I havent heard to much in the way of watch guard vulnerabilities but since it only does dynamic packet filtering im sure its vulnerable to DoS attacks ,like teardrop and smurf.
Likely true. I actually use this FW behind a gateway router ... so I do most of my granular stuff on the Cisco with ACL's, etc., and the FW just kind of mops up behind it. Sooo ... is it vulnerable to DDoS / smurf? Maybe. However, with my router config, DDoS and smurf attacks typically won't have a leg to stand on.

Good observation, though - I suppose that I could put the FW out on the "front lines" to see what it really *can* do ... but I'm more secure having the router out there.

~N~