> I will admit upfront that I am a reseller of WatchGuard, I am only entering
> the fray to respond to this question. It is a very good, low cost firewall
> using both proxy and stateful inspection to provide a simple to manage and
> effective firewall defense.
And that sentence is pretty much the whole of the information I've been
able to get out of the manufacturer and the previous writer. How does it do
the stateful inspection? Does it strip IP header information off, or just
use the state information to load temporary rules into a packet filter? Can
you run it in a pure-proxy mode (using the equivalent of pass-through gateways
only)? What authentication can you apply to outgoing connections? Can you
set up fixed address-translating gateways from the outside to specific boxes
on the inside? That sort of thing...