XG Firewall - Roadmap?

Forgot to put a follow up/bump here, on the road to XGv18 in two years.

SFOS 17.1.3 MR-3 released these days. Bug fix mostly.

Paul Jr

Hey Paul,

V17.5.b is supposed to be due this week.

Ian

https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-17-5-mr4-released

Ok.  That really was on the first of April.

The list of bugs fixes is particularly long and concern quite extensively mails and web filtering. Backups are being forced to have a password.  I would have preferred and "opt-out" button.

Besides that, not much new functions.

Installed on XG105 and XG210. Haven't see anything wrong after few hours. But our setup is simple since we are not using anything related to mails (mail gateway is back with Symantec), we have a single VPN, an only a single business rules.  Beware, milage may vary.

Paul Jr 

As far as I know.

~April 24, 2019 there is a large partner conference.

I presume that the event will include announcement, roadmaps, etc.

As far as I know there was also a partner meeting on March 1st, but no news was released after that...

hello

Just upgraded one of our branch office from 17.5.3 to 17.5.4, got some troubles with dhcp (devices doesn't get the gateway ip, ipconfig /renew very slow) and a pppoe connection doesn't came up till i disconnect and reconnect it manually...

Problems start to pop up on XGV17.5.4 MR-4 ...

On Google Chrome 73.0.3683.86, here is what firewall rules look like now :

It happened to me before.  But closing the web page and re-opening it would solve it.  Not this time.  It happens on all firewalls and is now permanent.

Paul Jr

Hi,

i had exactly the same error a while ago. In my case it helped to clear the cache data in Google Chrome. But i think it's the same with other browsers. [;)]

Oups !!!  I forgot to clear the cache this time.  Annoying to say the least.

I had to do it twice ... Meaning clearing the cache + closing app + testing = failed + clearing the cache again + closing app again + worked this time.

Paul Jr

Just a reminder that this is not the thread to post issues that you have with upgrades.

Alda wrote already a while ago. 

- v18 Beta - for partners April/May
- v18 GA - September / October
- v18.5 - Q1 2020

We'll see.

Time to post basic list of requirements again:

1. Logs are still helpless.
2. Would be nice we had something that compares to Checkpoint ...
3. Some shy improvements in v17.5.
4. The best would be a direct link with WireShark while logs becomes acceptable in a future version.
5. STAS needs a complete remelting.
6. Why not having A SINGLE CLIENT FOR ALL SOPHOS PRODUCTS AND APPLIANCES ?
7. Instead of going tru all those ports, registry keys, et.c. non-sense setups ?
8. XG as an NTP is a basic requirement. Should have been done long ago.
9. Full features DHCP. At least we could point desktops to 2 or 3 trustable NTPs.
   Pooled NTP web sites is such a non sens to me.

2017 and 2018 were dedicated to bug fixes and stability almost exclusively.  2019 so far has only timid improvments.
Hope 2019 will bring us on par with the competition.

Paul Jr

Alda wrote already a while ago. 

- v18 Beta - for partners April/May
- v18 GA - September / October
- v18.5 - Q1 2020

We'll see.

Time to post basic list of requirements again:

1. Logs are still helpless.
2. Would be nice we had something that compares to Checkpoint ...
3. Some shy improvements in v17.5.
4. The best would be a direct link with WireShark while logs becomes acceptable in a future version.
5. STAS needs a complete remelting.
6. Why not having A SINGLE CLIENT FOR ALL SOPHOS PRODUCTS AND APPLIANCES ?
7. Instead of going tru all those ports, registry keys, et.c. non-sense setups ?
8. XG as an NTP is a basic requirement. Should have been done long ago.
9. Full features DHCP. At least we could point desktops to 2 or 3 trustable NTPs.
   Pooled NTP web sites is such a non sens to me.

2017 and 2018 were dedicated to bug fixes and stability almost exclusively.  2019 so far has only timid improvments.
Hope 2019 will bring us on par with the competition.

Paul Jr

I think they are late already if they plan to release 18 GA en September the beta for partners or not, should be available now.

Euh !?  v18 was at first (24+ months ago) scheduled late 2017.  18 meaning 2018.

You cannot plan any project with Sophos XG if there's features missing.  If you need features that's on v18 list, just forget it.  No one have any clue when this will appears.  Even internal apparently.  Additionaly, when v18 will be released, there will be bugs that will take months to sweep.  Either you take XG as it is now (i.e. it does what you need it to do NOW) or you look at something else.

Paul Jr 

Hi, any news about v18 beta and EAP?

Best regards

My guess.  Next year.  Forget July this year.

Paul Jr

Any updates on V18 or if the EAP has begun?

Hello Tom,

according to my information, we should not wait long time (and that we are waiting a long time, isn't). No longer than till to the end of this month.

Regards

alda

P.S. I hope, but who knows, we know Sophos ....

As a reminder for those who read this, if we are talking the end of this month, we are talking about the Beta.

Paul Jr

Waiting for v18 
We hope basic features such as monthly executive reports and advanced policy helpdesk (auto detection web policy) are also immediately added like UTM.

You can wait, but, realisticaly speaking, you will not install v18 at your business before many, many, many months.  Possibly late 2020.  If history repeats.

v18, technically, means 2018 ...  v17 is where v15 should have started to begin with.  Particularly for the MTA.  XG v17 still have pretty serious issues to iron out.  Logs, DHCP, et.c.

I calculate that things will be ironed out for v18 in around 4 years.

Paul Jr

Don't forget all the issues with Snort implementation which is more resource heavy than the competition, and it keep using old linux packets with vulnerabilities like with openvpn which XG is using and old version and refuse to update.

Dont forget either that in the last version MR7 they have broken the SSL VPN service and the only way to make it work again is regenerating the certificates which means that you need to remove all the configuration and start over.

Sophos XG is a bunch of opensource tools glued together with almost no custom development but the UI.

I think this products needs 3-4 years of development to be mature, or duplicate the development team, I am going to give them the last chance with v18, if the stability, bugs, and performance remains the same I will move to something else.