Hi All,
I migrated my home box from MR7 to v17 and all good.
In my case, the IPS did not start automatically after the reboot.
The other thing is the UI is faster than v16 but the Network menu is very slow compared to the others. I have only 2 NICs and 2 VLAN.
Last thing, where is the policy test?
As I see it there's a lot of frustration about the way the UTM took in the last few years, especially among the long term Astaro admins like me.
But let's reflect on our journey, fellow travellers, before we jump to conclusions.
After the aquisition by Sophos everything was going along as before, with the usual ups and downs that we were all used to from the Astaro days.
Then Cyberoam came along and v15 was introduced as the next generation of UTM. That of course was wishful thinking from Sophos and I can't tell why they took that road, but they did. Missed quality and user experience expectations and the feature gap prevented it from being an alternative to the Astaro UTM.
After the feedback to v15, v16 was intended to improve quality and more importantly close the feature gaps. Again neither goal was fully accomplished.
Now it became clear that putting more lipstick on the pig wasn't solving the problem.
What we saw since then is encouraging to me:
1. There were several quality focused releases. That means Sophos came to the conclusion that quality is an issue and acted upon it. Of course that means that filling the feature gap was slowing down. But you can't have it all, right?
2. Alan stated earlier that there is a project called Picaso that is going to replace the configuration management. Let's be clear: that means we are going to see a rewrite of most of the product. Which is the right thing to do imho. I assume we are talking about v18 here, but maybe Alan may say a few words on scope and timeline of Picaso.
3. When they are going to rewrite the configuration system and UI, I bet we'll also see a new CLI. Alan?
So they came to the same conlusions as we did. And they started executing a plan to fix the problems before v17 was started.
v17 is therefore a release to bridge the gap until v18.
That's giving me hope and the virtue to live with my frustration for a little longer.
Cheers,
Stumpy
Stumpy, as one of those long time astaro admins, I only test XG every beta and make my decisions. I do agree that they have been aggressively releasing MR releases since v16.5 and the feedback is mostly positive other than minor regression once in a while. I generally like v17 quite a bit. Having said that, I am a little reluctant to jump on the picaso bandwagon. Here are my reasons:
True, the code base has been improving constantly in XG and I can personally attest to its quality when dealing with high volumes of traffic. However, picaso is going to start over from scratch, what does that mean realistically? Most of the daemons they have developed and carried over from cyberoam will stay the same, logging etc. will be like v17. UI will have some improvements and will be closer to the way SG/UTM acts but will resemble XG since its another XG release after all. Most importantly, when we go to object based model, there will be growing pains. So three years after releasing XG, we will be back to stabilizing the code base.
These are all speculations on my part and I am not questioning what is possible. I am a little apprehensive on what promises are made for the future after getting my heart broken with v15 and v16.
EDIT: Are they still going GA today? Nobody is acknowledging new bug reports so the beta is over.
Billybob said:These are all speculations on my part and I am not questioning what is possible. I am a little apprehensive on what promises are made for the future after getting my heart broken with v15 and v16.
the thing is, sophos still takes full money for UTM subscriptions and decided to cease major development to fund XG development that nobody here really wants. We pay for modules that are pretty much abandonded (application control, ipv6 implemenation, WAF rules, long requested features like lets encrypt etc), they (sophos) could have THE leading UTM right now by a far margin with UTM 10 with reworked Application Control and up to date technology. Open Source Products are catching up to UTM and will be on parity in the not so distant future.
---
Sophos UTM 9.3 Certified Engineer
the thing is, sophos still takes full money for UTM subscriptions and decided to cease major development to fund XG development that nobody here really wants. We pay for modules that are pretty much abandonded (application control, ipv6 implemenation, WAF rules, long requested features like lets encrypt etc), they (sophos) could have THE leading UTM right now by a far margin with UTM 10 with reworked Application Control and up to date technology. Open Source Products are catching up to UTM and will be on parity in the not so distant future.
---
Sophos UTM 9.3 Certified Engineer
