Something to be said for simplicity…

I’m not a fan of SonicWall or Juniper networking gear, because I find them to be needlessly complex and overpriced for their functionality. Due to this lack of appreciation, I’m not familiar with them because I’ve focused more on other platforms.  My distaste for those devices was heightened recently when I was flown to a client’s office because their old firewall had just decided it would no longer pass network traffic. I got there a little after midnight and met the client who had been waiting around since about 5:00. I wanted to get the internet and remote management up and running as quick as possible so that we could let the client go home. Then I’d just finish off the configuration from my hotel.

tl:dr

Before I left, we had programmed in basic configuration in a SonicWall, enough so that I should be able to plug the device in, reboot the cable modem, and walk out, knowing that mail was coming in, remote management was possible, and that everything other than those things was blocked. Static IPs were configured, policies checked, everything should’ve been good to go.

I plug in the SonicWall, and reboot the modem, the internet comes back up. However, remote management is not working, and mail is not flowing. Ok, check Exchange services, all good, restart just in case; double check the mail server address, that was wrong in the config, update that, apply, and no more internet. Confused as to how a simple port forwarding change could’ve taken down the internet, I change the IP back, and apply. But still, there’s no internet connectivity. Reboot the modem again, still nothing.

This is bothersome, but I can figure this out, and so I spend the next forty five minutes flipping between the 3 different screens policies and their elements are defined on. Then another hour resetting and redoing the configuration, and still have no access. Disable everything, double check public IP settings, reboot modem, still nothing. Another twenty minutes looking through the config and checking forum posts on my phone, only to arrive at the conclusion that this was a pointless waste of time. Thankfully, I’d brought an old WRT54GL that I had with DD-WRT installed.

Including the time it took to hand write out all IP settings and physically replace and configure the WRT, it took me about 15 minutes to get the internet back up, remote HTTPS admin locked down by IP range, and mail flowing. I then went back to the hotel and spent the next hour or so reconfiguring firewall rules and ACLs, with minimal flipping between windows, entering different windows, and without encountering a bunch of random vendor specific nomenclature.

The entire DD-WRT process was painless and straight forward, and anyone with a modicum of common sense and basic networking knowledge can figure out what to do to get basic things like port forwarding accomplished. Contrast this to the setting up of policy objects and specific VIPs and MIPs and then applying to specific zones and blah blah blah, of these professional devices and it makes me wonder why anyone uses the fancy pants ones for any reason other than hardware. Which, itself is near senseless due to the huge range of hardware that DD runs on. Why is it so complicated to make these devices do something like “Forward all traffic from the internet on port 22 to IP X?”