DPI feature is a step forward. Nothing to say about. Well done to the Sophos unit that worked hard on that. Appreciated it! From my point of view Sophos is putting features and features on top to stay updated with the market but we need that some pillars work. I would say: Logging . Logging module is very bad. Compared to other competitors and to Sophos UTM, in most cases, tcpdump and drop-packet-capture are still needed. Reporting : still reporting is bad. Check the reports you can generate on UTM9 compared to XG and you see the difference Screen resolution : trial the product with an IT manager in his room where a big screen is installed and you lose already points to convince him Proper command line : when admins go in the console or they need to access the advanced shell, commands are spread around without sense. Some are under systems, some under set, some under show. Please consider to have proper menu. Copy command-line style from other vendors. Now cli does not make sense Delete objects : to delete an object, still need to understand where the object is used. Imagine with hundreds of rules... DHCP and DNS mapping The list can be lenghty with other small improvements but in my case, this is the desired list and the features that people, partners are waiting for. For other improvements like Kerberos, NAT (to be reviewed), DKIM, BATV and other small improvements, well done. I am very critical, you know but when I have to say "well done" I am the first. Hope for a better collaboration from Sophos staff and specially PM, keep going. @Community users: add your own comments. Thanks

Which fundamental features need to be re-engineered on Sophos XG

DPI feature is a step forward. Nothing to say about. Well done to the Sophos unit that worked hard on that. Appreciated it! From my point of view Sophos is putting features and features on top to stay updated with the market but we need that some pillars work. I would say:

Logging. Logging module is very bad. Compared to other competitors and to Sophos UTM, in most cases, tcpdump and drop-packet-capture are still needed.
Reporting: still reporting is bad. Check the reports you can generate on UTM9 compared to XG and you see the difference
Screen resolution: trial the product with an IT manager in his room where a big screen is installed and you lose already points to convince him
Proper command line: when admins go in the console or they need to access the advanced shell, commands are spread around without sense. Some are under systems, some under set, some under show. Please consider to have proper menu. Copy command-line style from other vendors. Now cli does not make sense
Delete objects: to delete an object, still need to understand where the object is used. Imagine with hundreds of rules...
DHCP and DNS mapping

The list can be lenghty with other small improvements but in my case, this is the desired list and the features that people, partners are waiting for. For other improvements like Kerberos, NAT (to be reviewed), DKIM, BATV and other small improvements, well done. I am very critical, you know but when I have to say "well done" I am the first.

Hope for a better collaboration from Sophos staff and specially PM, keep going.

@Community users: add your own comments.

Thanks

Parents

0 Andrew Mackenzie over 5 years ago

I believe the log viewer is getting an update in one of the following EAP releases for v18. Reporting sure can use a facelift, the screen resolution is more of a "that would be nice", I try to stay away from command line if I can. I've had to use it but on rare occasions. If we got DHCP Options in GUI then i'd use it even less..

Deleting objects could indeed be improved. Maybe it would disable rules with them in it and put a dummy option selected where the object used to be. DHCP and DNS mapping would be pretty great. I'm still pumped for Groups on Sophos Connect which I believe may also be coming up in EAP 2 or 3.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 lferrara over 5 years ago in reply to Andrew Mackenzie

Andrew,

Logging section will be small improves in terms of editing rules from log viewer for example. What we are waiting for is a complete logging module. You are lucky to troubleshoot XG without going into the cli. 80% of time, you need advanced shell because logs are there spread somewhere.

If they combine the log they have more accurately, with a proper console, logs easily and quickly available from log viewer with a proper flow monitor, we are more than happy about XG. I am sure with proper logging and few other features mentioned here, utm users will move to XG.

Thanks for your input.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 lferrara over 5 years ago in reply to Andrew Mackenzie

Andrew,

Logging section will be small improves in terms of editing rules from log viewer for example. What we are waiting for is a complete logging module. You are lucky to troubleshoot XG without going into the cli. 80% of time, you need advanced shell because logs are there spread somewhere.

If they combine the log they have more accurately, with a proper console, logs easily and quickly available from log viewer with a proper flow monitor, we are more than happy about XG. I am sure with proper logging and few other features mentioned here, utm users will move to XG.

Thanks for your input.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 apalm123 over 5 years ago in reply to lferrara

100% logging and reporting need to be improved. Need hostnames everywhere possible. The reports also are just horrid, such as, no option to "Only send reports with data" would cut down on time wasted looking at empty reports for customers if there was no issue.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel