Hi All,
I migrated my home box from MR7 to v17 and all good.
In my case, the IPS did not start automatically after the reboot.
The other thing is the UI is faster than v16 but the Network menu is very slow compared to the others. I have only 2 NICs and 2 VLAN.
Last thing, where is the policy test?
Hi All,
in my personal opinion i will change:
- NAT and WAF Rules on different pages. Firewall ACL is another security concept
- on Dashboard no Health status about Power redundancy
- on Dashboard no Health status about disk, or mirror disk. Only one way to discover problems is to go on DataCenter room and listen to the alarm...
- on Dashboard on Web Hits, we would see the number of HTTPS connections and HTTP
- We need a full log export, in case on Deep analysis on Forensic analysis. Reports are goods for Executive and for POC but you partner need to be able to answer who did what,when, wich protocol and wich port where used.
- IPS Engine/Policy. If you need to exclude a single signatures only for a restricted number of users/pc you need to create two rules and play with priority: ok, but if you are on middle market customer how many rule you need to do to secure the customer? This is the same for Application policy
- About metrics, decide to Use Kbit (kb)or KByte (KB), but with the right Sintax.....If you play whit BWM too many misunderstanding on the GUI and Documentation
- Help us with O365 creating an Hidden Feed RSS to automate the download and the population of O365 IP/FQDN service to exclude from Proxy. Too many errors and problems about it.
Thanks
I have always complained about the static gui. It shows very limited information and most of it is not important as a snapshot. Also completely agree with kilobit and kilobyte problem. It is really not that difficult... ALL live traffic including QoS rules should be in kilobit/mbit since we get the traffic from our ISP in kilobits/megabits and our network cards are also in megabits/gigabits etc. However the aggreagate traffic, like how much traffic did TOM use or the total amount of traffic should always be in kilobytes/megabytes etc. Maybe v18...
Edit: On a side note, I have a different bug report about the firewall passing all traffic as soon as it is connected to the network. Did you guys know about this behavior? It has been there since v16[:#] https://community.sophos.com/products/xg-firewall/sophos-xg-beta-programs/sfos-v170-beta/f/sfos-v170-beta-issues-bugs/96108/bug-firewall-starts-passing-all-traffic-before-running-the-wizard
Dear Sir
I fell that there has been sincere effort by Sophos team to come with world class features. Hope to see gray area are fixed soon. I don't fell to leave the party!!!!
Best Regards,
Vishvas
lferrara said:We are looking forward to hearing from you.
a little late, but yes, I was coincidentally posting an update as you asked.
alda said:I more and more feel a great disappointment with the unfulfilled promises introduced into v17
some explanation would be helpful. Which promises, and which last post do you mean? my last post in this thread, the new thread on v17+, or something else?
Hello Alan,
in your post you mention v17.1, v17.2 and v17.3. but you did not mention what features and functions do you plan to implement in these versions, and especially when we can expect these versions. This is for us as your long-years partner the most important thing. I am constantly forced to promise our customers that their required features will be finally implemented and they are still not implemented yet. I've heard and seen so many great promises that I do not believe them anymore.
I really appreciate a specific list of features and dates when they will be implanted. And I can understand that in a few cases some features will not be implemented. But I'm really tired of more than two years of endless promises when and what will be done.
Your marketing is really devastating and under its influence users expect the presented features to be implemented, but they are not, and in this situation we have been living for more than two years.
It's really tiring and frustrating.
alda
I feel like you, Alda and many other users and partners I know. Sophos will see a nice bad trend in their sales soon, because many Users and Partners I know around the World will not renew the XG license and will move to something else.
Sophos sales did a great job on contacting partners and telling them: "I have a nice offer if you buy a couple of XG, with Full License per 3 years. Can I use the XG as I do for UTM? Yes, it is the next generation".
It is not a blame of the Production Team but this is how the market and Organizations work. People like AlanT and Michael Dunn are pressed and they need to work hard and quick to produce more, so quality goes into the bin.
