Which fundamental features need to be re-engineered on Sophos XG

DPI feature is a step forward. Nothing to say about. Well done to the Sophos unit that worked hard on that. Appreciated it! From my point of view Sophos is putting features and features on top to stay updated with the market but we need that some pillars work. I would say:

  • Logging. Logging module is very bad. Compared to other competitors and to Sophos UTM, in most cases, tcpdump and drop-packet-capture are still needed.
  • Reporting: still reporting is bad. Check the reports you can generate on UTM9 compared to XG and you see the difference
  • Screen resolution: trial the product with an IT manager in his room where a big screen is installed and you lose already points to convince him
  • Proper command line: when admins go in the console or they need to access the advanced shell, commands are spread around without sense. Some are under systems, some under set, some under show. Please consider to have proper menu. Copy command-line style from other vendors. Now cli does not make sense
  • Delete objects: to delete an object, still need to understand where the object is used. Imagine with hundreds of rules...
  • DHCP and DNS mapping

The list can be lenghty with other small improvements but in my case, this is the desired list and the features that people, partners are waiting for. For other improvements like Kerberos, NAT (to be reviewed), DKIM, BATV and other small improvements, well done. I am very critical, you know but when I have to say "well done"  I am the first.

Hope for a better collaboration from Sophos staff and specially PM, keep going.

@Community users: add your own comments.

Thanks

Parents
  • I first want to say that I have several XG firewalls in production in my workplace, and a home version at home, and I generally like the product.  It has its quirks and shortcomings (like anything) but in general I find it easy to administer and it just works without a lot of babysitting.  

    Having said that, I'm fairly disappointed in v18 so far.  We have been waiting a long time for a release that allegedly was going to right a lot of the wrongs listed above, and yet here we are complaining about the same old things.  Log viewer that is nearly useless.  Reporting that is, well, nothing to write home about (or show the CEO).  No DHCPv6-PD (try explaining to the CEO why his cheap Chinese router from Wal-mart has been able to do this for years but Sophos XG cannot).  I'm not very sold on the way to manage firewall rules, it was simple before with a single pane of glass and now its not. Yes I know, its EAP 1 and there's time to improve.  I was just hoping for a release that got the basics right, but instead it is a release where there is just more new stuff grafted on.  Don't get me wrong, its nice to see things like Kerberos and DKIM, those are appreciated, but what good is any of it when you can't troubleshoot anything because the log viewer doesn't show traffic.  

Reply
  • I first want to say that I have several XG firewalls in production in my workplace, and a home version at home, and I generally like the product.  It has its quirks and shortcomings (like anything) but in general I find it easy to administer and it just works without a lot of babysitting.  

    Having said that, I'm fairly disappointed in v18 so far.  We have been waiting a long time for a release that allegedly was going to right a lot of the wrongs listed above, and yet here we are complaining about the same old things.  Log viewer that is nearly useless.  Reporting that is, well, nothing to write home about (or show the CEO).  No DHCPv6-PD (try explaining to the CEO why his cheap Chinese router from Wal-mart has been able to do this for years but Sophos XG cannot).  I'm not very sold on the way to manage firewall rules, it was simple before with a single pane of glass and now its not. Yes I know, its EAP 1 and there's time to improve.  I was just hoping for a release that got the basics right, but instead it is a release where there is just more new stuff grafted on.  Don't get me wrong, its nice to see things like Kerberos and DKIM, those are appreciated, but what good is any of it when you can't troubleshoot anything because the log viewer doesn't show traffic.  

Children
  • By far logging should be the top priority to fix THIS release.  All the project nemo and picasso talk and API this and that...yet this is what we get?  Maybe with the new and improved core the development speed will increase to add something so basic as a functional log.  I shouldn't have to drop to the shell to run these commands to figure out what the heck is going on.

    I didn't join the Central EAP for reporting; how does that look?  Has anyone reviewed/looked?  Maybe that will fix some of the reporting concerns?

    I'm trying to reserve opinion/judgement until GA..but it's hard with all the "we know, will be fixed addressed with nemo" talk over the years and yet its still not fixed/addressed as of yet.