Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 23 replies
  • Subscribers 53 subscribers
  • Views 68266 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG firewall, can't say I'm impressed

Sci-Tek

Attempted today to swith out the old UTM with XG firewall (home use). Been using this product since Astaro 4.7 (I think), and loved it since day one.

And I can't really say I'm impressed with XG firewall. The GUI is messy while im sure the touch fanboys will love it, personally I hate it. 

There don't seem to be a option to see live log. It could be that I didn't look good enough tho. 
Country blocking, couldn't get it to work. Don't know if it was even supposed to work. 
Specifying FW rules was horrible. I think I actually prefer Windows firewall rule adding to this. 

Reporting was powerfull and I can see thats a improved area.

Unfortunatley the XG firewall named Batman was decapitaed and nuked from orbit. Atleast I tried and wanted to like it.



This thread was automatically locked due to age.
  • 0
    XG appears to be essentially a redesigned interface of the Cyberoam UTM. I was using Cyberoam till this was released and the style of management is almost identical (minus gui). Even the guides for this still refer to Cyberoam and alerts are identical. To me it's almost worth looking at Cyberoam guides and forums, then just apply to the XG. So far the only major difference is the heartbeat feature as the ability to manage Sophos AP's was added to Cyberoam UTM's in their latest firmware.
  • 0
    I agree here, I'm not impressed either... What did they do with all the features from UTM9?
    It looks like a complete different product. No clone option anymore, No SMTP profiles, no live log etc. etc... Do we really need to fill out feature requests for all these features again?
    I'm a huge fan of UTM 9! And I really hoped Sophos would build an even better successor, but as far as I can see now it's just an incomplete (I wanted to use "crippled", but that might not be the correct word, because when a basic firewall was the end goal, they did a nice job...) little brother of UTM 9... I'll stay with UTM 9 if this is it.
    I hope they don't stop the development on UTM 9, but I hold my breath...
  • 0 in reply to ehofstede

    Unknown said:

    I hope they don't stop the development on UTM 9, but I hold my breath...

    In the past week, I've had 3 UTM feature requests closed to "This feature is completed as part of XG Firewall that has been released on November 9th 2015."  It is becoming very clear that while UTM may continue to be "supported" in the near term, new features are probably going to be limited to conversion utilities to "upgrade" to XG.

    The marketplace will be voting with their $$$ as to XG's acceptance.  From what I've seen so far, it's not going to be pretty.

    I think somebody forgot that "you only have one chance to make a first impression".  Compared to UTM, XG is woefully feature incomplete.  Potential customers having a first look may pass and not return for some time.

  • 0 in reply to DavidWilliams1
    I and a co-worker manage the UTM9 for our school district and when I showed him the new "XG" product yesterday he asked me " What did they do to it? ". Reminds me of the South Park episode where the boys are upset about the last Indiana Jones movie ( Season 12, Episode 8 ).

    I am trying to like this thing, but it just isn't happening. NOTHING is the same as the UTM. It looks like the whole reason for acquiring the UTM from Astaro was to kill the competition.

    I will stay with the UTM software at school until it just becomes too full of security holes to justify it's use. What does it say when they release a "replacement" product but have no plans for current customers to import their old configurations into the new device until the summer of 2016? That's almost 7 months after the product launched.

    I have 13 years of blood/sweat and tears invested in my current configuration of this UTM software. I'll retire before I manually enter all that configuration again. Heck, I couldn't even if I wanted to because I can't make any sense of the interface of this thing.

    Please, as a gesture of Holiday Spirit and general Good Will, return the rights to the ASG to the guys in Karlsruhe so the UTM doesn't have to go out like this.
  • 0
    This is wasted effort., the utm was a so superior product, we admit that the heartbeat is a nice feature, but come on, this could have been build in to the utm, much more nicley, i look and acts like c*** this is mile from done, the hole concept is complete disaster for everyone who own a utm box, we have stopped recommending sophos, because we can't stand behind it when we don't have a clue how long time we have left.
  • 0 in reply to rMI
    My guess is that the tech people at sophos know what kind of cr** they relased, but managers and marketing think all they need to have is some nice slides and alot of facebook advertisment to get people on the XG ship. It will be in their own interest to drop work on XG and put focus back on UTM9. Their problem also might be that key developers from UTM went elsewhere and all they can do now is do some basic security updating?

