Which fundamental features need to be re-engineered on Sophos XG

DPI feature is a step forward. Nothing to say about. Well done to the Sophos unit that worked hard on that. Appreciated it! From my point of view Sophos is putting features and features on top to stay updated with the market but we need that some pillars work. I would say:

  • Logging. Logging module is very bad. Compared to other competitors and to Sophos UTM, in most cases, tcpdump and drop-packet-capture are still needed.
  • Reporting: still reporting is bad. Check the reports you can generate on UTM9 compared to XG and you see the difference
  • Screen resolution: trial the product with an IT manager in his room where a big screen is installed and you lose already points to convince him
  • Proper command line: when admins go in the console or they need to access the advanced shell, commands are spread around without sense. Some are under systems, some under set, some under show. Please consider to have proper menu. Copy command-line style from other vendors. Now cli does not make sense
  • Delete objects: to delete an object, still need to understand where the object is used. Imagine with hundreds of rules...
  • DHCP and DNS mapping

The list can be lenghty with other small improvements but in my case, this is the desired list and the features that people, partners are waiting for. For other improvements like Kerberos, NAT (to be reviewed), DKIM, BATV and other small improvements, well done. I am very critical, you know but when I have to say "well done"  I am the first.

Hope for a better collaboration from Sophos staff and specially PM, keep going.

@Community users: add your own comments.

Thanks

Parents
  • Believe it or not, not having DHCP/ automatic DNS mapping (reverse DNS etc) is one reason I recently stopped installing Sophos XG at new small business customers of mine. I skipped two new office installs which Sophos could have had recurring revenue on just because of this last month. Went with a competitor.

    Embarrassing to install something, but that doesn't offer this incredibly basic feature that even free routers from home ISP come with it.

    Imagine my predicament, I install firewalls, and I need to run vulnerability scans once in a while at lots of small businesses networks. The scanners could not reverse resolve hostnames via the XG so I went with competitor firewalls. I even tried v18 but even then it's not in there.

  • Hello apalm123,

    could you inspire us please, what firewall competitor did you use?

    Regards

    alda

Reply Children