Watchguard Firewall Comments
Mar 11, 2008Anyone using a Watchguard firewall X750e or other in a past or current setup which can provide me with some feedback on their experience?
I am looking at introducing a Firebox running Fireware 10.
Anyone using a Watchguard firewall X750e or other in a past or current setup which can provide me with some feedback on their experience?
I am looking at introducing a Firebox running Fireware 10.
We're thinking about purchasing the firebox x750e. Any experience with these? I see a lot of negative feedback on the x500 series but could not find anything on the x700s.
Does the watchguard, netscreen, and sonticwall firewalls all require an annual renewal fee?
I see some x700s on ebay for under $500. What's bad about buying these used ones?
I have a small rack of 15 servers (mostly running CPU intensive applications). Our average bandwidth consumption is a consistent 7mbps between all servers. I was researching to find a solution to filter incoming and outgoing email (provide hosting to a few people on one of the boxes), to prevent spammers from getting in or the occassional customer turned spammer from getting outbound.
I was considering the Firebox X Core x550e, to put in front of our units. Has any one had any experiance with them first hand? Can the unit handle it? It says 25,000 concurrent sessions, I don't think I have 25,000 concurrent sessions ever at any giving time going out bound....
I 'recently' got a FireBox v60 to replace my Fortigate 50's.
I didn't know the Firebox needed software to configure it or get it going... As i got it off eBay...
I am considering on implementing a new firewall in our colo which would have about 10 servers behind it which generates on averages 2.314 megabits/sec for everything.
I am looking at the new Watchguard x750e running version 10 of Fireware which seem like a good fit without breaking the bank but I have also thought of simply implementing a Poweredge server running CentOS and running an IPtables config to provide firewall services.
Anybody have any Feedback on the Watchguard unit or use a Watchguard product in their setup and can comment?
I have 2 locations, one with a Watchguard Firebox II/1000 and the other with a Cisco ASA 5520. I have configured a VPN between them and have run into a snag. The VPN tunnel works fine until it expires, but there is a significant lag in re-establishing the tunnel. The lag is enough to cause Backup and Data transfer failures due to timeouts.
Does anyone know how to configure the VPN tunnel to never expire, regardless of uptime or traffic volume? The Cisco doesn't seem to want to let me configure either phase for 0 or infinate kb expiration.
I've been with RockMyWeb.net for exactly one month now, and I want to share my experiences. This is a one-month experience, so it will be mainly about new purchase and initial support. This is a quite long post, I wasn't really considering to write that long.
I'm a shared hosting provider in local language. One of the websites I host has grown too much to be on a shared server. It didn't even fit on a standart VPS with 256 MB guaranteed, 1 GB burst ram. So we decided to go with VirtuallyDedicated,
[url]
with the plan 1.5 GHP, since it was better than a dedicated server with pentium-4 processor and 1 Gb ram, and was cheaper. The website being hosted is www.trforumcu.com, along with a dozen of small websites.
Purchase:
I requested a custom quote, with cPanel and management, less diskspace. They prepared the quote within 3 hours, I paid within 24 hours, they set up the VPS within 12 hours, including initial management. The process was painless.
Initial support:
We had some requests about the VPS within the first 3 days, before moving the websites. The tickets was being responded within 2 minutes, some being even within the same minute. That is the fastest response time I've ever got from a provider (I've been with 6 different VPS providers, as far as I remember.) It looks like someone is always waiting for tickets at any time. My tickets were usually being opened in their nights, due to the time zone difference between us. I'm very satisfied with their knowledgeable support.
One point about their support is that they act as if the customer is their friend. I mean, They don't send this reply:
Quote:
Hello,
The issue is being worked on.
Best Regards,
Blah Blah
Customer Service Represantative
RockMyWeb.net
Instead, they send this within the minute:
Quote:
Hi, I'm having a look at it right away.
I, myself, actually use the former type of reply to my own customers. But the latter was quite nice, considering they are sending it right away, and start working on the actual problem within the minute. And they are solving the problem, too.
Support within the month:
After initial configurations, we had some problems. Our website was using too much resources, and the server needed to be optimized a little bit. I opened a ticket. They replied 4 times, without my reply. They informed me about the process well. After 4 replies, they said the server should be fine now.
After 2 days, they sent me an email, asking if I'm satisfied with the optimization. This is the first time I'm getting an email from a provider after some time, asking about my satisfaction.
