Am I the only person who likes this new XG product?

Finally!! I was debating on writing something similar (To the original posters points), but figured I'd get hammered on. I mean, like you said, is it missing a few things? You bet. But at the same time, Sophos is not forcing anyone to migrate to SFOS. If you don't like it then don't use it till it gets a little mature. There definitley needs to be some feature parity with UTM 9 and the new SFOS, but like you said, that will come and I'm confident it will come soon. We have about 50+ UTMs we manage across the area and have even upgraded a handfull to SFOS that didn't have much config on them to where it was easy to just redo some of the rules by hand.

I'm not de-valuing anyones opinion, and everyone has their right to an opinion, but some of the stuff on here is just crazy. I think SFOS is a great product out of the gates and will only get better. Its never easy to change with something you've been used to for yours, I get that, but I'm the type that likes change and new things and I think once the UI gets cleaned up a little (Definitely feel like some of the duplicated areas could go away (i.e being able to configure the wireless in multiple locations makes it confusing, just make 1 spot for wifi) and that might make some of the menus less overwhelming at first look.

Alot of what I'm seeing as frustration is people using this for home use.  I can't share that experience as we only buy the actual appliances in production environments and are fortunate enough to have access to support.  That does seem like a bummer if you have hardware you've used or just got that isn't x64 and can't load it.

Anyway, just my 2 cents. I'm excited for the future of SFOS and hopefully this forum will start to turn to a valuable place for other users to bounce information off each other who either don't have access to support or just want to get a few ideas from other users.

Thanks

ChavousCamp said:

Wow - reading the comments here...... sounds like I'm the only one outside of Sophos Corporate who likes this product. And no - I'm not a Sophos employee _OR_ a Sophos plant.

However, some of us came from Astaro side and their way of doing things and falsely assumed that sophos was going to use UTM as the template for future development of their greatest product. Now we have to wait till v3 to even get feature parity with UTM? So we are wasting another year on a product to make it as good as UTM? I am not privy to the way things are done at sophos HQ but their decision to pursue cyberoam as their code base and phase out UTM is not very forward thinking. Login to cyberoam NG demo at http://demo.cyberoam.com and then tell me what is so amazing about SFOS that was not easily accomplished in cyberoam?

ChavousCamp said:

 Are there limitations and weaknesses - YES. It's a VERSION 1 product! (they can call it version 15 all they want.  It's a v1 product)

Is it still a pretty cool damned product? YES. 

Will it improve drastically? Likely, YES.

How do you know it will improve drastically? Are you just regurgitating what sophos is saying or perhaps some deduction from the way things have been done in the past that makes you feel so sure that it will improve drastically?

Its all hoping and praying and waiting. Most of us like sophos products or we wouldn't be here. When some of us say we don't like SFOS, its because it brings nothing new to the table other than the bad gui. If you are using this product as a replacement for ddwrt or other soho products then YES it is great and sophos should be congratulated for offering it for free for HOME USE. But if you want to use it in an enterprise or a business setting, things like

1.No MTA? I have to rely on a mail relay to get mails from my "damn cool product" since it can't even notify me of a failed login on its own?

2. Can't rename interfaces to something humanly readable?

3. Bypassing traffic using regex has been broken since v1 of beta so NO THEY DON'T improve drastically as you are hoping that they "Likely Will".

4. Logging is nowhere near what is expected from a product that this one claims to be. Not to mention that they didn't rotate log files in the version that I tested. Cool Indeed!!!

6. Publishing a server is a dream in the UTM. Try it in SFOS and then comment please...

7. From various threads here, initial login is stuck at 172.16.16.16 and you have to change to accommodate SFOS instead of SFOS seamless integrating in your network. Probably not a problem with preconfigured appliances, but sure is another hindrance in a vm/lab environment.

I can go on and on but this has been written up many times in many threads. NOBODY cares...

So, is SFOS a good product? YES, if it serves your needs. But if you have other basic requirements that some of us do then the answer is pretty clear. This doesn't mean that there is any hate for the product itself. All it means is that it is not ready for the UTM world yet and sophos is setting itself up for failure pushing this product so aggressively.

ChavousCamp said:

Not to be an apologist for them, but from my discussions with their people, it sounds like they had - and continue to have - a very aggressive development timeline - and made it especially clear that in V1, it WOULD NOT have parity with UTM. Combine that with the fact that you do not have to upgrade, and seriously - I see no reason for everyone's extreme frustration.

I never said anything about their aggressive development timeline.  I've been here a long time and I am well aware of their timelines, as well as how fast they address things.  That wasn't what you were asking about, and I replied as such.  Your post above has taken a complete turn from asking a valid question, to potential hardcore re-seller.  Extreme frustrations may ahve been covered - I don't know.  I just comprehended them as such when I read them.

