Which fundamental features need to be re-engineered on Sophos XG

DPI feature is a step forward. Nothing to say about. Well done to the Sophos unit that worked hard on that. Appreciated it! From my point of view Sophos is putting features and features on top to stay updated with the market but we need that some pillars work. I would say:

  • Logging. Logging module is very bad. Compared to other competitors and to Sophos UTM, in most cases, tcpdump and drop-packet-capture are still needed.
  • Reporting: still reporting is bad. Check the reports you can generate on UTM9 compared to XG and you see the difference
  • Screen resolution: trial the product with an IT manager in his room where a big screen is installed and you lose already points to convince him
  • Proper command line: when admins go in the console or they need to access the advanced shell, commands are spread around without sense. Some are under systems, some under set, some under show. Please consider to have proper menu. Copy command-line style from other vendors. Now cli does not make sense
  • Delete objects: to delete an object, still need to understand where the object is used. Imagine with hundreds of rules...
  • DHCP and DNS mapping

The list can be lenghty with other small improvements but in my case, this is the desired list and the features that people, partners are waiting for. For other improvements like Kerberos, NAT (to be reviewed), DKIM, BATV and other small improvements, well done. I am very critical, you know but when I have to say "well done"  I am the first.

Hope for a better collaboration from Sophos staff and specially PM, keep going.

@Community users: add your own comments.

Thanks

Parents Reply Children
  • Where I'm at, there's lots of small businesses and I like putting my firewall/SOHO router of choice in, so when I drop it in, that's really the only device they need. I want to be able to walk away, go to my next customer, and drop another network in there. No messing with servers.

    Most small businesses starting up, at least in the San Francisco Bay Area, CA, have ZERO on-prem equipment except a switch. This is the NEW NORM for modern businesses, especially where I live and work. It should be 100% capable of being a standard SOHO router, before being an NSA secure cyber device in my opinion. Sophos needs to establish a target market and if it's not going to be small businesses in the cloud-age, it needs to focus on enterprise. Because no one is installing servers here, not even windows DC, it's been this way for 5 years already.

    Yes if I worked for a business, single business only, I'd be able to implement a separate DNS server and this wouldn't be an issue, but that's not how things are done for small business in the Bay Area, every small business uses an outsourced IT provider like myself. And Sophos isn't thinking about this at all. They did well with the whole MSP monthly subscription model, and I do use that for AV. But XG just isn't a SOHO, it's trying to be something totally different, and missing the mark that I need.

  • Is it just reverse DNS lookups as part of your pen test/vulnerability scanning that was the deciding factor though?

    Discounting all that's discussed about what the XG is or isn't trying to be, i want to understand the reason for going with an untangle and whether it was just that feature.

    Emile

  • Yes that was the final straw. That missing feature alone. Let's say I'm building a business where I scan all of my customers networks 4 times a year. You can see how reconciling 40x device IP to hostnames for a simple report manually, 4 times a year, for 15 customer locations, is a huge waste of time.

    Same with the reporting/logs, where are the hostnames? Sophos has said this is possible for 3 years, and shot down the feature request, but everyone in the comments says otherwise.  https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/16036801-resolve-private-ip-addresses-in-reports-to-hostnam

  • See this thread for ongoing frustrations and over 100 upvotes for that feature as well. I am not the only one. https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/13893411-sync-dns-with-dhcp-leases?tracking_code=080bde06f73387ab00816c9910d5d57c I was waiting for v18 and had 3 deals in the pipeline where customers needed firewals but after v18 came out with no mention of it in any release notes, for the next 3 versions, I dropped XG. Not sure how they can overlook this issue. To be fair, someone from Sophos did reach out to me in a PM and they are adding it to the roadmap now.

  • Thanks Apalm123 for your input. The feature requests expressed here should not require a lot of time in the development phase (if the design is rock solid). Testing require times but all of these features must be included into 18.5.

    If you think that interface port rename is just a new column inside the psql table and the port name is still not used in firewall rules or other XG sections. Linking table through primary keys is not so difficult.

    In the dns case, I am not sure that a dhcp table exists while the dhcp leases are in /tmp folder. I will investigate!

    Regards

    Regards