We also had a cPanel licence issue (cPanel suddenly forgot about its licence, and started saying "cannot read licence file"). This was solved within 36 hours. They said the problem needs to be fixed by cPanel support staff itself, and their support over weekend is not the best. They kept updating me every 12 hours, saying they are waiting the cPanel staff. After 36 hours, the issue was fixed.
About their system:
Their VPS technology is different from my other VPSs with other providers. They don't use Virtuozzo, they use some kind of custom system (it doesn't seem to be VMware or like). This is the only thing I can complain, I was used to VZ and their custom panel is quite different. They provide VPS restart utility, and this is actually the only thing I need from a VPS remote panel.
They don't provide equal-share CPU, they allocate guaranteed CPU. This was very important for us, because the website we were hosting was being kicked off the VPS providers due to high CPU usage. With rockmyweb's allocated CPU, we are not interfering with other VPSs on the system, and we feel quite more comfortable. Also, we have 1.5 processor cores guaranteed, much higher than any other VPS providers will provide for this cost.
Their backup system is also satisfying. They charge 0.25 per GB backup used, not allocated. So I don't pay for unused backup space.
Overall, I'm satisfied with their service, and very happy with their support over the first month. I'll update this topic with additional information and comments (both positive and negative) over the time.
Netdirekt.de seems to have very nice plans for dedicated servers, especially for hosting binary content.
How would you rate their network and their service? Do they provide support in English?
[url]
has anyone tried to put this board into 1u case? seem like a sweet deal
Does anyone have a review/comments about QuillHost?
Also, does anyone know a good, reputable host with packages similar in price to QuillHost (or better than QuillHost)?
Any one use a2b2.com, any reviews or comments?
View 8 Replies View RelatedWith the dedicatedplace.com ongoing saga, I'm looking for a new dedicated server. I'm considering Sago Networks [url] Anyone have any experience with them?
View 14 Replies View RelatedI am interested to setup two Ironport appliances in my company network. As the current company is about 120 users, and each user send and receive an average of 100 email per day (including newsletter, signup, etc) it’s about 12000 email a day.
I am interested in :
For the mail side of the company, I am thinking about an Ironport C150 and for web filtering, I am thinking about S350. The current company outgoing banwidth is 60 Mbit/s at peaks, but I want to be able to be able to continue to use it with traffic up to 200 Mbit/s, as we will maybe take some server in the company network in a few months.
Some questions :
- Is it really « setup and forget » appliances (except monitoring them)?
- Are they hard to setup and configure?
- Do they support many email languages?
- What is the price for both appliance, like around 5k each, 10k each?
I would like properly address Matt Ayer's (WiseOne) continual claims that user created swap in xen can lead to disastrous situations. This doesn't make any sense from a Kernel point of view. Linux kernel treats Swap not as a additional memory, but as auxiliary storage, and will use it only sparingly. So a larger than ordinary swap has effectively zero impact on performance.
Quote:
I just don't have the time. Try this quick though. Create as many 64MB RAM Xen VPS's as you can, make a 1GB swap file inside each VPS, run a memory hogger, and then finally watch your system die due to horrific disk I/O. Not fun, I'll tell you that.
Conclusion: User controlled swap in a shared environment is a very, very, very bad thing.
Now let us assume there is a hostile user who is egregiously bent on creating excess disk I/O for the host and has purposefully hired vps to enact his revenge on the provider. Further assume that, for this nefarious purpose he has taken a 64MB xen and is running a full 1GB real memory allocated workload (To get create such a load itself would be difficult unless he writes his own programs to do this). Now note that, for the offending vps, the impact of the disk I/O is at the memory level, while the impact on the host is at the disk level. So very trivially, the vps would be so crippled to make it pretty much useless much before this starts having significant effect on the main server. And if engendering excess disk I/O is the sole purpose of user, then all he need to do is write a program to consecutively load and free all the files in the entire harddisk. This will create worse disk I/O than the convoluted method of using large swap. And the latter can be done on both virtuozzo and Xen--though I think in recent versions both have methods to throttle disk I/O.
The problem that UnixShell ran into with Xen was owing to their use of Snapshot, which is something that's prohibited, unless of course, you are running on a desktop with a single virtual machine. LVM snapshot will exactly double the disk I/O. The real problem that the usage is insidious and will not affect the actual vps that's leading to the excess load, but will affect the entire server as a whole.
Xen does have some drawbacks, but it can have all the important features which most providers here think are unique to virtuozzo.
Is someone using Cloudmark Authority for Spamassassin?
http://www.cloudmark.com/serviceprov.../spamassassin/
If yes, what are your comments and what do you pay for this service?
