Which fundamental features need to be re-engineered on Sophos XG

Believe it or not, not having DHCP/ automatic DNS mapping (reverse DNS etc) is one reason I recently stopped installing Sophos XG at new small business customers of mine. I skipped two new office installs which Sophos could have had recurring revenue on just because of this last month. Went with a competitor.

Embarrassing to install something, but that doesn't offer this incredibly basic feature that even free routers from home ISP come with it.

Imagine my predicament, I install firewalls, and I need to run vulnerability scans once in a while at lots of small businesses networks. The scanners could not reverse resolve hostnames via the XG so I went with competitor firewalls. I even tried v18 but even then it's not in there.

Hello apalm123,

could you inspire us please, what firewall competitor did you use?

Regards

alda

Hello apalm123,

could you inspire us please, what firewall competitor did you use?

Regards

alda

Honestly untangled it. It does absolutely all the basics that Sophos doesn't cover because Sophos is so focused on "BLEEDING EDGE YAH!" and oh yeah it does IPS, Web Filtering, and all the other basics that small businesses really just need. And i don't have to baby it with little commands all the time to fix basic things from breaking like DHCP. For me it's saved me a ton of time, but I'm still keeping my eyes on Sophos but I've pushed it way to the back burner now that I'm untangling until Sophos maybe gets their act together. Still love the Sophos Intercept-X etc.

Untangle has a very nice reporting that Sophos could copy from.

Was the only reason you went with untangle because the XG didn't do reverse dns entries for host name based off of DHCP?

Did the Customer not have a DHCP capable domain controller?

What other reasons did you have?

Emile

Where I'm at, there's lots of small businesses and I like putting my firewall/SOHO router of choice in, so when I drop it in, that's really the only device they need. I want to be able to walk away, go to my next customer, and drop another network in there. No messing with servers.

Most small businesses starting up, at least in the San Francisco Bay Area, CA, have ZERO on-prem equipment except a switch. This is the NEW NORM for modern businesses, especially where I live and work. It should be 100% capable of being a standard SOHO router, before being an NSA secure cyber device in my opinion. Sophos needs to establish a target market and if it's not going to be small businesses in the cloud-age, it needs to focus on enterprise. Because no one is installing servers here, not even windows DC, it's been this way for 5 years already.

Yes if I worked for a business, single business only, I'd be able to implement a separate DNS server and this wouldn't be an issue, but that's not how things are done for small business in the Bay Area, every small business uses an outsourced IT provider like myself. And Sophos isn't thinking about this at all. They did well with the whole MSP monthly subscription model, and I do use that for AV. But XG just isn't a SOHO, it's trying to be something totally different, and missing the mark that I need.

Is it just reverse DNS lookups as part of your pen test/vulnerability scanning that was the deciding factor though?

Discounting all that's discussed about what the XG is or isn't trying to be, i want to understand the reason for going with an untangle and whether it was just that feature.

Emile

Yes that was the final straw. That missing feature alone. Let's say I'm building a business where I scan all of my customers networks 4 times a year. You can see how reconciling 40x device IP to hostnames for a simple report manually, 4 times a year, for 15 customer locations, is a huge waste of time.

Same with the reporting/logs, where are the hostnames? Sophos has said this is possible for 3 years, and shot down the feature request, but everyone in the comments says otherwise.  https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/16036801-resolve-private-ip-addresses-in-reports-to-hostnam

See this thread for ongoing frustrations and over 100 upvotes for that feature as well. I am not the only one. https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/13893411-sync-dns-with-dhcp-leases?tracking_code=080bde06f73387ab00816c9910d5d57c I was waiting for v18 and had 3 deals in the pipeline where customers needed firewals but after v18 came out with no mention of it in any release notes, for the next 3 versions, I dropped XG. Not sure how they can overlook this issue. To be fair, someone from Sophos did reach out to me in a PM and they are adding it to the roadmap now.

Thanks Apalm123 for your input. The feature requests expressed here should not require a lot of time in the development phase (if the design is rock solid). Testing require times but all of these features must be included into 18.5.

If you think that interface port rename is just a new column inside the psql table and the port name is still not used in firewall rules or other XG sections. Linking table through primary keys is not so difficult.

In the dns case, I am not sure that a dhcp table exists while the dhcp leases are in /tmp folder. I will investigate!

Regards

Regards