v18 EAP2. Anyone have a clue when ? Because I have quit testing EAP1 ...


I concluded it was useless for me to continue testing EAP1.  First because I am on the impression things are simply not working.  We are testing something "in the pipe" which, to my judgement, means before EAP.

And there's the thing that many - including me - had half of their posts deleted by moderators with no appropriate judgment.  It has become counter-productive.  What's the point of testing hours just to have our comments deleted in the end ?

Paul Jr

  • In reply to ChrisKnight:

    I have just done the exercise to check Sophos appliances CPUs from XG85Rev2/XG86 up to XG210Rev3.

    In general, it supports AES.  But I would have to check more to make sure it is AES-NI for all cases.  I say that, because Sophos appliances' CPUs are of old generation. Earliest being released in spring 2017.  XG86, XG106, XG115Rev3 are using Intel Apollo Lake CPUs that were released in 2016 with 14 nm lithography.  It is not archeology yet.  But the clear goal is to shop in "EOL / Inventory clearance" to reach the cheapest price point.

    On top of it, memory and storage are kept at minimum speed.

    I personally think anything below XG115 should have never existed.

    Paul Jr

  • In reply to Big_Buck:


    I personally think anything below XG115 should have never existed.

    Interestingly when I started my XG Firewall journey I was advised by Sophos Australia techs not to use nor recommend anything smaller than an XG115. So glad I took onboard that piece of advice.

  • In reply to ChrisKnight:

    I advised our sales group (we are a reseller) to never sell any of the models with only 2GB of RAM... thank goodness.  I actually turned a few potential customers away who insisted on it (not using it as a simple firewall, we're talking they wanted to use all the features on very high speed circuits with large user counts).  Didn't want the headaches.

  • It's funny how it is always the same people who complain about a concept they seemingly can't comprehend: Beta testing. It's always the same when a new EAP arrives: People download the very first version, slap it onto their machines and expect a production ready system. And then the endless complaining begins. 

    EAPs are supposed to be broken. And you are supposed to break them. You are however not supposed to use them in production. Deal with it. Read up on what it actually means to use beta software. And stop complaining. It doesn't help. Anyone. At all. 

    That said, I can see why Sophos deletes irrelevant posts that don't add any value to the tests. 

  • In reply to cryptochrome:

    You're right, it's Beta testing and we are currently on EAP 1, there's EAP 2 and 3 to go before GA.

    I've also complained before about v18 EAP 1throughput, the main reason of it being slow was IPS, it's currently 1/3 the speed i has getting on v17.5.x.

    But, I has also wrong before - I've made a post saying TLS/SSL Inspection has slower than the Web Proxy (HTTPS Decrypt), which is wrong.

    TLS/SSL Inspection is currently much, much faster than Web Proxy.


    For the people that didn't watched the 14/NOV webcast, EAP 2 is coming next week.

    I'll be waiting to know what has been fixed, or if there's any IPS performance improvement on it.

  • In reply to lferrara:

    EAP2 is a "tock" step.  While EAP3 will be a "Tick".  There's not much, on EAP2, at least "on paper", that addresses any of my concerns with EAP1. All we can do is wait and see.

    So it probably means I'll restart testing only with EAP3 in December.

    Paul Jr