Hello Sophos,
can we still expect the XG V18 MR 3 this week ?
[locked by: FloSupport at 4:35 PM (GMT -7) on 13 Oct 2020]
Hello Sophos,
can we still expect the XG V18 MR 3 this week ?
Hello Mike,
so I can only recommend one thing to you, start using another solution from another vendor.
Trust me, I've been using Astaro / Sophos UTM solutions since 2003 and it is hell for the last 5 years. You won't find such a low-quality and unreliable product like XG anywhere else in the world.
Trust me, I really have many and many years of experience with these products and such a bad situation in quality and reliability has not been in the past.
If you are a home user, I understand your enthusiasm. But if you are a corporate network administrator or a supplier of security solutions for companies, this is hell ....
Regards
alda
Hello Mike,
so I can only recommend one thing to you, start using another solution from another vendor.
Trust me, I've been using Astaro / Sophos UTM solutions since 2003 and it is hell for the last 5 years. You won't find such a low-quality and unreliable product like XG anywhere else in the world.
Trust me, I really have many and many years of experience with these products and such a bad situation in quality and reliability has not been in the past.
If you are a home user, I understand your enthusiasm. But if you are a corporate network administrator or a supplier of security solutions for companies, this is hell ....
Regards
alda
Hi alda,
One honest question, is the firewall not doing It's job to protect your clients, which is the main purpose of it.
Or your mad at It because the management plane on Sophos XG is horrible? Or both?
Thanks!
If a post solves your question use the 'Verify Answer' button.
Ryzen 5600U + I226-V (KVM) v20 GA @ Home
XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall
Hello Prism,
I think it's a mix of all the bad things together. I think the last 2 to 3 years are "normal" that Sophos released a new version and within a week at the latest (more often in a few days) we ourselves reported what is not working properly or what other features are damaged by the new version.
When was the last time you encountered a problem that a function is not implemented correctly or its implementation is not completed? Again for the last 2 to 3 years, this situation has been repeated regularly.
I'm right, I think you've experienced it too, right?
Have you solved any problem with Sophos support in the last 2 to 3 years? How long (on average) did it take to solve the problem? Our experience is at least 2 to 3 weeks (ideally). First you have to describe the problem in detail, so you describe the problem, then L1 support finds out that it is not enough to solve the problem (in the meantime you are asked for ping and traceroute analysis, which of course you did and you know there is no problem). So the problem will be taken over by L2 support and again you have to describe the problem in detail even if you did it with L1 support. And again: ping and traceroute. And in the meantime, you are waiting and waiting, because the engineer is going on vacation and another engineer will not take over the solution to your problem, waiting for the original engineer to return from vacation.
Want more experience?!? I can go on for a long time.
So my conclusion? For many reasons, I will keep it to myself at this time.
So, as can be seen from the above arguments, I think Sophos has a lot of internal problems and it will be a big surprise for me if he can handle them at all in the foreseeable future.
I think v18.5 will be crucial for the survival of Sophos as a UTM vendor. Personally I rated v18 as a very failed version (same as v16).
Regards
alda
Hi Prism ,
alda has got a point, I have experienced similar problems and the time it takes and the motivation of some of the staff on the support desk astounds me.
The Sophos Support structure is broken, I think alda was lucky to get Level 2 techs, I only get the ticket logger and level one tech, then over to GES (and there it disappears for months) before a footnote in the updates if you're lucky.
some of the techs do not understand time-zones, I have been called @ 10pm (BST) on a Friday evening, and the tech will then mark the ticket down as customer refused telephone call, and not why it was refused.
This is not good relationship building.
I now do not sell the UTM, as nothing constructive is coming from Sophos, and they do seem to be winding down operations and development in favour of the XG, I still have a mistrust of their QA process and reliability of their testing process, which feels to me like the Microsoft Windows QA team who were fired a few years back, and we have all felt the knock-on effect of that one.
XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!
You have a good point.
I've never used Sophos support since on the place I has in didn't used Sophos XG.
But looking in to your experience, the Checkpoint TAC is the same thing, unless my problem got hand over to Israel, I would be in a state of suffering the whole time with the LATAM L1 support.
When was the last time you encountered a problem that a function is not implemented correctly or its implementation is not completed? Again for the last 2 to 3 years, this situation has been repeated regularly.
I'm right, I think you've experienced it too, right?
Well, that's another good point; What makes me angry with this, is knowing the back-end of the firewall, (which most parts are GPL code) supports a lot of things that isn't available on the management plane.
Personally I rated v18 as a very failed version (same as v16).
I don't rate v18 "as a very failed version", they did something right which is the new SSL/TLS Inspection engine, but some other features that we got, such as SD-WAN support don't even work correctly.
An example is: try to use the "Application Objects" to route the streaming application traffic to another interface, most of the time the engine will detect YouTube.com as TCP/443, instead of the YouTube streaming application.
If a post solves your question use the 'Verify Answer' button.
Ryzen 5600U + I226-V (KVM) v20 GA @ Home
XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall
I just went back and looked and MR1 was released nearly 3 1/2 months ago. There was an unannounced MR2 that was released to MySophos with no release notes whatsoever, despite repeatedly being asked for them, in what I would call a very bizarre event. People are clamoring for MR3 because there are still many serious bugs in v18 that we are hoping are addressed and we're wary of installing an undocumented, beta (or is it?) release in production when we have no idea what it fixed or didn't fix or what bugs it might introduce. The new DPI inspection engine sounds nice on paper, we had so many problems we had to end up disabling it entirely. And while its nice that Sophos is out there doing innovative things, most all of us would appreciate the simple things, like a logging facility that actually, you know, can give you good consistent information. God help you if you have to troubleshoot and need logs. I would say that the decision making process on what features to work on seems totally broken to me. For example, was there any great outcry for a new DPI engine for v18? But DHCPv6-PD, which is how just about ALL business class cable modem providers distribute IPv6 addresses, nah....who needs that. But if you do need it, a cheap $75 home Chinese router from Wal-mart can do it for you. Its just baffling.
My interactions with Sophos support have been generally decent, so I can't offer much complaint on that.
I mean, medium to big companies don't care about DHCPv6-PD, and thats the point. Sophos want to stop appealing to the home/small busines and go bite the medium/large companies.
They care about DPI/Scanning TLS, routed based vpn, decoupled NATs and rules, etc.
So yeah, that's why and I don't blame them, the money is in the biggest corporations, not small business. And they have to include functions that are present in bigger fw companies (vrf?, central management?, etc)
Its good to know that Sophos doesn't want my business anymore, I guess that makes my renewal decision next year easy.
