After a recent installation of a Juniper SSG-140 Firewall, I came to question the philosophy behind the development of the product. Don’t get me wrong, the product works, but it feels like the setup is needlessly complicated for the sake of complication. Frankly, I think the biggest problem stems from two items with this particular firewall:

• WebGUI – In short, it is possibly the worst designed and hardest to use Web-Based GUI, short of the Java Evil that was the Symantec Firewalls, that I have ever had the displeasure of using. In this age of Ajax and everything being clickable in a browser, there is no need that I should have to use the left hand menu bar for everything. Even the header bar with the Hierarchical structure isn’t clickable. So if I need to go back up two levels from where I am, I have to find that section in the menu bar, remember which section I need and click there.
• Needless Complication – Once the box is up and running, forwarding a simple port is a chore. Not to mention you can’t forward Ports 22, 80, or 443 through the untrusted interface’s IP address as they “are reserved for management”. Assuming the box is configured correctly and works, there is a process of no less than five steps that must be taken in order to get the port forward working.

Now, this particular firewall has a feature list that pretty much covers every single aspect that anyone, anywhere could ever possibly ask of a UTM firewall, but therein lays the problem. That last 1-2% of features that they added into box is what makes it non-user friendly and a horrible pain to administer. I guess I can see how being a large company like Juniper that is trying to fight Cisco for the crown, needs to force all these features into their boxes, but I truly don’t believe it is the right play.

Maybe I’m jaded and spent too much time working with the Calyptix Security boxes that I’ve installed. I’ve probably gotten accustomed to the simplicity of the design, with a feature set that tops the needs of 98% or more of the SMBs out there right now. I’d rather have a simple and effective platform that meets the needs of nearly all my clients and have to work to please those last 2% than have to work extra hard to support all my clients for the sake of that last 2%.

The question remains, what is more important in the end? The unending feature set to accommodate 100% of your clientele, but it can make your like a nightmare or the simple and effective platform that meets the needs of 98% of your client base and needs some tweaking for that last 2%. In my book I’ll take the simple but effective platform anyday.