Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is still missing on v18

To be honest I like the v18 version but, of course, certain implementation need a better improvement. I posted this thread only for reporting and logging:

https://community.sophos.com/products/xg-firewall/f/logging-and-reporting/118663/reporting-and-logging-dear-xg-we-need-a-big-improvement-in-these-2-fields

and I did not complete the list as it is already long.

For the rest of the features, where I have feedbacks from my customers, the list of things to implement and improve are:

  1. Logging and reporting as described in the above thread
  2. Merge network objects. The same subnet/IP list and so on is created multiple times now. Please leave the hosts as the only source/Destination and make sure it is usable in all sections. For example, DHCP, DNAT wizard and so on
  3. Merge DHCP and DNS entries. It is a mess to understand which computer name with which IP and so on.
  4. Delete objects like UTM. Inform where the object is used before the deletion is performed
  5. Perform backup and restore via CLI. In some few cases, the box does not start completely or the UI is down. Allows admins to perform backup/restore operations via console
  6. Improve the DNAT wizard. I already had some feedbacks from the presentation I did to few customers about the new DNAT wizard. From 8 of 10 people, said: Why they removed the nice Create Business Application Rule? It was so nice and straightforward compared to other vendors and compared to the raw Server DNAT wizard? So I would prefer and suggest to have the old BAR. For the DNAT wizard, Sophos you need to include:
    1. Destination IP should be a selectable object and not an ip
    2. Possibility to choose an IPS filter
    3. Possibility to decide if the rule is enabled/disabled
    4. Enable logging by defautl
  7. Have unencrypted backup option. It is a bad options, but some small customers they cannot remember even their own password. Ability to decide if the backup is encrypted or not.
  8. Change firmware version from console. If the box does not start for some reason but the console starts, possibility to choose (ok restart the box with this firmware version). This can be done now but the process is not straightforward
  9. Change KBs to Kb/s. QoS in the industry is based on Kb/s.
  10. Flow monitor Graph where we can show to customers they bandwidth consumption and block or shape application directly from there like UTM. When I showed this during POC, in the UTM era, customers where already impressed and prompt to buy it!
  11. Customize the control center: customers are different. Every customer wants to customize their dashboard. One of the top request is the current bandwidth utilization in the Control Center. The gadget is missing!
  12. UI resolution on big screen! Change the UI framework!

Hope other users can add their top features list.

As always, I am here to improve the product!

Regards



This thread was automatically locked due to age.
Parents
  • Is IKEv2 Remote Access an option now with v18?  Haven't had a change to test v18 just yet.

  • Hi Ryan, IKEv2 has not been implemented yet for remote access VPN.

    I add even the feature to change port. Now if you are running a network on port A 1 Gb network and the customer upgrades the switch where XG is connected to 10 Gb, to change the port without losing the configuration is a nightmare. You need to use sql commands to change references inside psql.

  • Hello luk,

    yes, changing the configuration that takes a maximum of 5 minutes on UTM v9 can take a whole day with XG v17/18 !!! I can confirm from my very recent experience.

    Regards

    alda

  • Thanks Alda. Any good example?

    With XG Customers, I am struggling with troubleshooting and report.

    I am teaching: TCPDUMP, CONNTRACK, TAIL -F, CAT and GREP. Customers which are not Linux expert, I spent more time for them to troubleshooting XG than configuring.

    For reporting, it is a nightmare. I.E: "Can I have a report for all traffic generated from this VLAN to this VLAN?" Take note multiple rules exist from the same source/destination network.

    I reported the most issue with reporting in another thread.

  • Hello luk,

    logs and reporting? In the case of XG, we can even think that this feature exists in this product, really?!? Indeed, as you mentioned, reporting, it is a nightmare. In another thread, someone in this forum mentioned that the report does not use rule names but still uses only rule numbers. I also think a very good example of how good reporting in XG is.
    In XG v18 it is now possible to change port names, but what a surprise, the Log viewer still uses ONLY the original system names. I reported this problem as a bug in EAP1 (October last year) and what names does the Log viewer use in XG v18 GA (second half of February this year)? What a surprise, of course, ONLY the original system names.

    I think we agree that the modification in Log viewer to use user-defined port names is only in the correct selection to the internal SQL database.

    I think we should stop lying, this product will NEVER be like UTM v9.

    Regards

    alda

  • Thanks Alda.

    Reports should use the names and not the rule id. Remembering numbers in reporting is like remembering the www.google.com IP address instead of the dns name.

    Anyway, with Sophos, we need to report which improvements we need for that part. I am sure that they will listen and improve logging and reporting as they did for UI v15 --> v16.

    Please report your experience and suggestions to the following thread:

    https://community.sophos.com/products/xg-firewall/f/logging-and-reporting/118663/reporting-and-logging-we-need-a-big-improvement-in-these-2-fields

    I am trying to collect users' experience so devs and PM can listen. I hope that someone from Sophos devs or can join this thread and the other above mentioned.

    Regards

Reply Children
No Data