Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 170 replies
  • Subscribers 33 subscribers
  • Views 34664 views
  • Users 0 members are here
Options
Suggested

Restricted Advance Shell - examples of challenges

PMParth

Hi Community contributors,

Starting Sophos Firewall v19, with the addition of many comprehensive logging enhancements in the GUI, and in-line with industry best-practices, access to the Advance Shell is restricted to licensed commercial versions of the product.

Partners and certified architect engineers have an option with Not-for-Resale license to set up labs or customer PoC with unrestricted advanced shell. Also, Sophos Support is able access the Advanced Shell via support access channel. Hence, in case of critical issues, support can still can access it.

Sophos Firewall has been incrementally improved since v18 with comprehensive logging enhancements in the GUI (Better search, filtering, configurations, SD-WAN logs, VPN logs, gateway logs etc). However, we acknowledge that Advance Shell restriction might have created challenges in certain database related configurations, especially for home users.

Please help us understand the specific examples of challenges you face due to this restriction - configurations where GUI and console tools are reaching the limits. We will suggest the possible workaround for the specific scenario. We will also plan and gradually improve the product for those scenario.

Sincerely,

Sophos Firewall Product Team

Parents
  • 0

    Hi Community contributors,

    We are going through each example that you have highlighted due to this change (WAF logs, WAF file size limit, SMTP log, IPSec VPN debug, top/ iftop commands, etc).

    Thank you for your feedback. Please continue sharing if you have more such points.

    There is no no commercial or sales reasoning behind this change. Your feedback has been very helpful and we will consider improving those points in the future.

    Sincerely,

    Sophos Firewall Product Team

  • 0 in reply to PMParth

    whilst I understand what you are trying to do here, I think your time (and our sanity) would be better spent by taking on board the frustration and anger of the posts here regarding the overall state and speed of XG development and focus on engaging with your customers properly

    It's all very well asking us what we need when you take away console access (a decision you still haven't explained) but quite frankly, Sophos have a lousy record of implementing what customers want/need, so why should this be any different?

    Let's have a quick look at the requested features - https://ideas.sophos.com/forums/330219-xg-firewall/filters/top. Sophos's dumping ground for customer needs.

    Most requested feature - 1227 votes Let's Encrypt Integration
    First requested in 2016, still not implemented

    Second most requested feature -1002 votes Scheduled Installation of the AV Updates and Firmware Installation
    First requested in 2016, still not implemented
    If you have a 100 series XG, an update can cause the router to drop all connections for up to two minutes, everything blocked. Second line support agree this is completely unacceptable and their manager escalated this to product development asking them to make it a priority. This was about 18 months ago. I can't believe that implementing this as a scheduled task is difficult, it causes major issues but we are still waiting for it to be implemented.

    677 votes Can we have live Bandwidth speeds for Interfaces?
    First requested in 2015, Comment by Sophos This feature is under consideration for a future release in 2018
    Still not implemented

    660 votes Enable/Disable Interface
    First requested in 2015, Comment by Sophos This is a high priority feature, and will likely be targeted as soon as possible after v17 ships
    Still not implemented

    Need I go on? IS ANYBODY AT SOPHOS LISTENING TO THEIR CUSTOMERS?!

    I also have to wonder about the XGS hardware development and how much that is sapping development time for things we really need. The nerd in me says "this is cool" a dedicated Xstream Flow Processor for intelligent application acceleration. The businessman in me says "what is this going to give me that I can't get now?". As I understand it, this is about improving performance. But I can get better performance by buying a bigger firewall. Yes, that is at a cost, but at least I have an option. What I don't have an option about is the features that I need and don't have now. I would rather you spent your development time on features I need, not rewriting code for your "hot" new processor to do what the XG already does, just faster.

    Lastly, I would just like to say that I think some people's frustration has been unfairly directed at . He's here to deal with technical issues, he is not, as far as I know, responsible for product development. I am personally very grateful for the assistance he provides here which I have often found very useful.

  • 0 in reply to JasP

    That's actually the problem of XG(S).
    Sadly sophos seems to ignore customer- and partner-requests, focusing on marketing and new features instead of improving essentials basics. ...but that will probably not change before UTM is EOL and more customers leaving...

    It's great to have an visionary product - but an essential featureset and usability should not be discussed.

    What about taking ideas.sophos.com offline as it's actually useless?

Reply
  • 0 in reply to JasP

    That's actually the problem of XG(S).
    Sadly sophos seems to ignore customer- and partner-requests, focusing on marketing and new features instead of improving essentials basics. ...but that will probably not change before UTM is EOL and more customers leaving...

    It's great to have an visionary product - but an essential featureset and usability should not be discussed.

    What about taking ideas.sophos.com offline as it's actually useless?

Children
No Data
Unfiltered HTML