Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v20.0 GA: Feedback and experiences

Release Post:  Sophos Firewall v20 is Now Available  

The EAP Post:  Sophos Firewall: v20.0 EAP1: Feedback and experiences  

The old V19.5 MR3 Post:  Sophos Firewall: v19.5 MR3: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 



This thread was automatically locked due to age.
Parents Reply
  • Couldn't agree more. Sophos conveniently took down the ideas site where actual end users were voting on features. LE was at the top of the list, but they still won't make it happen. I don't understand. We need a new version of the ideas site that Sophos actually listens to.

Children
  • The Ideas Website is a good idea in general, but a hard thing to keep up with. Because basically you would have to make ideas gate keeped and not based on a "you have an account, you have voting right". Because ideas gives a home user the power to have the same voice as a enterprise customer and vise versa, which is on the paper a good thing but in the end will lead up to a lot of trouble like "Why is not the top idea implemented" - simply because it has the most votes does not mean "the channel/customer require it at all". And what i mean by that is: SFOS is quite popular in the channel as a solution to go with smaller customers and LE is an implementation for a certain specific customer persona. 

    Lets tackle the LE need cases: 

    What i found after digging into this field a lot more. Customer who ask for LE have the following requirements:
    They are likely under 100 users (not all but most)
    They have an Exchange on premise
    (Therefore they purchase WAF for SFOS)
    They have another service they host
    They migrated from UTM and used FG. 

    So another persona is the home user, who wants that - But lets keep this out of this conversation for now. 
    If you disagree with the list above, feel free to add. That is my data collection and hundreds of talks to Partners around the globe. 

    You will find the most exchange servers in Germany (Based on shodan). I am from Germany as well - So i am talking to most of those partners. Why do i think, under 100 user? Most "bigger" customers still purchase a certificate anyway (from my experiences). Smaller customers do not want to do that (understandable). 

    LE solves the need for an external certificate. Likely you have 3 use cases for it: WAF + Exchange, WAF + Service to publish, User Portal/VPN Portal. Those are the main 3 components. 

    Now going back to the ideas website: Looking at those use cases, you will find some customers matching those requirements and that is the reason LE is on the Roadmap for a future version. But it is not Prio 1 item. 

    Another viewpoint is the movement of Exchange towards cloud services. I know, there are restrictions and countries not allowed but still the entire world is looking into services like M365 or Google Work Spaces etc. 

    My point and what i am telling Partners in this conversation is: Build a Factory Pipeline to automate it for your customers. It is actually easy to use, completely free and you will have LE like you used to (+ the benefit of having a wildcard instead, which is nice).

    LE will find it way to SFOS in the future. 

    __________________________________________________________________________________________________________________