Drew Conry-Murray, writing in Packet Pushers, reviewed the new line of firewall appliances released by WatchGuard....
The new firewall appliances are part of the vendor's Firebox line, targeting locations with 100 to 850 users. The new firewall offerings are intended to inspect decrypted internet traffic and serve as an intermediary for analyzing HTTPS traffic. After interception and decryption, traffic can be encrypted again and sent to its final destination.
The new firewall appliances also include intrusion prevention and antivirus capabilities. Conry-Murray said as with any multifunction firewall platform, throughput is affected when functions like HTTPS intercept is activated. In WatchGuard's case, the appliance experiences a "precipitous drop" from 34 Gbps to 4 Gbps on the Firebox M670 when HTTPS interception is turned on. Yet Conry-Murray gives WatchGuard credit for acknowledging the performance hit. The devices are priced between $1,995 and $7,000 and ship with eight 1 Gbps ports, although three of the models offer expansion modules.
Dig deeper into Conry-Murray's thoughts on WatchGuard.
In pursuit of transparency
Analyst Lee Badman, blogging in Wirednot, took a look at a recent notification Cisco sent to Meraki customers, acknowledging a back-end storage configuration issue that had accidentally resulted in deletion of uploaded customer data.
Badman appreciated the head's up, noting that mistakes like these can happen to all vendors.
Still, he said, "Vendors can do more. Even in the absence of the ability to push notifications as with a cloud dashboard, they can leverage email culled from support contracts to warn of catastrophic bugs ahead of customers hitting them." While he recommends that vendors avoid spamming customers with every bug uncovered, he said vendors should be more proactive in alerting users about potential glitches.
Badman suggests that vendors should focus on providing "crystal clear warning labels" on their download pages. They should, for example, identify more clearly code that is either non-recommended or beta. "It keeps us from making mistakes that can be prevented if we only knew what the vendor already knows, and keeps the vendor's credibility in good standing -- and that is one thing you can't put a price on," he added.
Read more of Badman's thoughts on vendor transparency.
5G, LTE and the future of SD-WAN
Dan Conde, an analyst at Enterprise Strategy Group in Milford, Mass., geared up for next month's inaugural Mobile World Congress Americas by looking into the ways that mobile service providers affect networking as a whole. SD-WAN, for example, has grown from a mix of landlines, MPLS, DSL and broadband to include LTE as well. For remote locations, the addition of LTE is significant, because LTE connections now match or even exceed MPLS speeds. LTE also permits branch offices, construction sites and pop-up stores to be rapidly provisioned, outpacing MPLS in terms of deployment.
At the same time, SD-WAN vendors are increasingly targeting LTE users with zero-touch provisioning for remote routers, sparing companies the need to have a technician travel to the location. At the Mobile World Congress, Conde anticipates extensive discussion of 5G. He said 5G should further reduce latency and make IP-video conferencing a greater reality as it joins the SD-WAN toolkit. "I firmly believe that branch networking will undergo rapid changes in the coming years," said Conde, citing in particular Digi mobile routers and Cradlepoint LTE SD-WAN systems.
Explore more of Conde's thoughts on SD-WAN.
Enterprises aim for better security through network transparency
The future of WAN optimization