Next EAP release date?

Hi folks,

DPI works very well with devices that you cannot install a CA on eg IoT devices.

Ian

Gentlemens, there is potential in DPI. Remember that this is an early access phase. Not everything goes well, some pages are not decrypted, but the mechanism itself seems to be OK. Let's give the Sophos a chance to prove themselves.

The idea is innovative, but it needs to be refined. That is why we are a community to help in this. Instead of complaining, let's report bugs - thanks to this next releases will be much better.

rfcat_vk, in my case DPI is introducing more issues than proxy. I am using SSL decrypt and scan since v16 and not big problem.

darnoK, "the idea is not innovative". Other brands are using DPI since several years and I can remember the frustration at the beginning with another vendor when the customer moved from UTM 8 to the new brand. SSL/TLS was painful. Many websites stopped working.

Using DPi is the way to go for a NGFW instead of UTM as the same packet is analysed once (or very few times) compared to UTM where the same packet is open/closed and analysed by many different engines.

I fully understand how difficult is to integrate everything with snort engine but for the moment, a part my issue and some others, they did a great job with DPI. From v18 GA, DPI can only improve.

XG suffers other big problems at the moment and I hope they listen and they stop to close features that are not yet completed, as they do not.

Regards

You mean, that works very well with devices that you CAN install a CA?

It won't work well on IoT because you CAN NOT install a CA.

I just want to undestand you statment correctly.

Hi,

you read my post correctly. I am using DPI on my IoT devices and they connect other internet where as the same devices with the web proxy and https inspection fail.

I suspect the reason they connect is they are using the do not decrypt part of the web rule.

I do find it a ;little sctrange in that I did create a ssl/tls specifically for my IoT devices that did not pass traffic even after I disabled the default rules.

So a little unclear as to what is happening.

Ian

Update: - I looked the logviewer after 24hrs and found that two of IoT devices without CAs are passing the decrypt function in my TLS/ssl rule.

Any news about next release? We will have EAP 3 refresh, EAP 4 or GA version? Any date?

If you can, go back to v17 maybe ?

Paul Jr

At the moment, your advice is worth considering ;-)

For now, EAP "eats" a lot of CPU and RAM resources, which eliminates the possibility of upgrading on older devices. Unless SOPHOS is focused on new customers who already buy new equipment. The second thing is that the devices in DPI mode work smoothly, unfortunately you need to add most of the traffic to TLS Exclusion. Does that make sense?

I wonder if there is a chance for SOPHOS to scale the software to the capabilities of its devices? Is there a chance that the DPI engine will work flawlessly?

These are just a few loose thoughts ...

PS If UTM had an IMAP scan, I would stay with this solution. In my opinion, it has everything you need.

Cheers ;-)

I will not install v18 at my lob.  Just unworkable.  I have to do IT moves in May this year.  We already moved away for mails and WEB scanning in such a manner that our firewalls are now empty shells.  EndPoints have been moved partially back to Symantec.  So maybe we will stay with v17 just for the sake of doing very basic firewall and VPN duties.  Up until another supplier bring to market an integrated solution that’s worth moving.  It is my current thinking Sophos will not achieve a workable solution within this decade.   I will continue to monitor v18 at home and see 3 to 5 years from now ...  Sophos is just too time consuming.

Paul Jr

darnoK said:

Any news about next release? We will have EAP 3 refresh, EAP 4 or GA version? Any date?