First impression and feedback

Hi All,

in my personal opinion i will change:

- NAT and WAF Rules on different pages. Firewall ACL is another security concept

- on Dashboard no Health status about Power redundancy

- on Dashboard no Health status about disk, or mirror disk. Only one way to discover problems is to go on DataCenter room and listen to the alarm...

- on Dashboard on Web Hits, we would see the number of HTTPS connections and HTTP

- We need a full log export, in case on Deep analysis on Forensic analysis. Reports are goods for Executive and for POC but you partner need to be able to answer who did what,when, wich protocol and wich port where used.

- IPS Engine/Policy. If you need to exclude a single signatures only for a restricted number of users/pc you need to create two rules and play with priority: ok, but if you are on middle market customer how many rule you need to do to secure the customer? This is the same for Application policy

- About metrics, decide to Use Kbit (kb)or KByte (KB), but with the right Sintax.....If you play whit BWM too many misunderstanding on the GUI and Documentation

- Help us with O365 creating an Hidden Feed RSS to automate the download and the population of O365 IP/FQDN service to exclude from Proxy. Too many errors and problems about it.

Thanks

I have always complained about the static gui. It shows very limited information and most of it is not important as a snapshot. Also completely agree with kilobit and kilobyte problem. It is really not that difficult... ALL live traffic including QoS rules should be in kilobit/mbit since we get the traffic from our ISP in kilobits/megabits and our network cards are also in megabits/gigabits etc. However the aggreagate traffic, like how much traffic did TOM use or the total amount of traffic should always be in kilobytes/megabytes etc. Maybe v18...

Edit: On a side note, I have a different bug report about the firewall passing all traffic as soon as it is connected to the network. Did you guys know about this behavior? It has been there since v16[:#] https://community.sophos.com/products/xg-firewall/sophos-xg-beta-programs/sfos-v170-beta/f/sfos-v170-beta-issues-bugs/96108/bug-firewall-starts-passing-all-traffic-before-running-the-wizard 

Why not v17 GA or v17.1? : )

Billybob said:

I have always complained about the static gui. It shows very limited information and most of it is not important as a snapshot. Also completely agree with kilobit and kilobyte problem. It is really not that difficult... ALL live traffic including QoS rules should be in kilobit/mbit since we get the traffic from our ISP in kilobits/megabits and our network cards are also in megabits/gigabits etc. However the aggreagate traffic, like how much traffic did TOM use or the total amount of traffic should always be in kilobytes/megabytes etc. Maybe v18...

Edit: On a side note, I have a different bug report about the firewall passing all traffic as soon as it is connected to the network. Did you guys know about this behavior? It has been there since v16[:#]  

Why not v17 GA or v17.1? : )

Billybob said:

I have always complained about the static gui. It shows very limited information and most of it is not important as a snapshot. Also completely agree with kilobit and kilobyte problem. It is really not that difficult... ALL live traffic including QoS rules should be in kilobit/mbit since we get the traffic from our ISP in kilobits/megabits and our network cards are also in megabits/gigabits etc. However the aggreagate traffic, like how much traffic did TOM use or the total amount of traffic should always be in kilobytes/megabytes etc. Maybe v18...

Edit: On a side note, I have a different bug report about the firewall passing all traffic as soon as it is connected to the network. Did you guys know about this behavior? It has been there since v16[:#]  

Mark H said:

Why not v17 GA or v17.1? : )

Billybob said:

 

In my experience, you are lucky enough to have all the bug requests acknowledged/fixed during the beta. Any feature requests will not be added to the current release which is too bad.

I don't know that we really set feature expectations in this beta, so I'll try to set them now. We follow an Agile development model, which allows us to be pretty flexible in the grand scheme of things, but realistically turning around significant features in a matter of weeks, is almost impossible. We put 9 months into developing the features you see in v17. Actually more like 6 or 7, as we slowed down feature development while focusing on quality improvements through the start of the year.  So you can extrapolate a bit, how long it can take to develop a significant feature.

