Which fundamental features need to be re-engineered on Sophos XG

DPI feature is a step forward. Nothing to say about. Well done to the Sophos unit that worked hard on that. Appreciated it! From my point of view Sophos is putting features and features on top to stay updated with the market but we need that some pillars work. I would say:

  • Logging. Logging module is very bad. Compared to other competitors and to Sophos UTM, in most cases, tcpdump and drop-packet-capture are still needed.
  • Reporting: still reporting is bad. Check the reports you can generate on UTM9 compared to XG and you see the difference
  • Screen resolution: trial the product with an IT manager in his room where a big screen is installed and you lose already points to convince him
  • Proper command line: when admins go in the console or they need to access the advanced shell, commands are spread around without sense. Some are under systems, some under set, some under show. Please consider to have proper menu. Copy command-line style from other vendors. Now cli does not make sense
  • Delete objects: to delete an object, still need to understand where the object is used. Imagine with hundreds of rules...
  • DHCP and DNS mapping

The list can be lenghty with other small improvements but in my case, this is the desired list and the features that people, partners are waiting for. For other improvements like Kerberos, NAT (to be reviewed), DKIM, BATV and other small improvements, well done. I am very critical, you know but when I have to say "well done"  I am the first.

Hope for a better collaboration from Sophos staff and specially PM, keep going.

@Community users: add your own comments.

Thanks

Parents
  • This thread comes up in every beta version and frankly other than a few of us, I don't think anyone is paying attention to what is being said (once again). A copy of this thread is probably available in v16 and v17 betas with the same wants and needs.

    Logging was implemented halfheartedly in v17 after many broken promises. At this point to be honest, if you like XG as it is, then use it. For a home user, its pretty nice compared to pfsense or other free offerings mainly due to free categorization and free av included in the product. Otherwise other open source products are much lighter on resource usage. Why we don't have verbose logging has always been a mystery to me and the only thing I have been able to come up with is that when cyberoam developers were hacking together some of the daemons, they didn't make any provisions for logging and we still can't get any daemon to spit out verbose logging. For whatever reason, sophos has continued developing those daemons even though they had other options available to them. 

    Reporting is bad compared to the other vendors that sophos is competing against. Its not terrible but it looks much nicer at first glance. The problem becomes apparent when you have to generate specific reports and you find out that you can't and even the stuff you get is random ip addresses all over the place.

    I like gui myself so won't complain about commandline but the point remains. If you are offering it, then have it organized properly with similar syntax all across the product. 

    Renaming ports has been a major request since v15. We can now rename ports in the gui but its not implemented anywhere else in the system. Similar to other objects that  is pointing out. Every daemon is doing its own thing and there is nothing in the back end that would tie it all together and give the admin a cohesive structure all across the board so that things can be defined or named anything one time and then can be used over and over anywhere as needed.

    Finally, I will say that I do like their efforts on TLS decryption without proxy. The gui is kind of clunky at the moment but they are developing new under the hood stuff that we sometimes don't give them credit for.

    If you are reselling these, the hardware pricing is agressive compared to other vendors in the magic quadrant. However some of the chinese manufacturers are offering appliances with similar functionality to palo**** very cheap.

  • Logging is just bad, no way around it and it wastes more time than necessary.  I think we were all hoping this release would help fix that with all the talk of "core rebuild from scratch".  HA!

    Just yesterday I got to enjoy a two hour hunt for logs that didn't exist.  Never use the Email protection but thought I'd try to solve a problem by using the firewall as a relay for an O365 customer.  Nothing in the log viewer that gave me the full smtp connection log, OK, will drop down to cli.  No awarrenmta.log at all.  Oh, looks like it's actually smtpd_main.log or reject, or error, or???  None of those had the information I was looking for.  So where the heck was the small bit of info we see in the gui email log actually coming from?  Couldn't figure it out and moved on.  Waste of time for such a trivial task.

    I'm not one to wank.  I actually really like the product and it's potential.  Like most though, I think Sophos has to nail v18 to fix customer relations.  Unfortunately, the early returns on v18 EAP so far have been constant threads like this from the same 7-8 users who aren't shy to voice their opinions.

    Maybe next time Sophos could get Luk et al in on the dev payroll!

    OK.  I will stop ranting.

    Features I would like to see improved (not necessarily re-engineered):

    * Fully object based like UTM. This was one of my expectations that just isn't there in this early stage.  I hope it's something that is simple to add in a future MR.

    * Unified Connect VPN client (both SSL and IPSec).  Also was hoping for better management of the policies in this release, but looks like that will be a future MR or even moved to Central.

    * XG to XG RED interface priority/failover.  I'd like for the extra functionality we get when defining the type as a RED15 or RED50 to be available in an XG to XG deployment (so Firewall RED Client type).  Essentially, allow us to define in the RED config the primary and secondary IP's the client will connect on and how those will be used (failover or load balancing).

  • axsom1 said:

    Maybe next time Sophos could get Luk et al in on the dev payroll!

    Well, in my list was to try to be engaged by Sophos for my Computer Engineering Thesis work (Secure SDLC and OWASP) but I am sure getting a week in Sophos could be difficult for them. I sent just 2 letters to 2 big companies and one accepted the request. This company does not produce Firewall or Anti-malware products but until few years ago it was in the Gartner and Forrester.

    I am always available to provide feedbacks. Sharing and comparison are the power to augment your knowledge. This is my spirit!

    Sorry for these personal words! Thanks

Reply
  • axsom1 said:

    Maybe next time Sophos could get Luk et al in on the dev payroll!

    Well, in my list was to try to be engaged by Sophos for my Computer Engineering Thesis work (Secure SDLC and OWASP) but I am sure getting a week in Sophos could be difficult for them. I sent just 2 letters to 2 big companies and one accepted the request. This company does not produce Firewall or Anti-malware products but until few years ago it was in the Gartner and Forrester.

    I am always available to provide feedbacks. Sharing and comparison are the power to augment your knowledge. This is my spirit!

    Sorry for these personal words! Thanks

Children
No Data