Thread Info
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 7649 views
  • Users 0 members are here
Options
Suggested

What's next for v17.x?

AlanT

Hi Everyone, 

We're in the final stages of beta now, and things are shaping up well! Thanks everyone, for your participation and great feedback. It's truly exciting to see dramatic new capabilities like Synchronized Application Control come to market, and the improvements in v17 as a whole, have been well received. 

With every product release, Sophos internal IT participates in the testing process, by deploying the product into production environments. Some companies refer to this as "dogfooding". As in "Eating your own dogfood". It's a common expression that implies a fairly unpleasant experience, which often becomes true, when putting alpha or beta code into production environments. Through v16.5's lifespan, we've made big investments in quality, and while this beta is far from bug free, we can see the impact of that effort carrying forward into v17. Internal feedback has pegged this as the most successful firewall dogfoding exercise we've ever done, with no measurable service desk impact. This mirrors the feedback from many of you, that it's just worked for you. I'm very proud of our engineering teams, and the quality improvements they've delivered over the past year, and want to take this chance to recognize them for their work. 

It's great to have success that can be celebrated, but I don't want to give the impression that we're ignoring the feedback from those of you who shared more critical feedback. Looking back through the feedback, there are a few general points I would like to address. 

One bucket of feedback has been "Where is the feature I've been waiting for?". This is understandable, since most of those requests are relatively small, and XG has been in the wild now, for nearly two years. XG's goal has never been to add every feature that UTM9 has, but there are a number of feature gaps between UTM9 and XG that needed to be prioritized, after we launched v15. The features most commonly used were targeted first, and v16.5 closed off all high level feature gaps. v17 closed off a number of core capability gaps around email, firewall management, and troubleshooting. The list of gaps is down to a much smaller list of specific capabilities, such as several email management capabilities, and a couple IPv6 features. I know I'm glossing over a list of gaps that many of you have raised, but my point is that those of you who use UTM9 today, and have a feature reason that you're not yet switching to XG, don't worry. Your requests not forgotten or ignored, and the list of gaps remaining is really not very long. 

In past, we've explained that XG version numbers would be year based, where the first digits are the year, and the second are the release within the year. This means that there isn't major and minor version numbering. The goal has been to have more, smaller releases. While the goal is still to have more, smaller releases, we've decided to go back to a simpler version numbering, and drop the idea of the first number being bound to a year. v17 is now the first of a family of releases, that we will release over the next year. Our plan is to do two or three feature releases before we get to v18, so look for 17.1, 17.2, and maybe 17.3 feature releases throughout the first few quarters of 2018. Each will have a number of improvements, but overall will each likely be fairly modest. Some features will be fairly significant and strategic, like new and improved SyncSec capabilities, others will likely be invisible to most of you, like OEM related improvements, but the majority will be to address user demand, and your feedback, like auth agent improvements, SSL VPN port customization and email allow/block lists. The list of features per version is not fully committed yet, but everything shared through these betas is under consideration. 

In parallel, we are also working on v18. (In fact, we have already been for some time) v18 will deliver some core architectural improvements, that will address another class of feedback you've shared. Requests for behavioral improvements, like enabling/disabling interfaces, larger scale UX improvements through more areas of the product, renaming more objects, and more. v18 either solves these problems directly, or in a couple cases, lays the foundation to solve them properly. For example, renaming and disabling interfaces will be part of v18, but a fully responsive ui will become radically easier to build on what we deliver in v18. As it stands, v18 is too far out to go into any significant detail. v17.x releases will be the focus of discussion in the immediate future. 

For those of you looking for more, v17 isn't done just yet. 17.0 is all but done, but you won't have to wait a year for more. Stay tuned, and we'll work to keep delivering features, at a higher standard of quality.

Thanks again to everyone who participated in this beta. It's not over yet, but the finish line is in sight!

  • While I have never been subjected to dogfooding, I have worked with other companies that were developing software for us where we were the guinea pigs and the experience wasn't pleasant for the end users.

    I beta tested v15. v16, v16.5 and now v17. V15 should never have been released, v16 was a great step forward but too buggy and starting with v16.5, XG finally became a firewall product that sophos should have released as v15. I had a few set backs including a bad IPS pattern update that broke all categorization last december that forced me to go back to UTM9 but testing v17 and reading the bug reports, most of the core functionality is now stable. 

    XG vs UTM... XG feels like a newer more polished platform now that I have gotten over the initial gui shock of v16. I still have trouble finding some items as some tabs have a lot of information and others have hardly any but I can live with overall aesthetics now. I can also actually tell the difference between the web filtering speed of XG compared to SG because the lab numbers that sophos published with v15 didn't really convince me atleast in my testing. 

    At this point, if you need a firewall and are not running any servers, XG probably makes more sense. Every MR release strengthens the base and brings small changes. I am still not sold on MTA and I like WAF in UTM better. I don't like XG's approach to running all daemons even if you don't need them but memory is cheap and sophos appliances are fairly powerful these days so these are of little concern other than some people like myself that don't like running services that are not needed.

    Final thoughts... People that deployed XG early on are probably the losers as they had to live with the shortcomings of the software. Moving forward, I think most people would be satisfied with what XG is capable of. It will be interesting to see if the early adopters come back to XG after their licenses expire. It will be a shame to see them go as XG is a lot more capable today than it was two years ago.

  • in reply to Billybob

    It will be interesting to see if the early adopters come back to XG after their licenses expire. It will be a shame to see them go as XG is a lot more capable today than it was two years ago.

    I totally agree with you as i m one of the losers who bought XG appliance to our production environment since V.15 which i never knew how they called it NGFW!!!! and until now we will not renew our license to move over to other professional vendors that care for their customers as from my point of view SOPHOS are feeding on their customers money and using us as testing environment to enhance their XG while paying them to do that, it was a very poor developed product made me some times want to destroy it, during my entire 13 years career in IT field i never opened that many support cases with any vendor SW or HW like i did with SOPHOS.

    They will always keep us waiting for next release that never ends for such an old features that already available in the market years ago from all vendors.

    Since we bought this product and i always felt i joined a big open-source testing project that never ends and with each release it extend again and again.

    over a year now and still cant view all traffic going in or out and cant disable or rename any interface!!! most devices in the market that cost 50-100$ can do that since 5-7 years ago.

    AlanT start talking and giving us the carrot to wait for V18!!! another year while V17 is not yet released and after 17.0 is released their will be a lot of issues which will make us wait for V17.1 to be fixed and when V17.1 released including new problems different than was in V17.0 so we will wait for V17.2 and so on, same Carrot and we suppose all to follow.....that is the same behavior history (i wish to be wrong).

    Sophos XG NGFW are paying for Marketing, visual designs and sales effort more than developing, testing and quality.

    V.15 was a product i cant get help from partner or distributor as no one know it good or fix problems and not even all support team as some of them were not aware of that product, some were only users and the rest were a team for another product (Cyberoam) but they do their effort.

    I m a customer paying for service which is a NGFW with latest features and quality, I'm not paying for testing and waiting..... for old technologies and bugs.

    Now using V16.5.8 and not yet find a NGFW but only features that is helping and serving your other products.

    You did not even make separate XG support team or even included support links in Sophos Website until now.

    AlanT If you really believe that Sophos XG is a NGFW and a good product, please open the ability for your XG customers to install SG UTM on XG appliances and see what they will do, i dare you can give us XG appliance owners to choose again!!.

    Soon V17 GA will be released and waiting to see, i still got 10 month in license to know the results of wasting time and money to reach a good NGFW or not.

Unfiltered HTML