XG Firewall - Roadmap?


is there a roadmap for the XGs for the next major versions and the planned functions?


  • In reply to Michael Dunn:

    As far as I know there was also a partner meeting on March 1st, but no news was released after that...

  • In reply to Big_Buck:


    Just upgraded one of our branch office from 17.5.3 to 17.5.4, got some troubles with dhcp (devices doesn't get the gateway ip, ipconfig /renew very slow) and a pppoe connection doesn't came up till i disconnect and reconnect it manually...

  • In reply to guillaume bottollier:

    Problems start to pop up on XGV17.5.4 MR-4 ...

    On Google Chrome 73.0.3683.86, here is what firewall rules look like now :


    It happened to me before.  But closing the web page and re-opening it would solve it.  Not this time.  It happens on all firewalls and is now permanent.

    Paul Jr

  • In reply to Big_Buck:


    i had exactly the same error a while ago. In my case it helped to clear the cache data in Google Chrome. But i think it's the same with other browsers. Wink

  • In reply to TheBalmasque:

    Oups !!!  I forgot to clear the cache this time.  Annoying to say the least.

    I had to do it twice ... Meaning clearing the cache + closing app + testing = failed + clearing the cache again + closing app again + worked this time.

    Paul Jr

  • In reply to Big_Buck:

    Just a reminder that this is not the thread to post issues that you have with upgrades.

  • In reply to alda:

    Alda wrote already a while ago. 

    - v18 Beta - for partners April/May
    - v18 GA - September / October
    - v18.5 - Q1 2020

    We'll see.

    Time to post basic list of requirements again:

    1. Logs are still helpless.
    2. Would be nice we had something that compares to Checkpoint ...
    3. Some shy improvements in v17.5.
    4. The best would be a direct link with WireShark while logs becomes acceptable in a future version.
    5. STAS needs a complete remelting.
    7. Instead of going tru all those ports, registry keys, et.c. non-sense setups ?
    8. XG as an NTP is a basic requirement. Should have been done long ago.
    9. Full features DHCP. At least we could point desktops to 2 or 3 trustable NTPs.
      Pooled NTP web sites is such a non sens to me.

    2017 and 2018 were dedicated to bug fixes and stability almost exclusively.  2019 so far has only timid improvments.
    Hope 2019 will bring us on par with the competition.

    Paul Jr

  • In reply to Big_Buck:

    I think they are late already if they plan to release 18 GA en September the beta for partners or not, should be available now.

  • In reply to l0rdraiden:

    Euh !?  v18 was at first (24+ months ago) scheduled late 2017.  18 meaning 2018.

    You cannot plan any project with Sophos XG if there's features missing.  If you need features that's on v18 list, just forget it.  No one have any clue when this will appears.  Even internal apparently.  Additionaly, when v18 will be released, there will be bugs that will take months to sweep.  Either you take XG as it is now (i.e. it does what you need it to do NOW) or you look at something else.

    Paul Jr 

  • I understand that there could be some more communication about the road map and active development from Sophos, but it's also not very useful to constantly complain in the forums. If you're a Sophos partner, you can get some information from your rep at anytime. If you're not, then contact your partner regarding this information.

    I'm a Sophos Partner myself and some updates were given during the Sophos Discover Partner Conference last week. Since I don't think any of this has been shared yet publicly, here is some info to give you a bit of an insight:

    - No major features are going to be developed for v17.5 since all focus is on getting v18 ready for release (bug fixed will still be rolled out in MRs as needed)

    - There will be an early access program for v18 in July

    - GA for v18 is planned for November

    - there is no full feature list for v18 available yet, only internally at Sophos but v18 contains TONS of new features and improvements

    - v18 will separate NAT from firewall rules and have more configuration options (which some users have complained about)

    - v18 will improve overall performance by 30%+ and new XG hardware (optimized for new packet processing engine) will be released in early 2020 to bring even more performance


    Hope this helps a little. I'm sure there's more to come as we get closer to the July EAP release.

  • In reply to Bjoern Freiherr:

    Thanks - that's helpful.

    However, I think the key point of this discussion is that Sophos does not communicate these details to the larger community. Perhaps that's by design (or by contract), but there are many IT-departments that need to get an idea of the capabilities and features (current and planned) before engaging a reseller.

  • In reply to Arie:

    Having worked for a technology vendor in the past, I know something of the legal constraints that they are under.   We could only discuss unannounced products or product features under a non-disclosure agreement, using a standard script and PowerPoint slides that had been approved by the legal department, after a formal approval process.   Approvals were not assured.  Product announcements were only made when a delivery date was pretty certain.

    Development is an imperfect process.   When it goes badly, delivered features or delivery dates get deferred.   If a vendor sells a product based on a promise to have feature X by date D, then the vendor cannot deliver for any reason, the vendor is at risk of a fraud charge. 

    The other person's post is correct.   If you need a feature today, or will need it within your planning horizon, buy a product that has it today. 

  • In reply to DouglasFoster:


    The other person's post is correct.   If you need a feature today, or will need it within your planning horizon, buy a product that has it today. 

    Or take the Apple approach.  Keep everything super secret and only announce the day that you start selling.  It has gotten a little looser since Steve Jobs, but no one could ever "plan" based on upcoming iPhone features or release date.
  • In reply to Arie:

    I understand your concern and agree that Sophos could do a better job at communicating the roadmap, but as others already stated there might be limitation etc. for that. However, big features that are set to be released at some point in the future could and should be listed somewhere, even if it's without a release date. There's lots of good stuff in the pipeline and I think customers would be happy to hear about them. Hopefully we'll know more soon regarding the details of v18 and I'll be happy to post an update if something is released to partners.

  • In reply to Bjoern Freiherr:

    Ok.  The point I bring often that bothers me most is the pace at which development goes.  It does not match what's elsewhere in the industry.

    I understand that a road-map is just a road map, and all Developers have to maintain controls on it, but then, let's compare.  Up to recently, road-maps from Intel were clockwork (with some glitches these days, I know).  If they told it would be delivered 13.5 months from now, they would.  Yet, at the end of the day, I do not care much about road-maps anyway.  It's vaporware.  Wish list.

    What I care about is what I have in my hands.  And the historical rate at which I receive updates/upgrades.  I have been with Sophos for more than 2 years, I can safely state development pace is very slow.

    There's also the way development is prioritized.  SD-WAN may seem sexy, but meaningful and use full logs, full featured DHCP, time relay/reliable source, for example, should have been tried and tested options available since day one.  Routing have been insanely complicated.  For those who master CLI, it is not such a draw back.  But for those who are not sitting behind the console all day long stuck with the interface, XG's GUI and its limitations is a real problem.

    v18 will be released one day, but we all know there will be bugs, because the history is there to back these sayings.  v15, v16, v17 were bumpy roads, to say the least.

    It may look like complaining to some.  But it will look realistic to others.  Mileage will vary with your level of competence.

    If you're a deep linux CLI geek, with lots of other firewalls vendors experience, I look like complaining.

    If you're a casual small business user/manager, you just felt my pain.  But isn't this is where UTM market belong ?  Large organization owns dedicated appliances.  UTM is meaningless to them.

    Paul Jr