Where is V18 at?

Hi,

this request for an update on progress is for those of us that do not have access top partners/resllers.

Would some-one in the know who is allowed to provide progress on v18 please add to this thread.

I am not after guesses or conjecture, but real timelines (give or take a month).

Ian

  • In reply to lferrara:

    Fair enough. Apologies for drifting into off-topic territory. 

  • Is this a big secret when will finally be released SFOS v.18? We waiting for clear information when it is scheduled. Each of us could prepare with our devices up to this point.

    Strange situation. The flow of information between Sophos and the community is unsatisfactory.

  • Hi,

     

    i've just wanted to ask if there are any News on the release Date of Version 18?

  • In reply to Dwayne Parker:

    I feel like I've been stalking the forums to hear any news since late June.

    In a partner presentation they did say that the EAP bits will "probably" go out in a few weeks or near the end of September.  That was last week, so who knows.

    Here's to hoping that this release fixes the underlying core issues and helps speed up development moving forward...cause this is brutal!

  • In reply to axsom1:

    Any news at the start of new week?

  • The following post is personal opinion and not company position.

    Sophos is in a "damned if you do, damned if you don't" situation.
    If they announce an expected EAP date, and they miss that date, the community gets upset.
    If they don't announce an expected EAP date, the community gets upset.
    Therefore, in my opinion (not officially company position) Sophos tries not to announce a date unless it is firm.
     
    The community then looks at (deliberately) vague statements from months ago about possible dates and then gets upset they are not being met.  Which is a disincentive for Sophos to announce updated dates.
    I *know* people want information.  But pulling up slides and photos from the past and then saying that Sophos missed a date makes Sophos more secretive, rather than more open.  IMO.
     
    There is also a...  conflict inherent in any release by any company.  Any company doing a release wants to ship it as early as possible, right?  So they want to date to be really early.  But early dates leave no room for contingency and therefore are more likely to slip.  So you could announce a later date, which is less likely to slip. But now you might end up releasing later than you could.  This is a problem inherent in any estimation.  When the stakes are high, the impact of making the wrong estimate are higher.  So in this case, Sophos decides to not play the game and not announce an estimate.  Again this is only my opinion.
     
    The solution is that if the community really want to know dates then the community can never be upset if the dates change.  But that would require a culture change in both the community and within Sophos.
     
    Until then, for v18 EAP and any other Sophos release, you probably won't know the dates until it is just about to happen.
     
    Apple announces a new iPhone and its features the day before they start selling it in the store.
  • In reply to Michael Dunn:

    Michael, 

    I agree with most of what you said and agree that Sophos (or anybody) is often in the "damned if you do damned if you don't" situation.  Its also true though that just about everybody is on some sort of timeline or deadline to get things done (construction, software development, internal business projects, etc).  I think the missing piece of this is an atmosphere of anticipation that's created because, as long as I've been here (v16), it seems like "the next version of XG" is supposed to right a lot of supposed wrongs.  Now whether Sophos has created that idea, or whether our imaginations have run away with us on the forums, is another debate.  For instance, I hold out hope that DHCPv6-PD will finally make an appearance in v18.  It is baffling to me that such a basic feature is still AWOL, and nobody has told me that its coming in v18, but I sort of anticipate it.  Same could be said of Websocket support.  

    The bottom line is Sophos will release it when they deem it ready, and none of us know when that will be or what the criteria for that is.  Until then I eagerly await.

  • In reply to Michael Dunn:

    Hello Michael,

    I originally wanted to answer you something in the sense that maybe you should go into public relation than the developer. I think you are very capable of distorting the truth. Well let's just be that ...

    However, I did the job and looked a bit into the part, but also into the past, and both looks don't look well for Sophos at all. Please take a good look at the two pictures below.

    I agree, it's not encouraging at all, is it?  

    Let me point out that this is also a consequence of the "publishing" policy and the subsequent fulfillment of the expected release dates and functions. As Big_Buck pointed out in his reply to your contribution a little while ago, it's all about trust and expectation between the manufacturer and the user.

    Well, we will see how many participants will participate in the 18 EAP .....

    Regards

    alda

     P.S. It would take a little more humility and fulfilled expectations ...

     

  • In reply to Big_Buck:

    Big_Buck

    Sophos do not meet the pace at which the industry goes. 

    That, again, is such an over-simplified assumption that holds no grounds. Most businesses, at least medium-sized to large enterprises, operate extremely slowly and conservative when it comes to applying new versions and features. Just take a look at how many enterprises are still running Windows 7. Hardware is being replaced at an extremely slow pace, because, you know, never change a running system. Upgrades to software are planned months and sometimes years ahead, because of the sheer amount of dependencies. A smooth running business is usually way more important than using the latest bells and whistles, and downtimes are often unacceptable. 

    It may very well be the case that Sophos is too slow for your own personal liking, but please don't make assumptions on the general behalf. Most serious business don't care how fast Sophos innovates or releases new versions, unless they are suffering from a serious bug that needs fixing. No bugs = no upgrades, until they absolutely must. That is basically a general rule of thumb. 

