First impression and feedback

Hi All,

in my personal opinion i will change:

- NAT and WAF Rules on different pages. Firewall ACL is another security concept

- on Dashboard no Health status about Power redundancy

- on Dashboard no Health status about disk, or mirror disk. Only one way to discover problems is to go on DataCenter room and listen to the alarm...

- on Dashboard on Web Hits, we would see the number of HTTPS connections and HTTP

- We need a full log export, in case on Deep analysis on Forensic analysis. Reports are goods for Executive and for POC but you partner need to be able to answer who did what,when, wich protocol and wich port where used.

- IPS Engine/Policy. If you need to exclude a single signatures only for a restricted number of users/pc you need to create two rules and play with priority: ok, but if you are on middle market customer how many rule you need to do to secure the customer? This is the same for Application policy

- About metrics, decide to Use Kbit (kb)or KByte (KB), but with the right Sintax.....If you play whit BWM too many misunderstanding on the GUI and Documentation

- Help us with O365 creating an Hidden Feed RSS to automate the download and the population of O365 IP/FQDN service to exclude from Proxy. Too many errors and problems about it.

Thanks

Hi All,

in my personal opinion i will change:

- NAT and WAF Rules on different pages. Firewall ACL is another security concept

- on Dashboard no Health status about Power redundancy

- on Dashboard no Health status about disk, or mirror disk. Only one way to discover problems is to go on DataCenter room and listen to the alarm...

- on Dashboard on Web Hits, we would see the number of HTTPS connections and HTTP

- We need a full log export, in case on Deep analysis on Forensic analysis. Reports are goods for Executive and for POC but you partner need to be able to answer who did what,when, wich protocol and wich port where used.

- IPS Engine/Policy. If you need to exclude a single signatures only for a restricted number of users/pc you need to create two rules and play with priority: ok, but if you are on middle market customer how many rule you need to do to secure the customer? This is the same for Application policy

- About metrics, decide to Use Kbit (kb)or KByte (KB), but with the right Sintax.....If you play whit BWM too many misunderstanding on the GUI and Documentation

- Help us with O365 creating an Hidden Feed RSS to automate the download and the population of O365 IP/FQDN service to exclude from Proxy. Too many errors and problems about it.

Thanks

I have always complained about the static gui. It shows very limited information and most of it is not important as a snapshot. Also completely agree with kilobit and kilobyte problem. It is really not that difficult... ALL live traffic including QoS rules should be in kilobit/mbit since we get the traffic from our ISP in kilobits/megabits and our network cards are also in megabits/gigabits etc. However the aggreagate traffic, like how much traffic did TOM use or the total amount of traffic should always be in kilobytes/megabytes etc. Maybe v18...

Edit: On a side note, I have a different bug report about the firewall passing all traffic as soon as it is connected to the network. Did you guys know about this behavior? It has been there since v16[:#] https://community.sophos.com/products/xg-firewall/sophos-xg-beta-programs/sfos-v170-beta/f/sfos-v170-beta-issues-bugs/96108/bug-firewall-starts-passing-all-traffic-before-running-the-wizard 

Why not v17 GA or v17.1? : )

Billybob said:

I have always complained about the static gui. It shows very limited information and most of it is not important as a snapshot. Also completely agree with kilobit and kilobyte problem. It is really not that difficult... ALL live traffic including QoS rules should be in kilobit/mbit since we get the traffic from our ISP in kilobits/megabits and our network cards are also in megabits/gigabits etc. However the aggreagate traffic, like how much traffic did TOM use or the total amount of traffic should always be in kilobytes/megabytes etc. Maybe v18...

Edit: On a side note, I have a different bug report about the firewall passing all traffic as soon as it is connected to the network. Did you guys know about this behavior? It has been there since v16[:#]  

Mark H said:

Why not v17 GA or v17.1? : )

Giordano,

I do not like the static dashboard too and the wasted space is really horrible at the moment, but in Sophos they have other priorities like custom SSL VPN port, MTA improvements, objects, etc.

NAT should be placed in the same Firewall menu and Firewall rules should have icons like before. I like the new Firewall UI but having more than 50 firewall rules with the same icon makes confusion.

I reverted back to v16.5 because DNS is not working at all on XG (both XG, or public DNS traffic).

Let's see!

Hello luk,

what problem with a DNS do you have in XG? Could you please more specify?

Thanks

alda

Thanks Alda.

See this thread:

https://community.sophos.com/products/xg-firewall/sophos-xg-beta-programs/sfos-v170-beta/f/sfos-v170-beta-issues-bugs/95973/fqdn-log---intermittent-internet-dns-issue

I am on v16.5 because of this issue.

Hello luk,

Thanks for the warning. Unfortunately, I can confirm that identical errors are recorded in my three XG v17 Beta-1 installations too. But none of my installations is so affected that web browsing does not work.

Does anyone have similar problem, could you check the log file /log/fqdnd.log in your v17 ?

Regards

alda

the mentioned log errors aren't related to the problem luk was describing. they're just informational, and not indicative of a problem at all. (we'll hide them in future) so don't expect to see any failures, just because you see those logs. 

I luk,

i did not spoke about static guy.

We need to know (remotely) if there are some problem on Hard Disk or on power supply. There is no place to find this type of errors... or by walking on server room...

Our customer ha more that 50 NAT rules only.... so this is why we need to separate... It's a different concept: ACL you need them to do security and allow/block some traffic, NAT Rules you need when you need to publish some services on External.

New UI is good, but i think there are no changes like v16.5. We are waiting SF17 and we wait some changes that show Sophos is on the right way not on same way like before ;-)

Giordano 

Billybob said:

 

In my experience, you are lucky enough to have all the bug requests acknowledged/fixed during the beta. Any feature requests will not be added to the current release which is too bad.

I don't know that we really set feature expectations in this beta, so I'll try to set them now. We follow an Agile development model, which allows us to be pretty flexible in the grand scheme of things, but realistically turning around significant features in a matter of weeks, is almost impossible. We put 9 months into developing the features you see in v17. Actually more like 6 or 7, as we slowed down feature development while focusing on quality improvements through the start of the year.  So you can extrapolate a bit, how long it can take to develop a significant feature.

For smaller features, the primary cost may not be the development of the feature, but in writing unit tests to make sure that it doesn't break any existing functionality, test automation to ensure it works in all expected configurations, and then testing for, and fixing the inevitable number of bugs that are found in testing. So turning around features in a 4-6 week beta period, is seldom possible, if you want to release quality code. We can often accommodate smaller changes, like improving layout, or tweaking workflows in a normal beta like this one, or we can do as we did in v16, and go for a much longer beta. Even there, the number of features added in a very long beta, was relatively small. 

The end result, is that your feature feedback is welcome, and encouraged - but bigger items will more likely shape future changes, than the current release.