Hi folks,
I have put together a list of items I see as still needing to fixed in v17.0.x. This list is only items that I have experienced issues with.
I have done this because I don't have access to the full list of bugs and the priorities assigned to each. As well i don't think a number of people (any) have an idea of what is wrong with XG. There bugs for items I am aware of but have no details on eg VPNs, fail to restart a VPN connection (though I think I have a similar issue with IPv6).
Consolidated list of bugs in XG v17.0.x that I am aware of or experience
XG
1/. if an external link fails the GUI is not accessible or becomes very slow
2/. I suspect but cannot prove the XG cannot handle round robin answers from destinations. I see a lot of dropped connections (invalid) to valid sites eg email servers with two addresses.
Reporting
1/. reports all show generated time in GMT
2/. reports do not adjust to changes in local time eg daylight savings
3/. inconsistent units
4/. incorrect information
5/. IP4 = IPv6 = total link traffic, should be IP4 + IPv6 = total link traffic
6/. unable to export raw data
IPv6
1/. no country blocking
2/. able to select IP4 objects in IPv6 rules
3/. match known users does not work, rule fails
4/. if the external link (WAN) fails the IPv6 fails to connect until the interface is edited (no change) and saved.
5/. no log of IPv6 connectivity or setup of external interface
6/. no ftp scanning
7/. having to create a different name for a device that has an IP4 static address make the reports very messy
8/. treating IP4 and IPv6 as two seperate firewalls makes user access management difficult.
9/. requiring a NAT for external access does not make sense, should be selectable.
10/. creating a static IPv6 address is difficult because the DUID is not alway copyable.
ATP
1/. does not report or maybe recognise proxy bypass application eg ultrasurf ( I had to rely on a UTM to block access and report on it).
2/. turning on block proxy bypass rule stops all connections that use zip files even those that are scanned by HTTP
3/. reporting on objections apicaions but not blocking them
Wireless
1/. 5ghz band report does not show IP address of connecting devices
2/. 5ghz band idle connection speed is too low eg 6 or 24 mb/s
3/. APs (AP55 and AP55c) do not request a IPv6 address, which means on an XG only using IPv6, the wifi will not work.
Authenticaion.
1/. requiring an email address for a statically assigned IP address for a device does not make sense eg file server, small office printer, AP etc.
Rules
1/. having to create network object in the rule so that can be used even though the object has already been defined with a static IP address
2/. not being able to select a VLAN id.
3/. Rule based QOS should be external link based QOS so that the appropriate rules are applied to different speed links eg main link is 50/20 and the backup is 25/4.
3/. Country blocking not consistent eg blocks my own countries government sites, US government NTP sites shows them as being in China.
Web
1/. reporting on objectionable websites but allowing them to connect.
IPS
1/. fine tuning by identifying the rule to be disabled is very difficult because the IPS rules numbers are not displayed in the reports.
2/. clicking on IPS blocked (UDP flood) does not show any details.
Ian
This thread was automatically locked due to age.