XG Firewall - Roadmap?

I understand that there could be some more communication about the road map and active development from Sophos, but it's also not very useful to constantly complain in the forums. If you're a Sophos partner, you can get some information from your rep at anytime. If you're not, then contact your partner regarding this information.

I'm a Sophos Partner myself and some updates were given during the Sophos Discover Partner Conference last week. Since I don't think any of this has been shared yet publicly, here is some info to give you a bit of an insight:

- No major features are going to be developed for v17.5 since all focus is on getting v18 ready for release (bug fixed will still be rolled out in MRs as needed)

- There will be an early access program for v18 in July

- GA for v18 is planned for November

- there is no full feature list for v18 available yet, only internally at Sophos but v18 contains TONS of new features and improvements

- v18 will separate NAT from firewall rules and have more configuration options (which some users have complained about)

- v18 will improve overall performance by 30%+ and new XG hardware (optimized for new packet processing engine) will be released in early 2020 to bring even more performance

Hope this helps a little. I'm sure there's more to come as we get closer to the July EAP release.

Ok.  The point I bring often that bothers me most is the pace at which development goes.  It does not match what's elsewhere in the industry.

I understand that a road-map is just a road map, and all Developers have to maintain controls on it, but then, let's compare.  Up to recently, road-maps from Intel were clockwork (with some glitches these days, I know).  If they told it would be delivered 13.5 months from now, they would.  Yet, at the end of the day, I do not care much about road-maps anyway.  It's vaporware.  Wish list.

What I care about is what I have in my hands.  And the historical rate at which I receive updates/upgrades.  I have been with Sophos for more than 2 years, I can safely state development pace is very slow.

There's also the way development is prioritized.  SD-WAN may seem sexy, but meaningful and use full logs, full featured DHCP, time relay/reliable source, for example, should have been tried and tested options available since day one.  Routing have been insanely complicated.  For those who master CLI, it is not such a draw back.  But for those who are not sitting behind the console all day long stuck with the interface, XG's GUI and its limitations is a real problem.

v18 will be released one day, but we all know there will be bugs, because the history is there to back these sayings.  v15, v16, v17 were bumpy roads, to say the least.

It may look like complaining to some.  But it will look realistic to others.  Mileage will vary with your level of competence.

If you're a deep linux CLI geek, with lots of other firewalls vendors experience, I look like complaining.

If you're a casual small business user/manager, you just felt my pain.  But isn't this is where UTM market belong ?  Large organization owns dedicated appliances.  UTM is meaningless to them.

Paul Jr 

How about Cyber / Sec / OpSec? Firewalls and UTMs are security products, yet on some security basics Sophos still falls far short.

For instance, it's baffling that XG still offers CLI-access to only one single account. If multiple administrators need to use the CLI they would have to share that account... To boot, if I'm not mistaken that account has to be named "admin".

How about Cyber / Sec / OpSec? Firewalls and UTMs are security products, yet on some security basics Sophos still falls far short.

For instance, it's baffling that XG still offers CLI-access to only one single account. If multiple administrators need to use the CLI they would have to share that account... To boot, if I'm not mistaken that account has to be named "admin".