The client administration programs are Java applications and tend to be cryptic. If the administrator is at ease with a Linux firewall configuration, this will seem familiar, but those used to other systems might feel uncomfortable.
There is no online help, and the interface between the Windows client and the pdf user manual did not work. The user manual could be read by Adobe Reader 6.0 and the manual is provided in printed form.
The interface used to configure the firewall is unusual, and reminiscent of IBM's Visual Age for Java development system. A work surface, divided into zones, represents the security policy with icons representing the predefined services and hosts as nodes. Each zone represents some type of network, private LAN, or the internet.
New services can be defined. Rules are set by selecting a property of one node and dragging a connecting line to a zone, producing a graphical representation of their relationship.To create a rule to allow internet access from the LAN, create a node representing the http service in the internet zone and then right-click in the LAN zone to select an "allow" connection, which is then connected to the service. This system provides a validity check, and disallows rules and relationships that would not work.
There can be up to 128 zones and four can be shown at once. A similar system is used to create VPN services and tunnels, which can be represented on the same work surface and manipulated in the same way.
This system works well and is easy to get used to, but it can be difficult to see what has been configured. Support could be a problem, with phone support only from 9 a.m. to 10 p.m. (GMT), Monday to Friday.