Dear Community,
I already had the possibility to present v18 to some customers in a live demo and showed them the changes made into v18. The features are very welcome and "approved" by the customers but the problem is how these features are implemented.
- DNAT: customers really liked the way Sophos was allowing the creation of DNAT Wizard. Sophos wanted to follow the competition instead of creating their own product. Also, the DNAT wizard windows is very raw. Current DNAT is very copy and paste from other vendors and it is a step backward compared to BAR implementation
- Current DNAT wizard: the wizard creates loopback and reflexive rules automatically, so all the time you need to delete them. The Wizard does not enable logging by default, does not allows you to select IPS profile and it is enabled by default
- If you delete the DNAT firewall rules, it does not delete the associated DNAT rules. Really? This is another example of bad design/implementation!
- WAF: WAF is under action. Dear Sophos this is very bad design! I am sure a lot of customers will complain this as it is not straightforward. The success of ASTARO was simplicity while XG is complicated
- SD-WAN: for SD-WAN, users need to move between 3 tabs and 2 menu (firewall, nat and SD-WAN under Routing). This is another example of bad design and copy and paste example. In my opinion, I would have renamed Firewall tab to Policy tab and
- Leave the BAR
- Create a new wizard with SD-WAN policy where linked NAT creates the associated NAT.
- Icon inside firewall rules: it was straightforward to recognize a BAR rule vs a standard firewall rules. We have filters but sometimes a simple scroll down (specially when the rules are fewer than 20, you can on the fly recognise the BAR instead of reading all rules now or using filters
- DPI vs PROXY: the 2 checkboxes create a lot of confusion. To be honest I do not have an idea how to improve this point.
Community users what do you think?
This thread was automatically locked due to age.
