As far as my partner told me, there is a tool... internal tool for migrating from SG to XG.
Is public accesible?
Unless you have a VERY serious reasons to leave the stability and easyness of SG. Don't migrate to XG already. It is NOT ready. I would say, wait at least two years.
DHCP is at its most basic. All goodies that comes with a DHCP server like Microsoft Windows, like time source, or whatever else source are none. The only thing it provides is an IP address. That's it, that's all.
NO NTP server or no NTP relay or whatever NTP.
HTTPS scaning will jam Windows and Chrome updating. ANd many others as well.
Logs are helpless and not on par with competing product.
In general, everything is very complicated to setup. And very often unintuitive.
They will get there I think. But for now, it is only suffering.
To a certain extent, I can concur as I am going through the growing pains post migration of 2 Sophos mid-range appliances. It's been challenging but have no choice because Sophos has disabled a "Rollback to UTM 9" button. On a more positive note, XG is a lot less intensive on system resources, specifically CPU and memory, than UTM 9. The firewall rules are more flexible and less rules are required. Enterprise features such as RADIUS SSO are included. Bandwidth throttling works unlike UTM 9.
However, I have been experiencing some rather strange issues and can be forgiven for also thinking that XG is not yet ready. These include, domain machines losing internet connectivity for no rhyme nor reason and wireless clients losing internet access when roaming from one AP to another. I have been spending a significant amount of time with Sophos support troubleshooting issues and will plod on for a bit longer but open to looking at another solution e.g. Fortigate.
I looked at the migration tool and imported the UTM 9 config files but decided it's best to start from scratch. A new firewall broom...
Forgot to mention, IPv6 in XG is like having TWO firewalls on you rack. In XG IPv4 and IPv6 are two separate worlds. Meaning you have to duplicate each and every rules and many other things.
Very annoying also, is the obligation to setup options like HTTPS scanning on each rule. Same for Sandboxing. Takes an eternity to put off and on in case of troubles, which happens often. Particularly on Microsoft's patch Tuesday were none of your updates will go trough if scanned. Like exactly what I am forced to do today, since were are Tuesday. And no, exceptions rules won't work.