TLS 1.3 It has been in the work for four years. Knowing that TLS 1.2 have been implemented only recently on selected products (for those who figured how), when can we expect it will be implemented on XG and other products ?

TLS 1.3  It has been in the work for four years.  Final approval happened last week.

Knowing that TLS 1.2 have been implemented only recently on selected products (for those who figured how), when can we expect it will be implemented on XG and other products ? In 2028 ?

Paul Jr

  • In reply to Big_Buck:

    I've learned from the mistakes I've spoke here on the forum, but v18 isn't that bad as i through.

     

    The new DPI has a nice addition for XG, well It's currently only giving issues in very specific environments, also it's giving weird errors with FireFox.

    The "NAT re-melt" in my opinion has a good thing, every competitor currently have NAT separated from the Rules Policies, the new model present on v18 EAP3R1 and now on GA for NAT is easy to understand and manage.

    The only "bad" thing about the "NAT re-melt" is Linked-Nat, pretty much the first thing I did on EAP1 has to delete every single one of the Linked-NAT generated by XG and created actual useful and easy understandable ones.

     

    About the "basic things we still do not have", I'm probably playing devil advocate here, but.

    1) Currently only Checkpoint & Forcepoint (that i know and used) have real-time Log viewers, and that's because they have their own client to do this (Smart Console & SMC) (They doesn't depend on WebUI), hell, even PAN doesn't have a real-time log viewer.

    2) True, there's no discussion here.

    3) I can see this as an UTM feature, but is it really needed for a NGFW? No other competitor have it (Besides Fortinet), if you have a need to force your clients to use the same NTP server, you can pretty much do this right now with a new NAT Rule.

     

    Also about the XG105 being unusable for v18, at the same time it sucks, almost every vendor does this. Last week I've discovered my CP-1490 is still on R77 with a reskinned client of R80.x, simply because the 15x0 series has been released.

     

    Thanks!