New Sophos Support Phone Numbers in Effect July 1st, 2023

Sophos Firewall - WAF EoL?

I have noticed, that recently the WAF & E-Mail Features are disappeared in the Firewall Sizing Calculator.

So my customer thought to buy a Sophos Firewall, but we are not sure, if the WAF is near EoL, like the E-Mail Module where Sophos forces you to use Central E-Mail.

Does anyone know about?



Added TAGs
[edited by: Erick Jan at 10:25 AM (GMT -8) on 9 Mar 2023]
Parents
  • Both features are not EoL, they are simply out of the bundle of the licensing module. 

    So you can use both features if you want. The business case is simply decreasing of both modules. 

    Email because Sophos is focusing on a one product strategy (Central Email, which is far superior compared to other products). 

    WAF is loosing ground quickly due the lack of use cases in the field: Customers primarily used WAF for securing the Exchange on Prem, which is loosing ground. And Internal Web Servers can be protected with ZTNA as well, if you look into this product as well. 

    WAF vs ZTNA is another story. WAF was primarily build to protect your resource against "people you do not know" - For example a Webshop and people are going to do a SQLi on your webserver. If you want to protect a resource and make it accessible for "people you know", ZTNA is way more efficient for this use case. It scales better and is more granular. 

    __________________________________________________________________________________________________________________

Reply
  • Both features are not EoL, they are simply out of the bundle of the licensing module. 

    So you can use both features if you want. The business case is simply decreasing of both modules. 

    Email because Sophos is focusing on a one product strategy (Central Email, which is far superior compared to other products). 

    WAF is loosing ground quickly due the lack of use cases in the field: Customers primarily used WAF for securing the Exchange on Prem, which is loosing ground. And Internal Web Servers can be protected with ZTNA as well, if you look into this product as well. 

    WAF vs ZTNA is another story. WAF was primarily build to protect your resource against "people you do not know" - For example a Webshop and people are going to do a SQLi on your webserver. If you want to protect a resource and make it accessible for "people you know", ZTNA is way more efficient for this use case. It scales better and is more granular. 

    __________________________________________________________________________________________________________________

Children
  • WAF is loosing ground quickly due the lack of use cases in the field: Customers primarily used WAF for securing the Exchange on Prem, which is loosing ground.

    This is maybe true only if you talk about WAF within Sophos firewall. Otherwise, simple it is not true. 

    And Internal Web Servers can be protected with ZTNA as well, if you look into this product as well. 

    And how internal web servers are protected if we are talking about B2B applications, just one example?

    WAF vs ZTNA is another story. WAF was primarily build to protect your resource against "people you do not know" - For example a Webshop and people are going to do a SQLi on your webserver. If you want to protect a resource and make it accessible for "people you know", ZTNA is way more efficient for this use case. It scales better and is more granular. 

    What isn't mentioned with WAF you can use pretty much anything with web browser to access resources, regardless you are known or unknow, while with ZTNA (any solution) you probably need to have configured client on machine you are using. 

     you just have to evaluate for what your customers need WAF. Depending on use case you can use Sophos FW WAF or you may need to go to Fortiweb of F5 WAF with more features.

  • First of all, you are right, about the use case in a certain way. The point is: Most customers will not launch a new web application nowadays with a service like WAF in front. The business is moving towards SaaS applications, which either way comes with a builtin WAF or they are hosted anyway and the vendor offers protection of the service. See: Shared Responsible model. Hosting the own service is to expensive in the todays time. 

    But anyway: 

    Sophos ZTNA offers both: Clientless and Client based. You can offer both services: With or without a client. The Without a Client offering is limited to Web based applications, like WAF does it nowadays.

    The difference is: You focus on "Who is the user" and protect the client(if you can) and the server. 

    In most IDPs nowadays (for example Azure AD or Okta) you can easily do the B2B Applications or "invite guests to access the application". 

    This solution is for the case: You know the user. It is not for the use case of hosting a web shop. 

    __________________________________________________________________________________________________________________

  • There are 100 of 1000 of applications which will take decades to move somewhere, if ever. I don't want to even mention integrations between different applications. You need to widen your views if you can't widen you budgets for developing products.SaaS has many forms, it is not "SalesForce all over the world".  

  • lets take those numbers: 10 of 100 Applications are in this scenario: How many of those applications are based on the fact: you need to publish them to everybody or a set of known users? From my experience, most of those apps are presented to a set of users. Lets do 8 of 10 apps are for internal usage or usage of business partners. 

    This leaves you with 2 of 100 apps, which are presented to the world, which is the use case of WAF, as you correctly stated. This is not a huge set of business cases at all. The rest could be dealt with a ZTNA solution, or with a transformation towards modern digitization. There will be still the use case for WAF and there are vendors, who primarily do WAF as a business case, but looking at there websites, they work with the big F500 companies, which is not the use case of a Sophos targeted scenario. 

    And looking at new companies, they will not start with a on prem solution at all. (No reason to do it). We are talking about the old companies. 

    Every product, you want to justify, need a business case. And i do not see it here - But again, i am not a product manager, instead talking to customers and partners in my region and this is my feedback. 

    __________________________________________________________________________________________________________________

  • And looking at new companies, they will not start with a on prem solution at all. (No reason to do it). We are talking about the old companies. 

    You are 100% wrong. We are doing onprem, return from cloud to on prem, moving to OVH or such a cloud (which is again onprem), doing hybrid. I do security while doing something else. Across continent. You guys needs to widen your views. And all for new business. Companies buy solutions what fits their business model not what you preach here regarding Okta and other stuff. 

    hich is not the use case of a Sophos targeted scenario. 

    Looks like to are trying to address just small portion of the market. And that's Ok. 

    Every product, you want to justify, need a business case. And i do not see it here

    You just lost recently a lot of revenue based on short comings of XGS, ZTNA and Sophos clients. I discussed it with your presales. Also, we are about to cancel order for Sophos ZTNA which is really falling short comparing to PAN, Fortinet ... You really need to go out and see what is happening (or at least your product managers). You are late to SASE game with no offering. 

    You just get expelled from one of largest banks in my region due lack of product competences and round up solution. Bank is looking for single vendor approach and we are seeing this across customer base. 

    From my experience, most of those apps are presented to a set of users. Lets do 8 of 10 apps are for internal usage or usage of business partners. 

    You need to widen your experience. Don't get me wrong. I have good relationship with sales people from Sophos. What is annoying here is way you are justifying things.  We will try to deal with Sophos next year but I don't see much of traction from Sophos and we are loosing customers on Sophos inability to deliver. You will be one platinum partner short. 

    And bla, bla. Had some spare time today Grinning. Talked to some of the partners ih DACH area regarding your comments. Don't treat those guys as dumb people. Just my 2c. Regroup and deliver something what has required feature set what is working on delivery date so partners can compete. 

  • I will not comment on this anymore, as we are once again disagree on this matter for several reasons. If you want to discuss this matter, you can contact your Sophos Sales or Sophos Product Management. 

    __________________________________________________________________________________________________________________