Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
We'd love to hear about it! Click here to go to the product suggestion community
Almost 20 seconds elapsed from the instant when you click apply to the instant you get back to Firewall rule page?
Guys, I hope that you track this as a bug and improve the performance.
In reply to Big_Buck:
I know this doesn't add any further to your request but the system load of almost 100 percent per core is unsustainable in a production firewall. I was running system load over 3 on my test firewall in a vm with quad cores. Yes throwing newer, faster hardware will bring it down a little but the system load has increased significantly in v18 compared to v17 and my test lab had only one user mostly playing with the GUI.
In reply to Billybob:
Attached is the load of my test virtual appliance. The load values are not significantly different from the originally used vmware virtual appliance v17.5. Vmware appliance is licensed to 4C6. Appliance runs on ESXi v6.7 U3, Intel (R) Xeon (R) CPU 5120 CPU @ 2.30GHz, RAM 2666GHz, and SAS HDD drive 10k with RAID6.However, I have found in the recent past that even with the new installation of ESXi hypervisor v6.7 the hypervisor installer installs very old network card drivers (especially for intel i350), it can be said very "antediluvian" and it is necessary to install the latest drivers using vmware CLI. Throughput is much better after installing current drivers on both network and storage iSCSI layers.
Maybe this could be the problem with your appliance's poor performance? I don't know what kind of environment you use, I just mention my experience.
focus on the topic of the thread.
If you have poor performance, open another thread. If you have complaint regarding the firewall or any other UI where too much time elapses from the time you click and the time you get back the UI, post here.
And it is particularly painful when you copy a firewall from one to another, because, for example, the backup would not restore for one thousands different reasons.
So copying hosts, groups, firewall rules, et.c. takes forever.
I have inspected backup files before a comic decided to encrypt it with no opt out options, and some xml files would be very tedious to copy.
No easy way and a mine field to walk tru ...
In reply to alda:
Anyone from Sophos?
In reply to lferrara:
just rebuilt a 17.5.8 on a J1900 box to compare settings. The box has 1 user, 2 firewall rules and is as slow as a wet week when refrshing the screen of the GUI or any other menu items.
That reminded me why I built the e3 box to get some realistic screen update times.
Some redesign of the front end needs to take place to improve the performance otherwise the admin will get very frustrated.
In reply to rfcat_vk:
The other day another customer complained about the slowness of the UI. "To create or update a firewall rule requires so much time".....He is still on v17.5.MR8.
I would expect that some of this is related to the performance of the hardware / VM.
I have only used Sophos VM's in the training environment. All my customers are using XG Hardware.
I know that the customers I have with an XG210 and an XG310 are far more responsive in the UI and rule creation than the XG125 that I use in my office.
I also do not have a single customer with anything smaller than an XG125. From back in the Cyberoam days, I installed a single CR15, found it so painfully slow then and lacking the report engine I never ordered another. I have kept this through to today.
The main dashboard takes nearly a minute to load every widget on the screen. When you create a new firewall rule, the menues are also very sluggish.
Should there be an significant perforcamance/appeareance improvement for the UI adressed with "project Picasso" for v18?
In reply to TheBalmasque:
If I am not wrong - my memory being outrageously unreliable - not long ago, you were asking the rest of the community for some understanding while v18 took so much time, because, mainly, v18 implied a full core re-write. Have you seen such thing happening somewhere ?
Besides the obvious few left and right, I did not spot any mountain moved.
We are clueless mainly because technical Sophos' communications are shutdown. And when they are not, it is merely a list of foggy concepts that taste mostly like marketing pie.
Yesterday, few users in few posts ask what was in some technical bulletins fixing scary names vulnerabilities only to be answered, again, with a link to a criminally generic WEB page.
No one can take sound technical decisions informed like this. So every decision becomes like playing Russian wheel on an act of faith.
So Project Picasso is yet another thing that risks to provoke no excitement.
You know that story of a kid who was screaming "A Wolf !!!" a little too often with the end result that the same kid failed to attract attention while it was most important ?
Honestly i don't think Sophos changed the core right now, even there was some rumors they will do with v18. Same thing for project picasso. The GUI is still the same with long response times.
But as we are all investing our time in testing v18, i think it would be fair, when someone from Sophos could explain what's up with the "core re-write story" and "project picasso".
Thanks for your answer.
I presume this would be questions for this event: https://community.sophos.com/products/xg-firewall/sfos-eap/sfos-v18-early-access-program/b/blog/posts/webcast-firewall-v18-overview-and-live-q-a-with-the-xg-product-team---november-14-11am-est
It would be preferable someone more polite and nuanced than I ask. Cause I have a tendency to be aggressively unforgiving in my speeches when I'm not delivered in time what I rightfully expect since it was promised ages ago. I'm stuck at WWII thinking era. Kind of "If you don't you die".
Picasso? I think we are still trying to find nemo.
Kidding aside, Sophos should do themselves a favor and acknowledge v18 with respect to the internal code names floating around. Is this the result of nemo?? Boy I sure hope not. Cause from what I see nemo isn't done and picasso hasn't even started. Just my eyeball test though.