For smaller features, the primary cost may not be the development of the feature, but in writing unit tests to make sure that it doesn't break any existing functionality, test automation to ensure it works in all expected configurations, and then testing for, and fixing the inevitable number of bugs that are found in testing. So turning around features in a 4-6 week beta period, is seldom possible, if you want to release quality code. We can often accommodate smaller changes, like improving layout, or tweaking workflows in a normal beta like this one, or we can do as we did in v16, and go for a much longer beta. Even there, the number of features added in a very long beta, was relatively small. 

The end result, is that your feature feedback is welcome, and encouraged - but bigger items will more likely shape future changes, than the current release. 

AlanT said:

We put 9 months into developing the features you see in v17.

Ugh.

So realistically we're still years away from seeing feature parity with UTM, such as better IPv6 support and decent mail protection.

If that's the case put a moratorium on dicking around with UI changes and get actual NGFW features added.

Hi Alan,

Totally appreciate and understand the development methodologies you're using as well as the incumbent problems you've had with the Cyberoam Development teams but this is quite disappointing to hear. There is so much missing and still keeping the UTM relevant and areas causing fundamental hold backs from it being the truly viable UTM replacement.

The issue that arises to my eyes is that there has been so much focus on the knifepoint that the shaft of the blade is being ignored. These are the areas that engineers and customers who use the system day in and day out slowly get to a point of irritation and eventually (for some customers) threatening to drop the system losing us business.

I would be very interested to discuss my thoughts with you over email if they can be at all relevant.

Emile

XG is Cyberoam OS at the moment and until Sophos will move OS to a new project, this is the time required to develop new feature.

This is what I think about XG. I am not happy at all with XG and moved some installations to other vendor because customers cannot wait.

At the moment it is so minimal and so "delicate" that every new changes/improvement break other stuff on XG. Look at the STAS, Bookmark, Country Blocking, Pattern updates status.

Those things can happen but Sophos should come out with totally a new base in version 18 because at the moment waiting for one year for few new features and with the promise of "UTM features comparison" is not acceptable anymore.

Current XG stays on the pins!

I've had the misfortune of working with a Cyberoam OS once or twice and it was very painful.

Something that really throws me is that of the top 15 ideas, all are under consideration or planned with no targeted release at all or under consideration with only 2 actually having a targeted release version and even then it's ambiguous. So instead of getting what the community is asking for we are getting features like an expanded Wizard to support customers who did not want to buy professional services of which the original Wizard was fine to support these. So that was a phenomenal development time being used for some thing that wasn't technically lead and I'm struggling to find the Sales reasons to create a Wizard for an Enterprise system. You don't see Cisco, Fortinet and Palo Alto focus on a first time set up Wizard so why are Sophos? That's just a single example.

So my issue is that it has been pointed out there has been 6-9 months development time that is split over ~150 engineers and the only primary driver since v16.5 is bug fixing. But features are what prevent stagnation and what show to Gartner and the Partners that there is a strong focus on the product.

Emile

Unknown said:

I've had the misfortune of working with a Cyberoam OS once or twice and it was very painful.

Something that really throws me is that of the top 15 ideas, all are under consideration or planned with no targeted release at all or under consideration with only 2 actually having a targeted release version and even then it's ambiguous. So instead of getting what the community is asking for we are getting features like an expanded Wizard to support customers who did not want to buy professional services of which the original Wizard was fine to support these. So that was a phenomenal development time being used for some thing that wasn't technically lead and I'm struggling to find the Sales reasons to create a Wizard for an Enterprise system. You don't see Cisco, Fortinet and Palo Alto focus on a first time set up Wizard so why are Sophos? That's just a single example.

So my issue is that it has been pointed out there has been 6-9 months development time that is split over ~150 engineers and the only primary driver since v16.5 is bug fixing. But features are what prevent stagnation and what show to Gartner and the Partners that there is a strong focus on the product.

Emile

 

I agree the focus is definitely not in the right areas. I'm all for having a release that focuses on performance and stability - I know other brands do this occasionally every so many releases. It's just sad that the release times are so far apart and nothing that we ask for is being implemented and the existing stuff is still 'beta'

Unknown said:

So instead of getting what the community is asking for we are getting features like an expanded Wizard to support customers who did not want to buy professional services of which the original Wizard was fine to support these.

