I have a Watchguard X10e Edge XP2e6. The firmware version is 8.6.1 (sept 19, 2007)
The optional Auto-Block feature on this firewall puts an external host on the "hostile sites list" if the external host attempts a connection where there is no policy to handle the connection. There is no configurable threshold level available, so if an outside computer sends any SINGLE non-compliant packet to the firewall the host is put on the "hostile sites list" for the configured amount of time.
The problem is, it appears that occassional non-compliant traffic from all friendly remote hosts is normal so they get blocked when you don't want them blocked.
Examples: Our small business allows a few remote users to use pop3s (995) and smtp-submit (587) to use the Exchange server. They use Outlook on Windows XP and Vista, and their systems check for mail automatically every 15 minutes all day. Nothing else is configured on their systems addressing our network address.
Almost Every day, these users gets blocked because their computer sends some non compliant packet to our firewall.
We also use Postini to filter inbound email. We have an smtp packet filter policy to accept TCP port 25 from the Postini address block. Every few days, the firewall will put Postini on the Hostile Sites list.
Since occassional non-compliant traffic seems to come from all hosts as by-product of compliant connection attempts, it makes the Auto-Block feature unusable . . . unless Watchguard has fixed it on a later version, with some tolerances or thresholds to avoid blocking freindly hosts. (Since these friendly remote hosts are on dynamic connecitons . I have temporarily put auto-block exemptions for the entire Address Block their ISP uses in their region.)
Does anyone know if this feature has been improved since the firmware version that I have ? It will cost me at least $200 to get this firewall updated with the latest firmware, and it is not worth it to me if things like this remain a problem.