ChavousCamp said:

As for those restrictions, lets actually look at them....You'll be "penalized" by only being able to use 6 of your 8GB of RAM in something they're providing you for FREE, and removing other restrictions that are probably hitting a good number of folks. In addition, that 4-core and 6gb is enough to run a PRETTY GOOD-SIZED firewall. That is the eqiv. of their third level up in their commercial software version. To license that same "free" product for use in business, you'll pay $2300 MSRP for the BASE license, and that does not even include web protection which the free home version includes.

So tell me why this is a raw deal? I realize you had a restriction on IP addresses previously instead of the hardware restriction, but really? I seriously just don't see the problem there.

1.  Being 'free' is irrelevant - has nothing to do with issues that products have.  Am I happy it is?  You betcha, and I have used it since V6.  If you don't know when that was - it was before Y2K.  This shouldn't be used in your original question and analysis of my response.  Will I use it when it's not working correctly or 'broken'?  No way, if that has potential to be harmful to the environment I have it protecting, or even potentially not up to what I need it to be or do, then no I won't use it.  I whole-hardheartedly support Sophos products and preach the UTM products.  I think they are really good and Lord knows, places need this type of stuff.

2.  'Third level up in their commercial software' - that doesn't mean much to me when the UTM product has been under-performing at their rated tiers for some time.  Go to astaro.org boards, and review William's NUMEROUS posts about the inferior hardware performances based off of 'recommended tiers'. 

3.  Where did I in fact say this was a raw deal?  Nowhere did I lambaste the product and talk down about it.  Did I also not point out specifically that I would be updating my firewall eventually to this?  In response to the IP restriction, as I pointed out for it being optional - there is nothing wrong with providing this as optional.  They have the ability to make licensing work in this fashion - it's already proven by the implementation of said product, and already existing in another.  Either option is limiting end users.

ChavousCamp said:

For those folks complaining about the move to 64bit architecture - I can understand that, but seriously - x64 the 'now' and has been for several years. Next time folks buy hardware, they will probably be getting x64 BY DEFAULT whether they try or not... so hey, then, they can upgrade to XG. There is PLENTY of time to do that. 9.x is not going anywhere for a long time, and they've ALSO made it clear that NEW RELEASES will continue for a while.

Personally, I agree with you about 64-bit architecture, but I don't recall anyone complaining about it.  We know UTM 9 isn't going anywhere and it is still going to be supported, even with the option of being updated inside the software to the new product.  It's working - and working well.  IMO, that is better right now for me than the current version of 'bleeding edge' XG.

ChavousCamp said:

As for Sophos "not listening" - they are trying several new things with this new software... sometimes, you have to know when to tell people "duly noted" and forge on. Now they get to refine and improve and listen and see what happens. Give them a chance to.

That ship has already sailed and docked at the port.  A business telling their customer base 'duly noted' has a bad business model.  Law enforcement, fire departments or paramedics wouldn't do that to their customer base would they?  Yes, ultimately, it is the decision of the business, we all know this and they move forward with what they think is best for the company. 

ChavousCamp said:

I've seen people call this release "stillborn" and "not viable." I've seen people hollering about how they've been loyal (free edition) customers for years and will be leaving now. Wow. Come on, guys.

This is nothing new in the industry of I.T., and even gaming platforms.  Frankly, it is comical to watch at times; however, when someone does this, it's for a reason.  They aren't happy or confident in the product they have and want to vent their frustration.  What better way to do that than with bad marketing, word of mouth, and overall (for the paying customers) speaking with their wallets.  Great thing about capitalism.  Please don't mention the whole 'free' thing about this - it's also free to speak your mind to potential future clients and bad-mouth the business model products and future holdings.  Nowhere in my replies to you did I do that.

TL:DR:  In short, if you don't like the answers given, perhaps not ask the hard question?  Your hard sell of this new product is overboard, and frankly, out of perspective as to the original question asked by you.

I like it! Thanks for the Home User Support Sophos! I wish I could use all my 8 cores on my Atom CPU. But I don't need it really. I don't have my remote stuff set up yet but have not been over 25% usage of my CPU. I think its a good way to make sure it's for home use. I like that they let the home users keep all the other features :-) I am am not a IT Pro and am still learning the new GUI. I have had a few issues, but the Sophos Community is very helpful and try to help fix a lot problems users have. I did have to migrate to another endpoint solution because Sophos Home has no support for my home server and I was getting BSOD on all my windows systems with the endpoint. But when XG UTM supports the end points I am going to come back to Sophos for that... in the mean time the XG Firewall / UTM is Rocking at my house !!  ;-)