Does any one know if XG is roughly at feature parity with the UTM yet?
I have read some of the posts here, so I will chime in on why the UTM is "worse" than the XG even though I have not used the XG, based on what features it does NOT have that should. I have never used the XG but one thing that really grinds my gears is how hard it is to pinpoint problems when looking at logs in the UTM. Yes, the logs contain lots of information, but you have to do a lot of back-and-forth between logs and web UI to make thing work.
I can't tell you how many times I've had to open web filtering, application control, firewall, and IPS logs all at once to see why a file isn't being downloaded or a website won't load.
Until Sophos develops a way to take the fields of the web filtering/firewall/application control logs and create a rule based on the info from that log, administrating it will be tedious. It would be stellar if say for example you could take a web filtering log and automatically create a web filtering exception rule to allow what was blocked. If say I could not download application updates because it being blocked due to a range request, or blocked category, I have to open the logs, see what went wrong, and manually create a web filtering rule, check the appropriate boxes, manually copy and paste the URL from the log into allowed Websites, ect, then hope it works.
The same issue exists for the firewall too. Too much manual extraction of data from logs to create rules or exceptions. Maybe the XG is better, but the UTM just seems very difficult when it comes to creating web filtering rules/exceptions, and from what I heard, the logging of XG is better.
So as far as feature parity between XG and UTM. Functionality aside, the UTM can be very tedious to troubleshoot. I wish I could try both so see how the XG handles logs.
Thanks for the feedback Alan, I agree although i'm pretty sure Sophos aren't going to fix this in UTM, and will suggest you move to XG!
Of course... the UTM is probably not going to be developed anymore since it's getting close to EOL. I would be willing to switch to the XG, but the Sophos access point that I have will not be supported by the XG after 2023. This very expensive AP that works perfectly fine will be effectively "bricked" when the newer access points arrive. For a home users they are expensive, and I don't wish to subscribe to the Sophos Central just so I can manage my older AP. There does seem to be a lot of hype surrounding the XG, but mainly for it's business oriented features like SD-WAN, Heartbeat, IKEv2, and Intercept X which will not be of much interest to home users.
BTW: Sophos Central Wireless is for free.
Not sure how secure it would be though. Cloud management is always a risk. The less holes open in a network the safer you are.