Check how many users joined the beta v17 compared to v16. This is the truth!
I am not disappointed......more than disappointed. At this time, UTM was at version 10 with many more features. In another post, I red that the WAF module will support RDS 2016 not before 2019....Unbeliavable!
They did a big mistake to continue to develop and improve Cyberoam OS instead of really starting from scratch! They could even take 3 years, because UTM is still there and it is still sellable!
I am not a Sales man but 1+1= 2. The math is not an opinion!
ya UTM 10 would have been cool, lots of potential wasted.
Who needs a good product when you got a great marketing. The reality will catch up in sales and resubs.
We keep getting E-Mails about awards that XG is winning, its kind of sad if you think about it. But their marketing works.
---
Sophos UTM 9.3 Certified Engineer
Hello luk,
you are right, the number of participants v16 vs. v17 can be easily traced, see here https://community.sophos.com/products/xg-firewall/sophos-xg-beta-programs/ or below is result.
It is a devastating result.
Regards
alda
SFOS v16 Beta Read Only Last Activity: 17 hours ago 1313 members
SFOS v17.0 Beta Last Activity: 1 month ago 584 members
My view may be quite different from normal users and partners. I have no idea what material was presented to you guys. From my perspective every feature that we planned to do at the start of v17 development was completed. I know this is true for my team, and I suspect it is true for most teams. So when I hear that there are "unfulfilled promises" I wonder - what were those promises?
If partners are "I am constantly forced to promise our customers that their required features will be finally implemented and they are still not implemented yet" then that is not Sophos promising and failing to deliver on that promise. That is a partner hoping, and Sophos not meeting that hope. Its a bit different.
If Sophos asks for feedback or feature requests, then says "We will take your input into our plans for the next version" I don't think people should take that as a promise.
"I've heard and seen so many great promises that I do not believe them anymore." Please give examples.
I fully expect and understand criticism over the fact that there are features people want and we don't have them.
But I take issue with criticism that we promising features that we are not delivering. To my knowledge we are not doing that.
1) Customers ask for features
2) Managers plan what features will be in next release
3) development starts with expected feature list
Six months pass...
4) development ends with 95-100% of feature list complete
5) Customers complain that promises are not fulfilled
From my perspective from 2-4 everything (or at least almost everything - I cannot speak for all teams) is done as per plan. So when I hear that there are promises unfulfilled I think the issue is in 1-2. Customers need to know that just because ask for something in (1) it is not a promise, and Sophos need to decide what/how (and if) to communicate (2) back to customers.
I see both sides of this honestly. I don't know that Sophos "failed to deliver" on anything explicitly promised, but at the same time features that may seem to minor to Sophos or anybody else are major when you need it and they are missing. There is also a certain amount of truth to the criticism that it is now nearly 2018 and some basic features are still missing from what is supposed to be a NGFW (anti-port scan, IPv6 DHCP-PD, just to name a couple off the top of my head). I think people expect(ed) small missing features like these to be addressed in this major release.
Maybe it would be beneficial to start a thread somewhere and hash all this out. Clearly there seems to be a gap here between some of your biggest power users and Sophos and it would be unfortunate if it does not get resolved. I have my own theory as to what is behind the angst.
I should note for the record that I'm happy with XG in general, v17 in specific, and the direction and development of the product. I'm not a partner or a reseller, just an end user.
I’d personally like to see development of v17 continue on longer then work with major releases on a 12 month cycle.
Maybe an 18 mo cycle will allow more features being developed over its version lifecycle. And also have teams work in parallel as well on the last 6 months as some work on a major release and back fill small features, security and big fixes, etc...
I’d personally like to see development of v17 continue on longer then work with major releases on a 12 month cycle.
Maybe an 18 mo cycle will allow more features being developed over its version lifecycle. And also have teams work in parallel as well on the last 6 months as some work on a major release and back fill small features, security and big fixes, etc...
