm thinking of installing the Watchguard firebox on our network, appreciate >any feedback on the product. > >Thanks, >
