We'd love to hear about it! Click here to go to the product suggestion community
Anybody have information about Version 9.7?
Once upon a time there was a roadmap :-) ...
If what's written here is true, UTM 9.7 is due in September: https://utm-shop.de/information/news-co/sophos-apx-serie-access-points-koennen-mit-utm-version-9.7-auch-mit-der-sophos-sg-serie-genutzt-werden
In reply to ThorstenSult:
Here’s some more information about 9.7
German original article:
In reply to mircevski:
A Sophos SE told me yesterday that IKEv2 will NEVER be implemented in UTM!
So APX Integration will be the main feature of UTM 9.7...
In reply to SWeissflog:
A statement from Sophos at the time said that IKEv2 would only be postponed in order not to delay the release of UTM 9.6 any further. If IKEv2 is never implemented, that would be a shame.
UTM 9.7 will not include IKEv2 support, that is not saying that it will never arrive in UTM, but it is not part of UTM 9.7. The screenshot in the latest website mentioned is out of date and does not reflect the current planned content of either UTM 9.7 nor UTM 9.8.
We will be shortly launching the beta for UTM 9.7 so stay tuned.
The fact that ikev2 is not being released in 9.7 likely means that it never will. They have made it very clear that SG is the past and XG is the future. There is no benefit to Sophos to support both, it simply increases their support/development costs.
It is the XP/Windows 7 issue all over again. Even with mounting vulnerabilities due to old core technology, XP (and now Windows 7) were just so good and stable that users didnt want to upgrade. But at least with these (especially Windows 7 to 10) there WAS an upgrade. SG to XG offers no simple upgrade path. The migration tool (hidden behind the partner firewall) doesnt provide 100% conversion of the configuration. Which means that even after the downtime associated with converting the SG to XG, you still have configuration that must be completed increasing the amount of downtime. The upgrade scenario looks a bit better if you happen to have an HA pair you can split, but with firewall configuration complexity and a less than 100% configuration migration the potential for prolonged downtime is high. And there are still reports of many bugs (many releases and lots of bugfixes each release) and a lack of feature parity with SG. All in all the migration from SG to XG is NOT trivial, expensive in terms of manpower (steep learning curve, feature validation, configuration, testing, etc..), and full of risk.
So Sophos needs something to drive customers towards XG and as it stands (at least from my perspective) there really is no benefit or compelling reason outside of ikev2 (an industry standard proposed in 2005, revised in 2010, and standardized in 2014). So it is probably not coming. I would love to be wrong, however the fact that it was planned and pulled from 9.6, not in 9.7, and not on a roadmap... it doesn't look good. It appears that Ikev2 will be used as leverage to twist the arms of customers and force them to switch from SG to XG.
And even if ikev2 is coming in 9.8, that likely won't be until late 2020/early 2021 and by that time we will have moved on. At this point the loss of trust in Sophos is too great to continue with them. We will probably ride out our current solution (opensense as VPN endpoints and SG as firewall) another year and then start planning a switch to something else (Checkpoint, Palo Alto?).
In reply to email@example.com:
We're trying it with XG ... but it's not an option for us and most of our clients right now.If Sophos abandons the SG or continues to refuse to include simple features just to push the XG, we need to look for a more reliable partner.
In reply to dirkkotte:
9.7 Beta out now!
Up2Date 9.670004 package description:
System will be rebooted
Configuration will be upgraded
Connected REDs will perform firmware upgrade
Connected APs will perform firmware upgrade
Support for new APX AccessPoints
Certificate Chain support for WebAdmin and UserPortal
Certificate Chain Support for WebProxy
New RED Site 2 Site Protocol
Retirement of UTM Endpoint Management
Fix [NUTM-10804]: [Access & Identity] strongSwan vulnerability fix (CVE-2010-2628, CVE-2018-17540)
Fix [NUTM-10745]: [Email] Quarantine mail older than 14 days are not getting removed
Fix [NUTM-10958]: [Email] Quarantined SPX Mails which are released are still available on UTM
Fix [NUTM-10454]: [WAF] SAVI integration doesn't support scanning files larger than 2GB
Fix [NUTM-10873]: [WAF] Underscore in DNS-Hostname makes WAF unusable
RPM packages contained:
In reply to twister5800:
that link fails firewall security check, CA issues.
In reply to rfcat_vk:
Hmm..works fine here but try with:
Well...What about to finally release any list of supported 4G/LTE USB modems for appliances as well as RED devices? It is really hard to find working modem...
In reply to vikino:
Think this is the "newest" :-)
Yes...and most of them it is not possible to buy on actual market,3 yrs is long time for this :-(