    So what went wrong?
    - complete ignorance to release a pre-beta product as a first impression (XG)
    - lack of updates on UTM9 (allthough the quality of the updates improved over 2015 imho)
    - lack of feedback during beta (no developer feedback)
    -> this one actually makes sense now since XG is not a new product but a relabeled (cyberfoam) product
    - lack of feedback to emails (got asked to send email and was promised to hear from them)
    - clusterfu**up of astaro.org with poor replacement in form of this community site

    what they did right:
    - home user program on XG firewall still alive
    - .. uhm .. anyone?

    ---

    Sophos UTM 9.3 Certified Engineer

  • 0

    I've been kind of out of the loop concerning this whole Copernicus / XG firewall development of those past few months. Been using Astaro / UTM products since back when it was still called Astaro Security Linux back in the old version 3.2 days.

    I haven't yet had a chance to check this new product out, but what I've heard so far doesn't sound promising. One of our customers just did a hardware refresh of their UTM220 to a SG230 and renewed their Full Guard subscription for 3 years...really wondering what the state of Sophos UTM will even be in 3 years time...will there even still be support and updates for the UTM line or will they start pestering my clients about "upgrading" to the new shiny in 1,5 years?

    Like I said, haven't really looked into those new developments yet, but I'm skeptical this was the best way for Sophos to go...

    EDIT: Oh, and what the ever loving hell happened to astaro.org? This was THE go to site for anything concerning UTM support....I never even bothered contacting Sophos directly, astaro.org was just THAT good. Please Sophos, don't make me start looking for alternatives for your products, I've really been quite the loyal customer those past 14 years, don't fuck with the community. 

  • 0
    It took me a long time, but I think I finally got a pretty good handle on the new GUI. I re-created the rules I had running on UTM9, but as soon as I had one client downloading a file the internet was crippled for any other user. (This is home use). One computer downloading a file, ping to Google was 1,200ms, web browsing was painfully slow. I start disabling HTTP(S) scanning, then IPS, and performance improves. The dashboard is showing a performance alert and my system load is 2.0 with NO TRAFFIC running through the box at all. This is on the same hardware I was running UTM9 on with no issues. I can download a file, stream HD netflix, surf the web, and play a multiplayer video game with no issues on UTM9. I went back to UTM9. Hopefully they fix the performance issues. I'm not sure if the 4-core limit doesn't play well with my 8 core Intel Atom C2750? Is the Sophos XG Linux kernel 64-bit? I didn't think to check before I re-installed UTM9.
  • 0
    I wouldn't say I wasn't impressed, I did like the modern clean design of the interface. I also really like how much faster XG was to boot and be passing traffic compared to UTM. But...

    I've given it a good go, running since RTM. And there have been issues, but in general I've made it past them.

    However, I've been chasing some small nuisance problems lately that made me realize it just takes longer to troubleshoot a given problem in XG compared to UTM. In a lot of cases it comes down to one of two things...

    1. Inconsistent logging, usually requiring creating your own 'catch all' rule to generate the proper amount of logs.
    2. "Real-time" monitoring in XG requires too much scrolling, refreshing, filtering, scrolling and scrolling, to try and catch the information you need to see.

    Other things like object based policies and configuration is actually fine to me. That's the way most systems are going with the SDN/SDDC buzzwords passing around. (For example, Cisco ACI is all about things being in/as objects.)

    But one of my pet peeves so far in this app is how you reorder policies... seriously, I almost can never "drop" the policy exactly where I wanted it. Again, feeding back into it feeling like it just takes longer to complete a task/troubleshooting effort.

    So for now, my XG appliance is powered off waiting on the next release to re-evaluate. UTM is back to being my primary.
  • 0

    I have used UTM for many years at home and it has done everything that I asked of it. Moving from IPFire, it was a sure step in the right direction. I built a new server a few months ago and decided to give XG a try. I have it 90% functional, but cannot get over how much I dislike the GUI. Everything just seems more difficult using XG. Today I made the decision to switch back to UTM. Live log is part of the 10% I cannot seem to live without. I am with you - I tried, gave it my all - but just do not like it. The UTM interface and product is far more functional, IMO. Note to other home users looking to make the change - I recommend you wait until XG has more time to be an actual step up from UTM 9.x.

Unfiltered HTML