This product is faster, smarter, has less overhead and has some great features. Unfortunately it also takes a very high degree of knowledge to make it all work properly. In my opinion it's too much work for the common admin. Like so many people/places out there that have been using your products for years (personally 10 years and 5 of those were for a reseller of Symantec products) I think it's just too much to configure for one environment with less than 1500 people. One suggestion would be to populate the network services with real services that are used, like one for an Active Directory Domain. I had to go look up an article and test it extensively. If you had created it it would just work. Or you could have had smart services like you do for DNS and DHCP, but put one in for an AD Domain. How about asking us users what applications we do use and creating a policy from that? Ask us what our domain controllers IP addresses are, ask us if we use http and ftp, and work from there. I realize that there are millions of applications out there, but there are the core apps that are used in most of the environments that your products are used in. And for heavens sake, at least populate your software with your own services... Why in the world do I have to go define a backup exec remote agent service? It's your own product, at least make it work with your other products.
We as users are looking to your products and your knowledge to help us secure our networks in whatever way we can. The last thing we need is more work to do, but in order to really use all of the capabilities of your product we have over 500 pages of reading to do, need 5+ years worth of experience with firewalls, and a server that has nothing else on it just to get a slow admin console? I really appreciate you speeding up the client side of this, it's going to make my users happy, but in the process you made my world a lot more complicated than it needs to be and I am the one deciding to purchase your products...