Considering skipping VPS and going to a colo setup for a handful of sites. Nothing major, so the server will be very entry level, but with redundancy in mind (software RAID1 and 2 nics). But I have a few basic questions:
How good is hot swapping in Linux? This was very hard to me to find out online. I am getting a 1U rack with a hot swap backplane and 2 SATA drives. I won't be using any commercial software with my setup.
How does redundant NIC work? This is new to me and am wondering how this is setup.
I think I can shop around NYC for a 1U slot for around $40 a month. I don't need a lot of transfer, but would like a decent pipe. The thought of 1Mbit sounds unattractive (transfer is around 100KBytes/s, right?). How much would 10Mbit cost? I found some quotes but they seem way too much (I could be wrong).
Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.
Does anyone think this would be better than the default windows 2003 firewall?
after install apf firewall whole server blocked to everyone.. i can't get ping back as well. Any idea?
View 2 Replies View RelatedI'm planning to place some firewalls in my network, but I'm afraid of something.
I have never used cisco pix, checkpoints and others.. We currently use custom made linux solutions for that
When we use these ready-to-go boxes, do we need to NAT the internal server IPs?
Is it possible to use these ready-to-go solutions with REAL IPs in the servers?
Does cPanel work well with NATed internal IPs? Or shall I have some trouble?
Do you think it's safer to with NATed, or it will be better to use real ips instead?
I was wondering what everyone thinks the best Firewall software is for a dedicated server?
View 7 Replies View RelatedIm using the latest cPanel release. Using Pure-FTPD as the ftp server. I have CSF Firewall installed and configured and have also got [url]installed. on the dos deflate software ive set the ban limit to 250 connections.
But what my problem is that while downloading on ftp clients with internet that can download very fast that it will ban them. Ive kinda realised that it is to do with the DDos software but im unsure what i should do. Increase the limit of connections but that would mean that more minor Ddos attacks might get through so that would affect more clients. Or leave the limit at 250 and let clients get blocked for 20 minutes.
Or alternatively is there a way i can stop people getting banned via FTP completly. As i dont see that option on the Ddos or csf.
I´m running the remote desktop service and configuring a remote dedicated server right now.
So, I need to install a firewall in this machine, but I don´t want to be disconnected after the installation.
So, can anyone tell me of a firewall that don´t stop the connection of RDP just after installation and works with Windows 2003 Server?
secure a LAN network with 200 computers, a specific hardware solution (like CISCO PIX or so) might not be available.
Though, I'm considering a Firewall OS based Solution like pfSense, m0n0wall, eBox, Endian Firewall, SmoothWall, etc.
There are so many options and I have no experience with none of this. My Requirements are:
Web based configuration
Clean Interface with graphic statistics
Pretty Secure
Good hardware support
Free usage
Simple configuration
Support for high bandwidth usage
I think OpenBSD is pretty secure, is there any OpenBSD Firewall OS solution with this requirements?
What better firewall to vps?
In my vps not use csf or iptables
Virtuozzo has bug that.
What do you think of this two firewall? which one is better overall?
View 14 Replies View RelatedI am looking to setup a Firewall etc... on a VPS and would like to know what is the better one and easy to use etc...
CSF or APF and BFD ?
know of any hardware firewall (or suggest) which is under 300 USD and can protect around 5 servers with a total bandwidth capacity of 100 (+/-) Mbps. I am really no security expert
Of course, it should have web based management, online documentation (not really needed) and something special for prevent DoS attacks automatically (really fed up of them).
If possible if you can link me directly to an online store that can ship it Internationally / Europe?
I was having attacks so I installed CSF firewall which did a great job. However on a few of my sites, specifically proxy ones, every second or third page you visit will be a 403 Forbidden error. After about 20-30 seconds, you can refresh and it goes away. I suspect CSF is causing this, because it just started to happen after I installed it. Is it thinking there are too many connections or too much bandwidth and its blocking me or other users just using the proxy? Is there a way to make it slightly more tolerant?
View 3 Replies View RelatedI am a non technical type that is trying to start a web based business. I am thnking a dedicated server will be the best option for me but as I looked at the quotes from several different web hosts I noticed that the firewall services that they provide are very expensive. 100$ a month - 150$ a month.
Are there other firewall options that can be installed on the server that we as administrators can install and use?
I have had a fair few hack attempts from ip numbers that are on the same
provider ;telewest' that i am on - is there anyway of getting this takne further other than contacting isp?
Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0
Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0
Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0
Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0
Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0
Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0
Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0
Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0
Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0
Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0
Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0
Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0
Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0
Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0
Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0
Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:51 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:51 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628