WatchGuard “unsafe” ports blocked

I ran into a nasty gotcha today. For the past few years we’ve recommended, sold, installed and configured Juniper SRX firewalls. They’re extremely flexible and can be made to do just about anything but they have one major drawback: the web console sucks! It’s slow, clunky, unintuitive, constantly crashes and is obviously a bolt-on to the command line interface.

Anyway, we decided to start implementing some of the WatchGuard “T” series firewalls because they have a very slick web console that is almost the complete opposite of the SRX: fast, smooth, intuitive, and stable. The command line interface on the WatchGuards is pretty weak but that’s a topic for another post.


Continue reading