Which fundamental features need to be re-engineered on Sophos XG

DPI feature is a step forward. Nothing to say about. Well done to the Sophos unit that worked hard on that. Appreciated it! From my point of view Sophos is putting features and features on top to stay updated with the market but we need that some pillars work. I would say:

  • Logging. Logging module is very bad. Compared to other competitors and to Sophos UTM, in most cases, tcpdump and drop-packet-capture are still needed.
  • Reporting: still reporting is bad. Check the reports you can generate on UTM9 compared to XG and you see the difference
  • Screen resolution: trial the product with an IT manager in his room where a big screen is installed and you lose already points to convince him
  • Proper command line: when admins go in the console or they need to access the advanced shell, commands are spread around without sense. Some are under systems, some under set, some under show. Please consider to have proper menu. Copy command-line style from other vendors. Now cli does not make sense
  • Delete objects: to delete an object, still need to understand where the object is used. Imagine with hundreds of rules...
  • DHCP and DNS mapping

The list can be lenghty with other small improvements but in my case, this is the desired list and the features that people, partners are waiting for. For other improvements like Kerberos, NAT (to be reviewed), DKIM, BATV and other small improvements, well done. I am very critical, you know but when I have to say "well done"  I am the first.

Hope for a better collaboration from Sophos staff and specially PM, keep going.

@Community users: add your own comments.

Thanks

  • Global objects that can be used everywhere as well as comment fields would not be bad either.

    Furthermore, I painfully miss various diagnostic options on the shell such as "espdump".

  • Hello Sophos,

    I agree too, but I would like to know when we can expect the above fundamentals features to be corrected? 

    Regards

    alda

  • I first want to say that I have several XG firewalls in production in my workplace, and a home version at home, and I generally like the product.  It has its quirks and shortcomings (like anything) but in general I find it easy to administer and it just works without a lot of babysitting.  

    Having said that, I'm fairly disappointed in v18 so far.  We have been waiting a long time for a release that allegedly was going to right a lot of the wrongs listed above, and yet here we are complaining about the same old things.  Log viewer that is nearly useless.  Reporting that is, well, nothing to write home about (or show the CEO).  No DHCPv6-PD (try explaining to the CEO why his cheap Chinese router from Wal-mart has been able to do this for years but Sophos XG cannot).  I'm not very sold on the way to manage firewall rules, it was simple before with a single pane of glass and now its not. Yes I know, its EAP 1 and there's time to improve.  I was just hoping for a release that got the basics right, but instead it is a release where there is just more new stuff grafted on.  Don't get me wrong, its nice to see things like Kerberos and DKIM, those are appreciated, but what good is any of it when you can't troubleshoot anything because the log viewer doesn't show traffic.  

  • By far logging should be the top priority to fix THIS release.  All the project nemo and picasso talk and API this and that...yet this is what we get?  Maybe with the new and improved core the development speed will increase to add something so basic as a functional log.  I shouldn't have to drop to the shell to run these commands to figure out what the heck is going on.

    I didn't join the Central EAP for reporting; how does that look?  Has anyone reviewed/looked?  Maybe that will fix some of the reporting concerns?

    I'm trying to reserve opinion/judgement until GA..but it's hard with all the "we know, will be fixed addressed with nemo" talk over the years and yet its still not fixed/addressed as of yet.

  • I believe the log viewer is getting an update in one of the following EAP releases for v18. Reporting sure can use a facelift, the screen resolution is more of a "that would be nice", I try to stay away from command line if I can. I've had to use it but on rare occasions. If we got DHCP Options in GUI then i'd use it even less..

     

    Deleting objects could indeed be improved. Maybe it would disable rules with them in it and put a dummy option selected where the object used to be. DHCP and DNS mapping would be pretty great. I'm still pumped for Groups on Sophos Connect which I believe may also be coming up in EAP 2 or 3.

  • Andrew,

    Logging section will be small improves in terms of editing rules from log viewer for example. What we are waiting for is a complete logging module. You are lucky to troubleshoot XG without going into the cli. 80% of time, you need advanced shell because logs are there spread somewhere.

    If they combine the log they have more accurately, with a proper console, logs easily and quickly available from log viewer with a proper flow monitor, we are more than happy about XG. I am sure with proper logging and few other features mentioned here, utm users will move to XG.

    Thanks for your input.

  • 100% logging and reporting need to be improved. Need hostnames everywhere possible. The reports also are just horrid, such as, no option to "Only send reports with data" would cut down on time wasted looking at empty reports for customers if there was no issue.

  •  
     
     
    we have been waiting for these features for years ... and we are happy with all the improvements mentioned above, but if they are not implemented we will stay on UTM or move on to something else.
    
    
    
    Greetings.
    Fabio Santaniello
  • This thread comes up in every beta version and frankly other than a few of us, I don't think anyone is paying attention to what is being said (once again). A copy of this thread is probably available in v16 and v17 betas with the same wants and needs.

    Logging was implemented halfheartedly in v17 after many broken promises. At this point to be honest, if you like XG as it is, then use it. For a home user, its pretty nice compared to pfsense or other free offerings mainly due to free categorization and free av included in the product. Otherwise other open source products are much lighter on resource usage. Why we don't have verbose logging has always been a mystery to me and the only thing I have been able to come up with is that when cyberoam developers were hacking together some of the daemons, they didn't make any provisions for logging and we still can't get any daemon to spit out verbose logging. For whatever reason, sophos has continued developing those daemons even though they had other options available to them. 

    Reporting is bad compared to the other vendors that sophos is competing against. Its not terrible but it looks much nicer at first glance. The problem becomes apparent when you have to generate specific reports and you find out that you can't and even the stuff you get is random ip addresses all over the place.

    I like gui myself so won't complain about commandline but the point remains. If you are offering it, then have it organized properly with similar syntax all across the product. 

    Renaming ports has been a major request since v15. We can now rename ports in the gui but its not implemented anywhere else in the system. Similar to other objects that  is pointing out. Every daemon is doing its own thing and there is nothing in the back end that would tie it all together and give the admin a cohesive structure all across the board so that things can be defined or named anything one time and then can be used over and over anywhere as needed.

    Finally, I will say that I do like their efforts on TLS decryption without proxy. The gui is kind of clunky at the moment but they are developing new under the hood stuff that we sometimes don't give them credit for.

    If you are reselling these, the hardware pricing is agressive compared to other vendors in the magic quadrant. However some of the chinese manufacturers are offering appliances with similar functionality to palo**** very cheap.