  • In reply to cryptochrome:

    But we IT admins aren't asking for the more advanced stuff. Sophos is YEARS, like 10-20 years behind on a ton of standard stuff that should be in ANY basic firewall/router. DHCP and DNS are so abysmal, most IPS and reporting is useless because you cannot see hostnames at all. In summary the feature parity between SG and XG is embarrassing and to say it is business ready and ready to replace SG is false, they should be working double, triple time in order to bring XG to be what they say it really is. Bring up the standard stuff to parity BEFORE this nextgen stuff.

  • In reply to apalm123:

    apalm123

    But we IT admins aren't asking for the more advanced stuff. Sophos is YEARS, like 10-20 years behind on a ton of standard stuff that should be in ANY basic firewall/router.

    Like what? 20 years ago we barely had stateful packet inspection and dealt with proxy based "firewalls". XG packs a plethora of modern features like application filtering and sandboxing. Are these features very refined or can they compete with the big shots like Checkpoint? Most certainly not. But you get what you pay for. 

    DHCP and DNS are so abysmal,

    As a security engineer I would argue that DHCP and DNS servers don't belong on a firewall. If you take your security seriously, you have dedicated servers/services for that. Firewalls aren't meant to be jack of all trades devices. So personally, I could care less whether Sophos puts these services on there or not. Actually, I would even prefer they kept them off entirely. 

    most IPS and reporting is useless because you cannot see hostnames at all. In summary the feature parity between SG and XG is embarrassing and to say it is business ready and ready to replace SG is false, they should be working double, triple time in order to bring XG to be what they say it really is. Bring up the standard stuff to parity BEFORE this nextgen stuff.

    I can't argue with that. Agreed. 

    Either way, it is what it is. I think we should give Sophos the time they need. I prefer stable and bug free over rushed releases. Don't forget that they are in the unusual situation of having to maintain two entirely different code bases at once (XG + SG). There are only so many resources they can throw at things under these circumstances.

     
  • In reply to cryptochrome:

    Well Jumbo frames were becoming a thing in 1998 according to an article I saw. That's what I was referring to 20 years old.

     

    I want, and should be able, to provide DHCP and DNS from a UTM if I want to. Any router, even free ones from my ISPs have been providing DHCP and DNS hostname resolution in table format. Some background, I am a small business guy, helping other very small businesses to have IT security similar to that available of bigger companies. I started IT during the very beginning of the new cloud-era, with a good solid 4 years of work during the still "on-prem" era in-between. Ever since about 2015, every company I work for (minus a few bigger contracts) have literally ZERO servers onsite. I expect this to be the future for a larger number of small companies. Sure, there's always enterprises that are going to keep servers onsite. I can see why anyone with years of experience like yourself in the on-prem era still would push customers to use a server onsite to provide DHCP and DNS. But that's just not modern for many small businesses and the expectation in the industry is that a router/UTM can provide reasonable DHCP and DNS for business.

  • In reply to apalm123:

    apalm123

     

    Sure, there's always enterprises that are going to keep servers onsite. I can see why anyone with years of experience like yourself in the on-prem era still would push customers to use a server onsite to provide DHCP and DNS. But that's just not modern for many small businesses and the expectation in the industry is that a router/UTM can provide reasonable DHCP and DNS for business.

    Just to be clear, I am not pushing anyone to do anything :)   And using dedicated DNS servers doesn't necessarily mean they have to be on-prem (with DHCP I would argue they have to be, naturally). There are very viable cloud based DNS solutions available (even for small businesses at a very low cost, by the way). The reason I am saying that DNS and DHCP services shouldn't be running on a firewall is purely a measure of security. Sure, it's convenient to have all that on a firewall, especially for small businesses. But that's a convenience that has a risk attached to it. 

    Either way, I realize that small businesses need those features, so I am not saying Sophos shouldn't implement them. I guess we all just have to wait a little longer (or use UTM9 for the time being). 

  • In reply to cryptochrome:

    cryptochrome

     

     
    apalm123

     

    Sure, there's always enterprises that are going to keep servers onsite. I can see why anyone with years of experience like yourself in the on-prem era still would push customers to use a server onsite to provide DHCP and DNS. But that's just not modern for many small businesses and the expectation in the industry is that a router/UTM can provide reasonable DHCP and DNS for business.

     

     

    Just to be clear, I am not pushing anyone to do anything :)   And using dedicated DNS servers doesn't necessarily mean they have to be on-prem (with DHCP I would argue they have to be, naturally). There are very viable cloud based DNS solutions available (even for small businesses at a very low cost, by the way). The reason I am saying that DNS and DHCP services shouldn't be running on a firewall is purely a measure of security. Sure, it's convenient to have all that on a firewall, especially for small businesses. But that's a convenience that has a risk attached to it. 

    Either way, I realize that small businesses need those features, so I am not saying Sophos shouldn't implement them. I guess we all just have to wait a little longer (or use UTM9 for the time being). 

     

     

    Sorry by "push", just a common lingo that I know when you want customers to use a specific recommended setup. Like I "push" customers toward using Sophos even though there's options because I like their selling points