Watchguard UTM

[SouthernTech]

Just out of curiosity, do any techs on here run into these devices? If so, what parts do you like? What drives you nuts about them? What improvements would you want to see?

 

[krtechsolutions]

interface is slow, making rules is very difficult.

Cyberoam and Sonicwalls are much easier to use.

 

[thebige]

Depending on which firmware version you have opening ports seems easy but I have had a real devil of a time with them. Biggest problem I have with new clients is no one has the login credentials.

 

[SouthernTech]

interface is slow, making rules is very difficult.

Cyberoam and Sonicwalls are much easier to use.

Anything that uses firmware under 10.2.12 and WebUI seems like it harks back to the early days of Web 1.0. The directional rules are not intuitive and coloring scheme is painful. Once we rolled out the new system manager and WebUI interface in the 11 series, it became easier to use.

The only issue I've seen with Cyberoam is when using aggressive mode and a third party device that doesn't use the scheme Netgenie goes with for the transform settings. Cyberoam has a more shotgun approach of trying different encryption settings for phase 1/2. When working with a dynamic IP and having to use aggressive mode, the 3rd party device could be limited to 1 transform setting and have to hope the Cyberoam chooses correctly.

 

[krtechsolutions]

i have never really had an issue with setting VPNs on cyberoams, I have them connecting to ASAs, PIXs, Sonicwalls, Untangle, pfsense and other cyberoam devices.

I did have an issue with doing a NAT over VPN and it was discovered that their was a bug with cyberoams using X.x.x.1 addresses on the LAN interface. Switching the LAN address to x.x.x.254 fixed that issue.

 

[SouthernTech]

Yeah, it was in this one particular setup. It eventually managed to send the correct transform settings on the first shot; then the DNS failed to resolved the dynamic IP, bringing the tunnel down again.