Which fundamental features need to be re-engineered on Sophos XG

DPI feature is a step forward. Nothing to say about. Well done to the Sophos unit that worked hard on that. Appreciated it! From my point of view Sophos is putting features and features on top to stay updated with the market but we need that some pillars work. I would say:

  • Logging. Logging module is very bad. Compared to other competitors and to Sophos UTM, in most cases, tcpdump and drop-packet-capture are still needed.
  • Reporting: still reporting is bad. Check the reports you can generate on UTM9 compared to XG and you see the difference
  • Screen resolution: trial the product with an IT manager in his room where a big screen is installed and you lose already points to convince him
  • Proper command line: when admins go in the console or they need to access the advanced shell, commands are spread around without sense. Some are under systems, some under set, some under show. Please consider to have proper menu. Copy command-line style from other vendors. Now cli does not make sense
  • Delete objects: to delete an object, still need to understand where the object is used. Imagine with hundreds of rules...
  • DHCP and DNS mapping

The list can be lenghty with other small improvements but in my case, this is the desired list and the features that people, partners are waiting for. For other improvements like Kerberos, NAT (to be reviewed), DKIM, BATV and other small improvements, well done. I am very critical, you know but when I have to say "well done"  I am the first.

Hope for a better collaboration from Sophos staff and specially PM, keep going.

@Community users: add your own comments.

Thanks

Parents
  • Believe it or not, not having DHCP/ automatic DNS mapping (reverse DNS etc) is one reason I recently stopped installing Sophos XG at new small business customers of mine. I skipped two new office installs which Sophos could have had recurring revenue on just because of this last month. Went with a competitor.

    Embarrassing to install something, but that doesn't offer this incredibly basic feature that even free routers from home ISP come with it.

    Imagine my predicament, I install firewalls, and I need to run vulnerability scans once in a while at lots of small businesses networks. The scanners could not reverse resolve hostnames via the XG so I went with competitor firewalls. I even tried v18 but even then it's not in there.

  • Hello apalm123,

    could you inspire us please, what firewall competitor did you use?

    Regards

    alda

  • Honestly untangled it. It does absolutely all the basics that Sophos doesn't cover because Sophos is so focused on "BLEEDING EDGE YAH!" and oh yeah it does IPS, Web Filtering, and all the other basics that small businesses really just need. And i don't have to baby it with little commands all the time to fix basic things from breaking like DHCP. For me it's saved me a ton of time, but I'm still keeping my eyes on Sophos but I've pushed it way to the back burner now that I'm untangling until Sophos maybe gets their act together. Still love the Sophos Intercept-X etc.

  • Untangle has a very nice reporting that Sophos could copy from.

  • Was the only reason you went with untangle because the XG didn't do reverse dns entries for host name based off of DHCP?

    Did the Customer not have a DHCP capable domain controller?

    What other reasons did you have?

    Emile

  • Where I'm at, there's lots of small businesses and I like putting my firewall/SOHO router of choice in, so when I drop it in, that's really the only device they need. I want to be able to walk away, go to my next customer, and drop another network in there. No messing with servers.

    Most small businesses starting up, at least in the San Francisco Bay Area, CA, have ZERO on-prem equipment except a switch. This is the NEW NORM for modern businesses, especially where I live and work. It should be 100% capable of being a standard SOHO router, before being an NSA secure cyber device in my opinion. Sophos needs to establish a target market and if it's not going to be small businesses in the cloud-age, it needs to focus on enterprise. Because no one is installing servers here, not even windows DC, it's been this way for 5 years already.

    Yes if I worked for a business, single business only, I'd be able to implement a separate DNS server and this wouldn't be an issue, but that's not how things are done for small business in the Bay Area, every small business uses an outsourced IT provider like myself. And Sophos isn't thinking about this at all. They did well with the whole MSP monthly subscription model, and I do use that for AV. But XG just isn't a SOHO, it's trying to be something totally different, and missing the mark that I need.

  • Is it just reverse DNS lookups as part of your pen test/vulnerability scanning that was the deciding factor though?

    Discounting all that's discussed about what the XG is or isn't trying to be, i want to understand the reason for going with an untangle and whether it was just that feature.

    Emile

  • Yes that was the final straw. That missing feature alone. Let's say I'm building a business where I scan all of my customers networks 4 times a year. You can see how reconciling 40x device IP to hostnames for a simple report manually, 4 times a year, for 15 customer locations, is a huge waste of time.

    Same with the reporting/logs, where are the hostnames? Sophos has said this is possible for 3 years, and shot down the feature request, but everyone in the comments says otherwise.  https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/16036801-resolve-private-ip-addresses-in-reports-to-hostnam

  • See this thread for ongoing frustrations and over 100 upvotes for that feature as well. I am not the only one. https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/13893411-sync-dns-with-dhcp-leases?tracking_code=080bde06f73387ab00816c9910d5d57c I was waiting for v18 and had 3 deals in the pipeline where customers needed firewals but after v18 came out with no mention of it in any release notes, for the next 3 versions, I dropped XG. Not sure how they can overlook this issue. To be fair, someone from Sophos did reach out to me in a PM and they are adding it to the roadmap now.

  • Thanks Apalm123 for your input. The feature requests expressed here should not require a lot of time in the development phase (if the design is rock solid). Testing require times but all of these features must be included into 18.5.

    If you think that interface port rename is just a new column inside the psql table and the port name is still not used in firewall rules or other XG sections. Linking table through primary keys is not so difficult.

    In the dns case, I am not sure that a dhcp table exists while the dhcp leases are in /tmp folder. I will investigate!

    Regards

    Regards

Reply
  • Thanks Apalm123 for your input. The feature requests expressed here should not require a lot of time in the development phase (if the design is rock solid). Testing require times but all of these features must be included into 18.5.

    If you think that interface port rename is just a new column inside the psql table and the port name is still not used in firewall rules or other XG sections. Linking table through primary keys is not so difficult.

    In the dns case, I am not sure that a dhcp table exists while the dhcp leases are in /tmp folder. I will investigate!

    Regards

    Regards

Children
No Data