I will investigate this for you.
It's less about the short term issue (and if you tracked something down that's a great help-I did get a call soon after). The frustration is in the lack of communication. I just got off the phone with someone who was definitely helpful, and we ran through some troubleshooting steps. But I needed to make some changes and now need to call back- ok, not a big deal either, except that I have to go look up the number, wade through the phone tree, and hope that the same guy is on the other end (and hope he can help nail down the problem). I expect that to be a bunch of time, and I can't email him back.
The process is just complicated and difficult to navigate. Maybe some guidelines for what to expect could be posted as a sticky note (along with the note about the benefits of TSRs and a few other bits). Again-a few years ago we started using more of the Snapgears because the service was better than the alternatives. Coupled with the extra flexibility we made the decision to switch even with the interface and documentation quirks. But the support process has gotten more difficult to work with. Given the additional advances made by other solutions, the field is leveled somewhat. This forum has been a help, but it feels like there aren't a lot of other users taking advantage of it. With some of the bugs that have been released, the documentation and link mistakes, it feels like the product line is being backburnered (e.g. still no chat support? that would probably be quite helpful).
Yes its venting frustration, but Ross and Tom have put forth the effort to help, so I'm putting it here since it seems like this is the most direct route to the heart of the organization.
I must also echo Mike on this. In our experience prior to being taken over by McAfee support was much more responsive and you get to speak direct to guys like Ross on the phone and the issues were resolved very quickly. Now getting support is frustrating via both the support portal and phone.
I logged a support call (and also via portal) not long ago and did not get a satisfactory clear answer to my queries. The McAfee support 'team leader' could'nt even fully understand my question let along trying to answer it (detailed explanation and also diagram & TSR was attached to support request). I could tell (from the ticket details) this was due to lack of experience on the product (and general tecnical compentancy). The issue was refered to Ross eventualy but I had to kept chasing it up for a few weeks and there was no communication to tell me that it being escalated or generaly whats going on!
There was no avenue for feedback as we are not a sizable customer, until someone refer me to the yahoo group / this forum and seeing this thread.
I did not get a clear answer in the end to a simple question of if by default GRE tunnels and auto deactivated when the IPsec tunnel that it is running under failed / not active. After frustratingly trying to re ask the question I gave up in the end. I will re ask it on he when I get a chance to get back into what I was trying to do (Static route over GRE over IPSEC).
Appologies if my 1st post is a whinging one
Thanks for the feedback.
A lot has changed in the SG/UTM world over the last few years, and one of those changes involved offering 24x7 support.
This has met the need of many customers, but for those who have been long time customers and/or are experienced IT professionals, the level 1 support that was put in place is not adequate. These customers we recognise need advice from a higher level of support.
We do have escalation procedures, but it looks like there are issues that should be escalated earlier from the experience you have had.
I will follow this up with our team lead in India, but if you have further issues and need to contact someone higher up, feel free to PM me via this forum.
Under current release firmware you need to create manaully the triggers for bringing up/down a GRE tunnel when an IPSec tunnel comes up or down.
An example of this that we support is in the current user manual under IPSec failover.
With the new availability of the 4.5 beta, this can now all be done via the GUI and is transparent to the user as compared to the current method.
We are keen to see people use 4.5 if they can, and as such we endeavour to fix any issues incurred promptly, but of course it is beta status.
See if the IPSec failover section of the current manual meets your needs maybe first.
Thanks Ross, I shall give both a try. I saw the instructions for ipsec failover but did not try it out and didn't know that it can be used to control other things. If 4.5 has this all the better.
I though the the current support portal was on the same level as previously which now you have clarify it is not. I will be buggin you and others on here going forward
I think this forum provides an excellent place for the sort of questions yourself, and other seasoned user have. They are generally question many can benefit from.
This will educate your fellow peers, the new users, and the UTM management team on the sort of enviroments, challenges and features requests that our customers have.
And that is part of why I prefer the forums- the fact that you and Tom are around definitely helps keep the signal-to-noise ratio headed in the right direction-its certainly a far sight better than customer forums that some companies provide (really, a lot of people like me looking for help, and very few people who spend the time looking into any of it since they all have other jobs.)
So thanks for being here. But again, support is a test. I've been asked for TSR's even when my TSR was attached (and even resent in response to the email). Stuff like that just makes things difficult. I wouldn't mind a webex session type thing- that's even better than giving over remote access since I can watch whats being done.
Unfortuantly there can never be enough TSR's to diagnose an issue, so we tend to err on the side more is better. Nothing worse that looking at a complex escalated issue and the TSR does not have the right info for whatever reason. With time zone challenges, this can result in a extended period of delay.
We will be offerring live chat session for support in the future I believe, but you mention of 'giving over remote access' concerns me.
Under support conditions engineers should not be connecting to customers equipment under any circustances. Support now have the tools and resources to not need to do this.
Please PM me if you find this is not the case in the future.