Good news here as well. We're running two firewalls (at two different locations) with 5.011 and the major problems seem to have disappeared. One thing still not working correctly, however, is the viewing of internal websites using an externally resolved IP address -- that still results in a proxy error. For example, if you run a web server on your internal network and have a DNAT rule to permit external access using the IP address of the external interface, and you try to access this website from INSIDE the network using the public URL, it fails every time. This didn't occur in v4, so this is some sort of proxy issue. It's been reported to Astaro, guess the fix didn't make this up2date.
About the user ip listing showing external addresses ... does this have any effect on the IPSec VPN availability from external networks? I seem to have experienced this. Sometimes I cannot connect to the IPSec VPN from an external address. The connection works most of the time but others, my SSH icon flashes red and says to check that the gateway is online, yada yada. I am beginning to wonder if this has something to do with the fact that I'm licensed for 10 users but my usage is many times that due to the external addresses showing up in "licensed users".
You don't need to worry about the license IP count for now. That feature is not yet implemented by Astaro -- the counts are all wrong and they're busy on more important fixes at the moment.
Then, has anyone else experienced flakey PPTP and IPSec vpn performance and reliability? Sometimes users can connect to either type and other times they can't ... for no apparent reason.
Like I said in my previous posting, I think the direction that Astaro is taking with v5 is great but I think releasing it to the public was premature, considering all of the problems/bugs in this release. Supporting customers running v5 is likely to be difficult at best until a lot of the problems are solved.
[ QUOTE ] Like I said in my previous posting, I think the direction that Astaro is taking with v5 is great but I think releasing it to the public was premature, considering all of the problems/bugs in this release. Supporting customers running v5 is likely to be difficult at best until a lot of the problems are solved.
-- Clay
[/ QUOTE ]
Those of us who are partners with Astaro are REALLY feeling the heat -- the problems with v5 are massacreing our bottom lines. Astaro knows this, and they're sympathetic, so I really don't want to beat them up. Look at it this way: at least Astaro is a good company and they give a damn. They made a mistake in the way that v5 was released, but that's all water under the bridge at this point and we just have to go forward positively. Our whole business surrounds the Astaro product, so you can imagine what our staff is doing right now (basket weaving, anyone?). We WERE deploying 5.011 and about two days ago called off all our jobs while we wait for the next up2date. Fortunately, I don't drink much.
I'm not intentionally being hard on Astaro. I also trust that the developers are working very hard on these issues; I was merely expressing my opinion. We love ASL because it is an outstanding product and I honestly believe that when v5 gets to the level of maturity of v4, and most of the "show-stopper" bugs have been worked out, it can seriously compete with Checkpoint and NetScreen (Juniper) in the enterprise customer market.
Good work ASL team on your vision for v5 - we look forward to the next Up2Date ... [:)]
FYI, we've been working on an internal document, an analysis of how Astaro compares to the other major firewall vendors on the market (Sonicwall, Check Point, Netscreen, Fortigate, Cisco, etc.) from the perspective of performance and features, weighed against cost. The differences are, for the most part, staggering and the report is shaping up to be an almost scathing analysis of the market. Astaro outperforms virtually every firewall targeted at the SMB market, and not by just a little bit. I won't name the company, but our internal engineering report, which will eventually find its way to our marketing guy to help with customer calls, states that the firewalls produced by one of the largest equipment manufacturers in the world are not much more than an "afterthought" that "isn't blazing any trails". The firewall itself is acceptable, but there's no antivirus on the network edge, no spam filtering, no URL content filtering, and the Intrusion Detection they offer is limited to a very small number of signatures. And for that they want multiple $thousands$ of dollars. Right. That's why so many of us are sticking this out and placing our bets on the Astaro product. Also, Astaro does an excellent job of supporting their partners. We shared a booth with Astaro at this year's Networld/Interop, and Astaro has gone with us to a couple of other shows as well that are targeted at some of the specific markets we serve. To say that we're grateful to Astaro is an understatement.
I wonder wich manufacturer you are refering to lol
Also lets not forget even the big boys have their quirks. I spend alot of time configuring checkpoint boxes and fixing dealing with its quirks.
An those are not cheap bits of kit by any means. Plus upgrading say FW1 NG on a Nokia is a extremelly big deal that requires planning, distaer plans and relatively sizeable netork outages.
I say this only to add some context....even the big players suffer tfrom these problems.... at least Astaro does not hide away problems and deals with them.
I whole heartedly agree with Defender. We are willing to stick it out with Astaro because not only do we believe in their ability to develop quality, cutting edge software; we believe in their commitment to quality and the satisfaction of their customers and partners. This is the reason why we are recommending ASL when we have an opportunity. We will continue to do so.
Nod however Office defender's statements validate my opinion..I am not deploying v5 for now. Will deploy v4 for any clients that want Astaro and wait a few more up2dates for stability to get worked out.
Yes ASL v5 has had a ton of teething problems. Companies with less guts than Astaro might have pulled the discussion board to keep it all quiet, but Astaro has kept it all out in the open and I have to respect that.
Version 5.011 is deployed here live, and running well. I am not using a few of the problem items though. (POP3 and Surf Protection). But I'm pretty happy with 5 now.
Yes ASL v5 has had a ton of teething problems. Companies with less guts than Astaro might have pulled the discussion board to keep it all quiet, but Astaro has kept it all out in the open and I have to respect that.
Version 5.011 is deployed here live, and running well. I am not using a few of the problem items though. (POP3 and Surf Protection). But I'm pretty happy with 5 now.
