Release of v17 MR-2?


now that MR-1 has appeared, I wanted to ask when MR-2 will appear? The problems and instabilities of IPSec in v17 (especially in connection with V16.5) are very annoying.

  • In reply to Big_Buck:

    We are in August ... zzzzzzzzzzzzzzz

  • In reply to Big_Buck:

    I still have yet to buy another XG firewall since a terrible VPN experience earlier this year. I continue to buy the other (software) products for customers though which I do like. Meraki seems like a much safer bet for firewalls. Sophos Rep, change my mind! Seeing the feature requests page, and some of the stuff that's lacking is just embarrassing.

  • In reply to apalm123:

    We are 18 month late on the development.  v16, v17 have mostly been bug creation/fix so far, and minor cosmetic stuff.  We now have CASB, kind of, but I wonder how many XG users use it actually.  Would have been far more important to fix LDAP connection, Reporting, and all others things mentioned already too many times. 

    The REAL problem I see is that major community contributors stopped posting. We see as many questions generated as before, but not many "experts" left to answer them.  SFOS 17.1.1 MR-1 so far is stable for us, but the pace at which development happens was a legitimate argument to look elsewhere.  We are stalled ...

    Paul Jr 

  • In reply to Big_Buck:

    Hi folks,

    I think one of the biggest issues is the failure to perform QA completely on each release , just look at the latest UTM issues.

    Don't get me wrong I am not downplaying the missing features. I must admit I have not yet compared v17.1.1 with my home user list of missing or faulty features.


  • In reply to Big_Buck:

    I agree,


    A while back the updates were coming thick and fast and with each brought new bugs and issues. I always find it would be difficult to fully QA every detail every time due to the expansive way we all configure, use and deploy the XG Firewalls (not excusing basic QA)

    I have found many issues and work arounds through other users like you guys and some who no longer visit the forums and I haven't yet found Sophos Support that good at what they do.

    I also need to upgrade my XG Firewall to a bigger one and I am stuck deciding whether to stay Sophos or reinvest in something else without the headaches. I have spend the best part of the last 2 years learning and configuring the current XG and I still find issues daily that frankly shouldn't happen.

    STAS is a steaming pile of dog turd on a good day!

    I truely hope some Sophos folk read this and reiterate to the development team they will lose many customers if the fail to raise the bar a bit.

  • In reply to M8ey:

    There are things in the list that could be fixed very rapidly.  For example, NTP time services have been developed on all platforms on the planet a long time ago.  There is no need to re develop that code. It already exist everywhere !!! Same goes for DNS.  Same goes for a lot of things in the list.  I do not know how complicated it is to re code Stass however.  Symantec have  “DC Interface”  since Mathusalem that is very small as a service and works as intended.

    What I do understand is that XG is a collection of services running on an hardened OS that Sophos have not developed.  They integrate and secure services mostly.  The rest is a WEB interface to cover it.  VPN is Strongswan ( for example.

    So ....  

    Paul Jr

  • In reply to Big_Buck:

    I hear you mate!


    The XG was probably released about 2 years too early.

    Seems Sophos lack direction....

  • In reply to M8ey:

    Ian: Like your description of STAS :) Have your issues with STAS not yet been resolved?


    I suspect many of us are in the same boat. Also need to upgrade hardware at the end of 2018. Stick with Sophos or move to Fortigate.

    I have received good support from Sophos but at the cost of multiple international calls from Cape Town, South Africa to the UK. Sophos have toll free or local numbers for numerous countries but forgot that there is large continent called Africa.

  • In reply to envercpt:

    It definitely does feel like the pace of development has slowed considerably.

  • In reply to envercpt:


    Have your issues with STAS not yet been resolved? 


    STAS works well about 98.5% of the time - its the ones where a user logs on and gets the pop up (me) when I am authenticating with AD fine.

    Or when for no reason the XG stops authenticating me and either cuts me off or goes to NTLM - random and no reason why.


    Stuff like that gets a little old and when you have a heap of users having to log off and back on to get a connection due to STAS having a cow its not a good thing.

  • In reply to M8ey:

    STAS for us has been a bit of a PITA, but primarily for machines that have multiple users logging in during the day.  I have found the SSO client to work well.  It is unfortunate that the installer that Sophos wrote has so many bugs, it is practically uninstallable.  I actually wrote my own installer and pushed via a GPO.  All you need is Advanced Installer 15, the executable, add to the Installer project a registry entry HKLM-software-MS-Windows-CurrentVersion-Run.  Have the GPO itself put in the HKCU the ip of the sophos, and the domain name (the executable does not look at HKLM).  I abandoned STAS recently and am actually quite happy with the SSO client.  A few other issues with STAS:  1) if the db file gets too big on a DC, it can mess up authentication.  2) STAS can cause an loop lock from web traffic on a terminal server.  This issue I did not see until this latest version.  Yes, you can take measure to deal with a terminal server, but if for whatever reason you don't, might take a while to figure out just what is breaking authentication completely.  This I find inexcusable. 

  • In reply to David Carskadon:

    SSO Client works fine for the most customer, who can build their script at their own.

    The "Sophos" logon script is only a example but you are right, you can build your own GPO with the correct flags in registry etc.

    Do you want to publish a How to: about this? I am quite sure,  is happy tp help you to update an KBA. 

  • In reply to LuCar Toni:



    Do you want to publish a How to: about this? I am quite sure,  is happy tp help you to update an KBA. 



    I would be interested in seeing how you did this as well as I am losing faith in STAS and would like another way.

  • In reply to M8ey:

    We are talking about:

    And this is just a "example" for a quick and fast solution. 

    Feel free to play with the GPO / logon scripts / or use an own way to work with it. 

  • In reply to LuCar Toni:

    Going back to this thread topic. v17.1.2 MR2 is released ...

    And this thread which discuss the same topic as here (in theory :) :) :)) ...

    The bug fix list is surprisingly long.  Very long.

    Paul Jr