v18 was supposed to introduce a new core. Anyone noticed anything different regarding this ?

v18 was supposed to introduce a new OS core.  Anyone noticed anything different regarding this ?

A new core should be as evident as an elephant having a shower in your bathroom, no ?

Paul Jr 

Parents
  • XG v18 changes many parts of what is core to the firewall. The data-plane change in itself is a large under taking - from a kernel upgrade to the new DAQ structure. The UI hasn't changed much, however, the core packet processing does.

    Xstream SSL Inspection, Deep packet inspection (DPI) Engine, FastPath offloading, improved enterprise NAT engine, Threat intelligence analysis, Proxy-less malware scanning and web filtering - are a few example of the foundational improvements with the new Xstream architecture.

    To find out more -

    we would love it if you could join us for a special community webcast happening on Thursday, November 14.

    We will be looking into some of the top industry problems that XG Firewall v18 is solving, as well as reviewing some of the key innovations in this release and the new features that you requested. Our product team experts will also be there to answer your questions live.

    Here: community.sophos.com/.../webcast-firewall-v18-overview-and-live-q-a-with-the-xg-product-team---november-14-11am-est

  • hello

    I listened to this WEBCast twice.  I took it as a resumé, because it was.  We haven't learn much we did not know already.

    One hour for the whole thing including questions was terribly short, and obviously you guys had plenty just at trying reading questions.  Most of these already found everywhere on this forum.  Maybe it would have been better to have a separate one hour for question alone, but previously submitted in a "special blog ?".

    Or, for god's sake, just answer questions on this forum more often and more in-deep.

    More in-deep meaning with graphics, slides, and advanced technical details.  

    Paul Jr

  • Was busy so didn't get to listen to the webcast but I thought it was going to be more of an intro to v18 than anything else. From your comments, that seems to be the case.

    Also, just putting it out there but a linux kernel upgrade should not be considered a core upgrade. You would think a kernel upgrade and patches happen regularly due to different vulnerabilities all the time. To me a core rewrite in a linux firewall is more about updating and finessing the underlying architecture by the specific firewall vendor that puts all the daemons work together more elegantly. By updating the core/foundation, the end users should see noticeable improvement in UI and general performance of the firewall. The added functionality should just be the icing on the cake once the core functionality has been optimized to the max.

    As far as "more in-deep", snort was doing a lot of heavy lifting before like classifying your applications and your qos and firewall policies were based on that. It was also protecting your servers and LAN users from typical attacks in the wild. Now it is doing even more and is in essence holding the whole firewall together which in my opinion is not a great idea on a single point of failure device. 

    Regards

    Bill

  • Don't get me wrong, this webcast is a serious walk thru for those who did not followed v18 matters.

    What irritates me a little is that speeches impli more than often that some options are in construction - Which is expected - while others will be delivered later.  But at the same time, we all know that many so called "delivered features" could not be called as such. v18, v17, v16 called it as you want.

    Excuse me, but DNS, DHCP, NTP do not match $50 "Office Depot" appliances' sophistication level.  Linksys, Dlink, or all.  Sophos is racing to introduce new features but lets aside the polishing part of the job.

    Linux kernel is not a new core as I too understand it.  Maybe Sophos could jump in and give us their definition.  To me the core is what connects all firewall' modules together, and it is on top of Linux ...  Or maybe they have re-written drivers ?  I wish we had a far better explanation of what Sophos understands when they write "layers" or "planes".

    In the CLI, we see few if any new commands, or different commands.  For the little I know, the bulk these commands are at the core level.

    Do Sophos considers Strongswam, Exim, and all at the core level ?

    Obviously TLS/SSL inspection is new from a to z, but do you call this a new core ???

    Paul Jr

  • It really does depend on what you call "core".

    I feel that moving to a single system that collectively performs 70% of the XGs features that can be streamlined in such a way that it can be dumped onto an ASIC to dramatically improve performance a "core rewrite". That and decoupled NAT-ing.

    However, because a lot of this happens in the backend and the front end observedly changed very little I get that people feel nothing has changed.

    But I am also still irked that things that have been on feature request or have been a constant pain point for users still in the "backlog" for nearly 3 years is very souring.

    I get the points made by users that they feel this isn't v18 but I do not agree with them that this is not a dramatic shift.

    Emile

Reply
  • It really does depend on what you call "core".

    I feel that moving to a single system that collectively performs 70% of the XGs features that can be streamlined in such a way that it can be dumped onto an ASIC to dramatically improve performance a "core rewrite". That and decoupled NAT-ing.

    However, because a lot of this happens in the backend and the front end observedly changed very little I get that people feel nothing has changed.

    But I am also still irked that things that have been on feature request or have been a constant pain point for users still in the "backlog" for nearly 3 years is very souring.

    I get the points made by users that they feel this isn't v18 but I do not agree with them that this is not a dramatic shift.

    Emile

Children
  • I agree with both. Sophos could better explain the core changes or improvements.

    If the code has been really improved, we will see in the next future the features they will add and how much effort will be required for them. If the fire is well designed, adding features on top is very easy. Do not forget that testing phase requires a lot of time before the product goes into beta release.

    Still basic features are still missing and Sophos is loosing time on reinventing the wheel on certain features. After 4 years we need logging, really logging through UI