Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 30 subscribers
  • Views 62923 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Am I the only person who likes this new XG product?

ChavousCamp

Wow - reading the comments here...... sounds like I'm the only one outside of Sophos Corporate who likes this product.

And no - I'm not a Sophos employee _OR_ a Sophos plant.

In fact, I came to the firewalls grudgingly through their other products.  I am (or was) a Watchguard/pfSense/Cisco/Several Others kind of guy. I started with SGN (encryption) and SMC (the server-based mobile control) and then started looking at the firewalls because of a few integrated features.  I decided to go through the engineer cert training for both UTM and XG.  In fact, I think I went through the XG training the day - or the day after - the training itself was released.

After all that - I don't see why everyone is so down on this product.

Sophos has been exceeding clear on the fact that 1) NO SG is not going away any time soon. 2) if you like your SG or CR product, you can KEEP your SG/CR product and 3) YES there are missing features, expect new ones soon.

Are there limitations and weaknesses - YES. It's a VERSION 1 product! (they can call it version 15 all they want.  It's a v1 product)

Is it still a pretty cool damned product? YES. 

Will it improve drastically? Likely, YES.

Seriously guys - give it a few months.  It is brand new, needs a few tweaks, and change always sucks - but the compelling new features they've put in - heartbeat, cloud management, etc - are, or are going to be, excellent.

As of now, our NFR of the XG230 is happily running down in our server room, humming away, and acting as our primary gateway to the internet.  Working like champ so far. 



This thread was automatically locked due to age.
Parents
  • 0
    In reply to ChavousCamp:
    I am not sure where you have been living, but from your answer not active in the beta version. There have been some fixes, but nothing seriously done about all the issues that were raised during hte beta. This version is still very limited in functionality with some very serious limitations in what should be standard in a new frontline security product.
    No IPv6 native
    unable to name your device
    licence migration from trial to production - needs a complete rebuild with all rules and other objects built from scratch
    not very well thought out clientless policy defaults/mandatory fields

    Your comments about memory are way out of place and show limited understanding of this product. Home users limited to 6gb it is fine by me. X64, not an issue, but APs that worked in beta fail in production that is not good.

    The licencing process has been improved, but still has some big drawbacks, you have to have a special network setup so that the SF-OS can talk to the internet to register and synchronise. The DNS gets screwed up if you use the external setup, but the registration process doesn't work without a DNS on the external interface.

    Billybob has posted many short comings of a product that wants to be taken seriously in the market place. I would recommend this product as it stands for a home user, but not for a business.

    Ian
Reply
  • 0
    In reply to ChavousCamp:
    I am not sure where you have been living, but from your answer not active in the beta version. There have been some fixes, but nothing seriously done about all the issues that were raised during hte beta. This version is still very limited in functionality with some very serious limitations in what should be standard in a new frontline security product.
    No IPv6 native
    unable to name your device
    licence migration from trial to production - needs a complete rebuild with all rules and other objects built from scratch
    not very well thought out clientless policy defaults/mandatory fields

    Your comments about memory are way out of place and show limited understanding of this product. Home users limited to 6gb it is fine by me. X64, not an issue, but APs that worked in beta fail in production that is not good.

    The licencing process has been improved, but still has some big drawbacks, you have to have a special network setup so that the SF-OS can talk to the internet to register and synchronise. The DNS gets screwed up if you use the external setup, but the registration process doesn't work without a DNS on the external interface.

    Billybob has posted many short comings of a product that wants to be taken seriously in the market place. I would recommend this product as it stands for a home user, but not for a business.

    Ian
Children
  • 0 in reply to rfcat_vk
    I bit the bullet and set up an x64 system to try this. (Why can't they document that? The web site says 'intel' not x64.). I had to load up my disk from an x86 system anyway as my microserver would not run the usb stick properly - no keystrokes seen. Then I moved the disk to the x64 microserver.

    Next I waste a bunch of time finding out certain ways of coding rules keep me off the internet. And some more time to see native ipv6 for a few minutes before it broke.

    every thing I do is 'pot luck'. it takes the changes, then I have to wait around for some minutes to see if it will do what I asked. I click on something in yellow to find out what it is trying to tell me and get a change to the display that is not informative at all. to me it is Beta quality. And without the heartbeat for home users, I have yet to figure out a motivation to switch everything over to it.

    I am very pleased to have a UTM 9 for free and to see the constant stream of pattern updates and regular code fixes. I have figured out its quirks (very few) and have improved my patterns and exceptions over time. Starting over on this new thing has been painful at best. Yet I see that people on my favorite forums have turned it up as production for their home network. I have to assume their needs are different from mine.

    So we all get to pick and choose and if the developers are deaf and mute I guess I will just go away and see what has happened six months from now, maybe it will improve.