We'd love to hear about it! Click here to go to the product suggestion community
between travel, vacation, and just plain being busy, I've been away from the forums for too long! I'm just getting caught up on what's been going on here, recently, and there's been a few interesting conversations. There's still quite a bit of uncertainty about XG, where it came from, where it's going, and what happens to UTM9 now. Rather than reply to a bunch of older threads, I'll try to address some of the bigger questions and concerns I've seen, here in this thread, faq style.
Is XG just Cyberoam with a new UI?
No - but it's easy to understand why you might think that. XG is a pretty equal mix of technologies from Sophos UTM and Cyberoam. Some of those compnents are more visible than others. For instance, the web proxy, web app firewall, wireless, atp, and av are all Sophos UTM components ported to XG firewall. The config model, which allows enhanced identity awareness, a full API, and full central management, comes from Cyberoam. Though it also brings with it a dependency on the UI framework. This means, that the UI fundamentally will bear more resemblance to Cyberoam than Sophos UTM. Long time UTM9 fans ask why that would be, and the answer is relatively straightforward.
Are all the old Astaro developers gone?
No. Of course, we can't hire any more Astaro developers, and it's been almost five years since Sophos acquired Astaro, so change is inevitable. But the old Astaro office remains, and has grown substantially in the last few years. It continues to be a key development center for Sophos UTM and XG firewall, with many astaro developers remaining as leaders in the current teams, and more developers working there today, than ever before.
Is anyone still paying attention to these forums?
Yes - now more than ever. Since the creation of astaro.org forums, there has never been any official goal for anyone from the company to participate in the forums. For example, I try to participate regularly, for instance, but for around the past month, many projects have kept me away. Over the years, a few people have participated more regularly than others, but entirely at their own choice, and usually on their own time. Some of those people have moved on, and others are here but have moved into new roles, while a few still do respond from time to time. This new community site was built partly, to provide a central platform for a focused team of people can be more involved in more of our product forums. We're working on this today, and you should see some improvement already. You'll also likely see something from the community team, providing some updates on those plans. You should see more activity directly from Sophos, moving forward!
Does Sophos still care about it's users?
Of course! I see comments suggesting that Sophos is too focused on winning awards, and making money, and not paying attention to actually putting out a good procut. Hopefully, the impossibility of such a goal is clear. You can't win awards for a useless product, and you can't keep being successful if your produts aren't useful. Our focus as a company is very clear. "Security made Simple" means bringing enterprise grade protection to small and mid sized organizations, in a way that's easy to use and understand. This is the same vision and focus we've had for many years. Nothing has changed with XG, except we are starting from a different point. in some areas, we've made advancements over UTM (single security policy, synchronized security, etc..) and in others, we now need to catch up. which leads to the next question.
Does Sophos thinks XG is perfect as it is now?
No. We believe XG is a solid starting point for a new platform, with a huge potential. XG isn't meant to be a replacement for UTM9 just yet. For many, it's close enough, and ready. For many new customers, who are migrating from competitors, it's the perfect starting point with Sophos. As a public company, it's difficult to speak about how successful XG has been, while avoiding "forward looking statements". So suffice it to say, there were no unexpected surprises with the release of XG. There's a lot of positive things we can say about XG, but that's not to say we think say it's achieved everything it needs to. It's not yet a suitable replacement for most UTM9 customers. For starters, we still need to close on gaps in features between UTM9. We also need to evolve the UI meaningfully from its first release. There were some things we wanted to do, but couldn't in the first version, and there are things we learned from our users, that we need to change.
What's happening in the next version of XG?
We've received a lot of feedback so far, from here in the forums, and elsewhere. Here's a few of the points we've heard:
The items above are all on our target list for the next release. We have some comprehensive plans to improve the top ten areas needing UI work, in some very meaningful ways. For example, web filtering works very well, and has an understandable model, but doesn't support policy inheritance. We're working on a method to implement a policy model that more closely matches UTM9, but also adds policy inheritance. This model will allow one firewall rule to cover differing policies for differing groups, and at the same time, make policies much more powerful than they are even in utm9.
We're pushing towards starting a beta near the end of April. The first beta should show some solid UI improvements, but it won't be everything. we'll also plan to release a series of updates, which will add more capabilities through the beta process. This should allow for more chance to react to feedback from the beta process, to be incorporated.
This release won't close every feature gap and there will still be room for UI improvement in some areas - but we have a plan, which will not only close the most important gaps with UTM9 today, but will substantially mature the user experience. The goal is to bridge the gap for most current UTM customers.
What's going to happen with UTM9?
It's pretty natural to assume that UTM9 will slip immediately into maintenance mode. But that's not exactly what we're expecting. UTM 9.4 will go into beta in coming weeks, which will add some significant, and maningful features to UTM9. One of these features brings brand new capabilities to the firewall, and we're bringing it first to UTM9. This new feature won't make it to XG, until later in 2016. 9.5 is also being planned currently, and we plan to keep putting out feature updates for some time to come. At some point, we will move it into maintenance mode, and eventually it will be retired - but we have no intention do that before our partners and customers are ready to move to XG. We're not rushing to retire UTM9.
What firewall should I replace my UTM with?
Why replace it, if you're not ready to go to XG yet? UTM9 isn't going anywhere, and it's still getting active development and features.
Hopefully this helps to answer some questions on where we're going next, but lets discuss, if you still have questions.
In reply to IanMorehouse:
In reply to AlanT:
Hi Alan, If I turn off MASQ in my web policy nothing gets through, where as all http type traffic gets through with MASQ enabled. There doesn't appear to be a transparent proxy, just a full proxy that requires a proxy pac file or similar.
In reply to GaryChancellor:
Is there an update to this now that it is 8 months later? What features are now working? What is the current feedback?
Most of these issues are still hanging out there. I wish I would have researched the XG product line a little better. Your marketing guys are doing a good job selling a semi functional product.
An update on these issues would be nice. Like some have said already I definitely couldn't recommend the XG product line. And the XG combined with the Sophos end point protection have left a bad taste in my mouth. Striving for simplicity at the expense of utility is counter productive.