They did a decent job on the wizard. It even detects a dhcp running on your network instead of turning on its own dhcp (which I was expecting). Having said that, the wizard at the moment feels like old windows 3.1. Dos underneath never changed while you added another layer of gui. To be honest, thats a lot of development time for the creation of just a wizard. I am no programmer but sometimes it feels like they are googling how to code while they are coding. Also agree that wizard is only good for someone that has never used a firewall. I have never used a wizard EVER to configure a system I had never used before. But the discussion comes back to us using our limited knowledge of our environments and interactions and applying to sophos as a whole. Someone pushed for the wizard and they thought it was a worthwhile investment.

I also agree with Luk. Sophos is still trying to compete against itself by trying to make XG >UTM. That ship sailed about a year ago. I don't think anybody is recommending UTM to new installation these days... heck sophos was recommending v15 instead of UTM9. They want to keep those UTM license holders and convert them to XG and believe me a configuration wizard is not whats holding them back from converting.

I got a chuckle out of ChrisKnight 's comment about moratorium on UI changes. The problem I think is that they have sunk too much money to put lipstick on cyberoam. At this point, their whole future depends on that pig flying and hope that nobody at gartner notices anything unusual.

I also didn't want to argue with AlanT about his post above about development times and addition of new ideas during a beta. I have been doing betas for as long as I can remember. I wonder if someone asked to change KB/s for bandwidth and Qos to kb/s, how long would it take?

https://community.sophos.com/products/unified-threat-management/astaroorg/f/asg-v7-500-beta-closed/67940/7-460-bug-fixed-minor-cosmetic-inconsistent-units-in-dashboard-traffic 

Unknown said:

Something that really throws me is that of the top 15 ideas, all are under consideration or planned with no targeted release at all or under consideration with only 2 actually having a targeted release version and even then it's ambiguous.

Hi Emile, 

The ideas site is only one source of feedback, and isn't strictly taken as the order of priority. We do far more research into features, before deciding what goes into it. Also, some issues being requested there, are costly in ways that make them only possible in future releases. What went into v17 is improvements to the areas that have caused the biggest pain for users thus far on XG - with the single exception of many of the planned logging improvements. (Coming now in beta 3!)

Unknown said:

I'm struggling to find the Sales reasons to create a Wizard for an Enterprise system. You don't see Cisco, Fortinet and Palo Alto focus on a first time set up Wizard so why are Sophos? That's just a single example.

Our efforts around MRs were driven by feedback from partners, our sales teams, and from support. While XG sales exploded, so did quality concerns. We worked through every support case and licensing issue, and looked at not just the bugs being reported, but the reasons people were contacting support. The outcome of all of this, was that we needed to fix the registration process (not a surprise) and also the initial setup experience. We also had the opportunity to improve security, by removing the notion of a default password - at least for the web ui. 

Unknown said:

So my issue is that it has been pointed out there has been 6-9 months development time that is split over ~150 engineers and the only primary driver since v16.5 is bug fixing. But features are what prevent stagnation and what show to Gartner and the Partners that there is a strong focus on the product.

Yes, we need to keep innovating, and improving the capabilities of the firewall. v17 is an important milestone in that regard. While there are not so many huge features in it, what is there is carefully chosen. We are also now working on some epic improvements for the future, which you and I have discussed, but what we have not yet discussed, is the roadmap between v17 and v18. I will begin discussing that, as we get to the end of the beta. We do have plans for more v17 features in several smaller subsequent v17 feature releases starting Q1 next year, though. 

AlanT, 

I hope that you will change the XG project completely by going back to quality and not quantity. XG OS is cyberoam-based and still planty of issue, mess on it. With the right code, you can import features on XG easily and add new one, but with this OS you are banging you head against a wall.

I hope that in v18 we will see almost the same GUI but with a new OS. Customers are already moving to other vendor, even if you numbers are good (because Sales made a great job on convincing people) but once the license will expire, customers will move to something else.

I know already other people over the world (thanks to community) that are moving away and I agree with them.

I know you will never admit that XG OS at the moment is a flop (in terms of basic features) but this is what we see at the moment. In v18 you should at least add 100 features. The story that XG is not UTM parity is not a true story because it does not make sense for a company to have 2 products that require double efforts and time to develop and maintain them.

No one in the industry is doing the same! I'm really really really disappointed.