Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 30 subscribers
  • Views 10694 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recommed Firmware info in Sidebar

Basti

Hey,

one question about the recommed Firmware info in the Forum Sidebar.

Why different versions are recommed on specific Subforums? Is that intentional?

 

community.sophos.com/.../sophos-xg-firewall-general-discussion

 

community.sophos.com/.../



Regards



This thread was automatically locked due to age.
  • 0

    Very good question. V17 MR3 only appears on the general page all other pages have v16. Even stranger, if you click on the v16 link it points you to v17 mr3.

    Ian

  • 0 in reply to rfcat_vk

    Forget this recommendation. It's obviously not maintained by sophos. It's even not matching with that what they propose on Appliances on Firmware Section under "Latest available Firmware".

  • 0 in reply to HuberChristian

    Thanks for your answers. Apparently, each subforum must be maintained individually, which is not done everywhere.

    Maybe Sophos should remove the note in the subforums then.

  • 0

    Hi Basti,

    you should forget this recommendation.

    this is not a valid reason to use 17.0.3: "The release resolved several issues, an exhaustive list is available in the XG release notes. "

     

    a differenciated hones review would be:

    - if you use site-to-site ipsec - never ever upgrade to 17.0.(1...5) we'd screwed strongswarn 

    - if you use Mailprotection in MTA Mode: Many improvements and major issues fixed please upgrade

    - wireless protection: rare condition - maybe we forget to write the ip-tables for captive portal / hotspot, just recreate and forget about your issued vouchers

    - everything else: minor improvements no big stuff should be safe to update

     

    do not trust this semi automated messages.

    my procedure is the following:

    - upgrade my Home XG (play around, i wand to find some major issues by myself)

    - read hot topics in Support Forum

    - upgrade my Office Demo Lab (here you can find an UTM and a XG some Mail Servers, Site-to-Site IPsec, Webserver...)

    - run througt my testplan (send some mails in and out and from xg to utm and back, generate load on VPN, check WAF publishing...)

    - upgrade our productive Office Firewalls

    - again read hot Topics in Support Forum maybe discuss with our Sophos Team

    - upgrade customer Firewalls from small to big

     

    yours Lukas

  • 0 in reply to lna

    Hey Lukas,


    thanks for your detailed report.
    For me the test procedere is not quite so important, because I am currently only using XG at home.
    In the office I have been using a Fortigate solution for quite some time.
    Why? I don't think I need to go into any further detail. In the XG version there are still some important functions missing or not fully developed. Besides, I can't run such extensive tests all the time on the productive office. There's just not enough time for it. At home, that's no problem.

    Regards

  • 0 in reply to Basti

    Hi Basti,

    there are only few arguments against Fortigate - if you where going to take over from a fully featured Fortigate i would recommend to give UTM a try - nearly all Unified / Next Gen Features are faster and deeper in function.

    Fortigate gets its speed from their ASICs where they burned all Layer 3 functionaly in Hardware. because of their well developed asics they leak in cpu speed and therefore for all Features L3+ it is crucial to have done the right Sizing decision when you bought the Hardware. Adding new Features can easily break your sizing.

     

    if you are using Virtual Domains you won't be happy neither with utm nor with xg.

     

    XG has its strenghts in small environments (full featured) or in bigger ones (if you leave Mailprotection on the road) where you want to deploy the synchronized security approach.

     

    If you run Business critical application on your Firewall you'll need to have a testing strategy even with your Fortinet.

     

    If you'll do a Sophos project you'll propably work together with a sophos Partner and he'll be able to recommend an Update depending on used Product and featureset.

     

    Yours Lukas

  • +1

    Hey  

    Thank you for bringing this to my attention, I have forwarded this information to the appropriate team to get this updated.
    My apologies for the confusion caused by this conflict.

    Regards,

    FloSupport | Community Support Engineer

  • 0 in reply to FloSupport

    Hey Lukas,

    since a few yeats I've been successfully running UTM at another location. 
    My testimony shouldn't be against the XG at all! Otherwise I wouldn't use them at home.

    The Fortigate solution is reliable and comes with all needed features. I hope that XG will also develop in this direction. Then I wouldn't be reluctant to switch to the XG everywhere. We'll see what time can do.

    Hey Flo,

    thank you for the answer.


    Regards