Today is Tuesday Sep 07, 2010 - 11:46:32 EDT

Article by Sammy Taylor

Why would the Firebox firewall fail while in the middle of all this other computer equipment?
I had just got off the phone with Watchguard Technologies and attempting to troubleshoot why my WatchGuard Firebox had gone down after a power surge and it being the only piece of my network equipment that appeared to be damaged. The perplexing question is, why did the network go down and obviously damage the Watchguard's electronic components in the 'External Interface' while in the middle of this chain of other computer equipment? Would it not stand to reason that if anything, it would have just blown the line fuse or even the router? And more importantly, is there a flaw in the design of the power supply circuits on the Watchguard Firebox appliance? Or maybe it was just the luck of the draw to get that one Firebox that could only last that one month longer than the warranty period. Either way, it sure made for a very expensive piece of equipment for only 1 year.

In all fairness, the Watchguard Technology support group is one of the best I've seen. It can be a very difficult task for the average Joe to try and configure one of these appliances. They were more than helpful with their product and helped very well with all my initial configurations. Since I'm involved with primarily Linux systems anyway, it was a relatively easy task for me to take on this product. I had called their support center a few times in the first few months getting help and asking a few questions that I had felt were not clear in what documentation I had from them. At the time, I paid close to $3000.00 for this firewall appliance. In the last year, the Watchguard Firebox had become a very important part of my network. I loved this piece of equipment. The keyword here is loved. For some mysterious reason I'm having a hardware failure after this surge, but none of my other computer equipment had been damaged.

But what if you have hardware problems and you're just a couple of months out of warranty?
I feel like I paid a great deal of money for this firewall. It's two months out of the one year warranty and I'm having trouble getting help from Watchguard. They told me that they would have to get a manager to call me back about how, when and if I can even send this Firebox back to them to be repaired. In other words, they were telling me that they may not be able to repair my Watchguard Firebox. And all this time I've been telling my fellow Administrators that the Firebox is the greatest thing on earth. Do I now tell them that you had better not have a hardware problem just out of warranty? This is such a great piece of equipment, but it doesn't last very long? Is their equipment not made well enough to last more than a year? Where is the Watchguard Firebox manufactured?

What other people suggested I did about this loss.
I had quite a few friends suggest that I contact my UPS Backup vendor and tell them that my Watchguard Firebox had blown up while running under their UPS systems. No, they were not to blame. I had one other piece of shared equipment on the same AC line and it didn't blow. I had others suggest that I contact my insurance company. No, I didn't feel that was right either and didn't do that. I feel there is only one group that could have made this up to me and that was Watchguard. This problem came from an overloaded input which had first passed through the fuse and router before it even got to the 'external interface' of the Watchguard Firebox. NO OTHER EQUIPMENT WAS DAMAGED.

Watchguard doesn't repair their own equipment. Higher costs for replacements.
After a brief amount of time, Watchguard did call me back and tell me that since my product was one month out of it's one year warranty, that I could get on their 'Out Of Warranty Program for WatchGuard Hardware'. They told me that I could pay the replacement fee of $895.00. I at least expected to have this piece of equipment a little longer than a year. Thought this would have justified the cost. But at these rates I won't be able to keep up with them. I was informed, at the date this document was started, that there was no expiration date on their 'Out Of Warranty Program for WatchGuard Hardware'. So if and when I feel like shelling out this additional amount, I can get my firewall back up and running. Maybe this is the time to really utilize what knowledge I have about firewalls and get busy with building this myself. I had been running multiple layers of firewalls on my other linux systems anyway. Doesn't look like I'm going to get help from Watchguard.

Last possible effort.
Not being able to ping any IP Addresses that I had set up on the Firebox, and with the loopback test not working, it was giving me the clue that I most likely had hardware problems. After quite a few screws on the firebox, I was able to open the little red box and take a look. If there was a noticeable hardware problem, it would allow me to at least make an assessment from that angle before trying any more possible software solutions. A colleague of mine was sure it had to have been some type of config error, maybe scrambled from the surge. Guess this was certainly a possibility, but wasn't the case. One of the surface mount chips on the 'External Interface' had carbon deposits on it and a bubble in the middle of the chip. That was the burning smell I had noticed just after the power surge. On my model, there were no external cards what soever. They are all built in, on to this little motherboard. There was no hard drive. Two pci slots, that literally sat in the middle of the mother board, which would be difficult to mount anything to. There are a lot of surface mount chips all over this little motherboard. There are no replaceable parts on this entire board except for maybe the power supply, ram and housing for the expansion slots. This would probably have to be sent to Watchguard for replacement. The surface mount chips all seem to have been soldered, no sockets. I would assume this board would have to be trashed. They could afford to trash the mother board at the rate they are charging for replacement. Someone else made the comment to me saying that I wasn't paying for the board, I was paying for their technology. I told them that I thought I paid that to Watchguard the first time.

It still bothers me why the Firebox box was damaged yet no other equipment on the network had been damaged. A high enough level of EMF obviously passed from the line, through the fuse, and passed through the router to the 'external interface', but the Firebox could not handle the input. The surface mount chip blew at this stage. Is there no tolerance for headroom at all on the input stage of the 'external interface'? Should there have been some type of fuse or circuit breaker at this stage of the input? A fused input stage would have been a lot cheaper, saved time, put the Firebox back up and running and made a lot more sense than sending this back to Watchguard and paying for a $900.00 replacement box. Stupid me, I guess they know this. But do all the professional techs that support this product know this?

Anyone else having hardware related stories about the Firebox, please write and tell me your expensive story. Please e-mail to firebox@dcllabs.net. I would like to start including the e-mails that you all have been sending in for responses about this article. Please let me know if you're willing to do so.