Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 28 subscribers
  • Views 20214 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why is this so difficult?

JacobHiltz

Coming from Debian iptables I was excited to try XG. I had used UTM 9 and was impressed but it lacked HA at a reasonable price so did not continue.

What is this? Why are firewall rules SO difficult to create? It will take me days to do what I could do with iptables in an hour, or UTM in 2 hours. Why is the initial IP 172.16.16.16? Shorewall in Linux does a great job of zones, XG you fail miserably here. The GUI is slow and unintuitive.

I have yet to use a product that looked so interesting but ended up being completely useless. UTM was and is a far superior product, too bad it costs an arm and a leg for a company of 50.



This thread was automatically locked due to age.
Parents
  • 0
    Don't get me wrong, this is not a defence, just an explanation.
    The initial address is for your PC/laptop connection only. It has a DHCP server setup so you don't have to assign an address to PC. This allows easy access to the setup for the default port 2 (including a DNS entry) connections so you can then activate and synchronise your XG. After that you get full access to the web interface and the console. This works most of the time, the beta version was more reliable for the activation, but more clumsy to connect to an external network.

    Policies appear to me to be back to front, but that is maybe just me. I have said so in a number of threads.

    Ian M
  • 0 in reply to rfcat_vk

    Ok, I should have said "least importantly, the IP is 172.16.16.16 and its not by choice during initial setup".

    The biggest issue is having multiple subnets with very specific firewall rules and trying to use the GUI to configure said rules.

    Im sure the policies appear that way for you, but if you have dozens of interfaces, subnets and try to push this firewall to its full, marketed potential you'd quickly realize its a major PIA.

    If you DO have a setup like this, can provide me some details on how it was setup without spending days configuring? I don't see it as possible.

  • 0 in reply to JacobHiltz

    And why can't I remove the default zones? I don't have a WiFi network, I don't want this zone. I also don't name my 'DMZ' networks simply 'DMZ'. 

Reply Children
No Data