> -----Original Message-----
> From: Joseph [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 18, 2001 2:07 PM
> To: Omar Koudsi
> Cc: [EMAIL PROTECTED]
> Subject: Re: need feedback on Watchguard firebox
>
>
> I know a couple of places that use it. It seems like a pretty good
> firewall. It is easy to configure. There are a couple of
> drawbacks to
> it though.
>
> 1. If you have multiple external addresses, you can't masquerade a
> servers outgoing connections as a particular IP address while another
> outgoing connection is another address. You can set this for
> incoming
> connections only. The main problem with this is that we
> wanted to setup
> a mail server to use one external IP address and a web proxy for the
> internal network to use another IP address. However, all outgoing
> connections get masqueraded to the same IP address. We could make
> requests sent to a particular IP address that is coming in from the
> outside world to go to a particular box, just not the reverse.
I haven't tried to do this yet, so I cannot comment here...
> 2. Another drawback that is actually more of a problem is
> that whenever
> you change a rule, you have to reboot the firebox to get it to take
> affect. You can't change rules on the fly. It is suppose
> to, but every
> change I've made has always required a reboot.
The good news is that a new version of the software is or will be out
soon and will not require a reboot every time.
The thing to remember is that even with a reboot, it is only 40 seconds.
Not such a problem, unless you are streaming media....
>
> Omar Koudsi wrote:
>
> >Hello everyone,
> >
> >I'm thinking of installing the Watchguard firebox on our network,
> >appreciate any feedback on the product.
> >
> >Thanks,
> >
>
>
>