Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 28 subscribers
  • Views 20212 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why is this so difficult?

JacobHiltz

Coming from Debian iptables I was excited to try XG. I had used UTM 9 and was impressed but it lacked HA at a reasonable price so did not continue.

What is this? Why are firewall rules SO difficult to create? It will take me days to do what I could do with iptables in an hour, or UTM in 2 hours. Why is the initial IP 172.16.16.16? Shorewall in Linux does a great job of zones, XG you fail miserably here. The GUI is slow and unintuitive.

I have yet to use a product that looked so interesting but ended up being completely useless. UTM was and is a far superior product, too bad it costs an arm and a leg for a company of 50.



This thread was automatically locked due to age.
  • 0
    I concur, I don't understand why things that were so easy to do such as setup a host definition where you could specify DNS, DHCP, all in one spot has now been completely separated into totally different areas that now takes 10 times as long to setup. Seems like they threw away all the good aspects of UTM, started brand new again and we're back at a beta 1 product that is going to take a lot of work to even be competitive and worthwhile.
  • 0
    Don't get me wrong, this is not a defence, just an explanation.
    The initial address is for your PC/laptop connection only. It has a DHCP server setup so you don't have to assign an address to PC. This allows easy access to the setup for the default port 2 (including a DNS entry) connections so you can then activate and synchronise your XG. After that you get full access to the web interface and the console. This works most of the time, the beta version was more reliable for the activation, but more clumsy to connect to an external network.

    Policies appear to me to be back to front, but that is maybe just me. I have said so in a number of threads.

    Ian M
  • 0 in reply to rfcat_vk

    Ok, I should have said "least importantly, the IP is 172.16.16.16 and its not by choice during initial setup".

    The biggest issue is having multiple subnets with very specific firewall rules and trying to use the GUI to configure said rules.

    Im sure the policies appear that way for you, but if you have dozens of interfaces, subnets and try to push this firewall to its full, marketed potential you'd quickly realize its a major PIA.

    If you DO have a setup like this, can provide me some details on how it was setup without spending days configuring? I don't see it as possible.

  • 0 in reply to JacobHiltz

    And why can't I remove the default zones? I don't have a WiFi network, I don't want this zone. I also don't name my 'DMZ' networks simply 'DMZ'. 

  • 0
    Hi, I totally agree what you are writing here. I have UTM's and the XG GUI is far away from the quality of the UTM GUI. On the UTM for example you can simply clone every object but not so on XG. Why? And some other simple things just not possible or not intuitive.
  • 0 in reply to thausmann
    I agree with you.
    At the moment the UI is very slow and incomplete. We will wait for a best UI and other feature into next releases, so wait, keep testing and voting feature requests.

    feature.astaro.com/.../10881210-cloning-option

    XG needs a big UI and logging improvement.

    Luk
  • 0

    Yet, 3 years later, the WEB UI is still painfully slow (XG125 and XG home) and the setup is very frustrating!
    Oh, I miss my old MIkrotik!
    Yes, yes, I know that it's a completely different product, but the easiness and speed to:

    • create/edit firewall/nat/mangle rules
    • create/edit routes
    • create/edit interfaces
    • create/edit DHCP static IP (oh my!!!)
    • easiness to view at once all the
      • firewall/nat/mangle rules
      • routes
      • interfaces

    ...and so on!