Hi,
this request for an update on progress is for those of us that do not have access top partners/resllers.
Would some-one in the know who is allowed to provide progress on v18 please add to this thread.
I am not after guesses or conjecture, but real timelines (give or take a month).
Ian
Big_Buck said:This slide do no tell everything. But I do not think it was intended to do so. It's a sale's pitch.
[...]
Missing:
[...]
Some comments.
- Actionable log-viewer. We will see. To my opinion, log Viewer had to be re-written from a to z to my opinion. Far from the gold standard Checkpoint is.
You sound like someone who should look for a new product. I can't even begin to wrap my head around how someone wants to seriously compare Checkpoint firewalls to Sophos firewalls. You're not going to get even close to what folks like Checkpoint or Palo Alto do with their stuff. Always remember, you get what you pay for.
Sophos is a cheap option and their product will never be able to compete with the big shots.
That being said, Checkpoint is hardly the gold standard anymore. Yes, they have a nice GUI and a good firewall management infrastructure, but boy is their code outdated. Palo Alto eat Checkpoint for breakfast.
Anyways, spare yourself the frustration and move on to something that can satisfy you. Sophos won't be it, unless you're a small to medium sized business.
Palo Alto is not in the UTM as far as I know. They also have difficulties to be above average when in comes to Anti-Virus testers. They have never scored at the top like Kasperksy, FSecure, Symantec, and Trend Micro consistently do months after months.
By the way, this month on AV-Test.org, under protection, Sophos scores 5, while Microsoft Defender scores 6. Draw your conclusions.
Paul Jr
Big_Buck said:Palo Alto is not in the UTM as far as I know. They also have difficulties to be above average when in comes to Anti-Virus testers. They have never scored at the top like Kasperksy, FSecure, Symantec, and Trend Micro consistently do months after months.
By the way, this month on AV-Test.org, under protection, Sophos scores 5, while Microsoft Defender scores 6. Draw your conclusions.
Paul Jr
You are comparing apples (antivirus) to oranges (firewalls). Palo Alto is the mother of all UTMs. Their founders founded Netscreen, which was the first UTM firewall on the market. When Netscreen was bought by Juniper, they left. Some of them founded Fortinet, the others founded Palo Alto.
From a technological point of view, Palo Alto have by far the most sophisticated "Layer 7" firewall on the market. Palo Alto came up with the term "Next Generation Firewalls" and they were the first to actually do full blown layer 7 firewalling as opposed to stateful packet inspection. And they do FAR more than just simple AV scanning like Sophos.
It is like people forgetting this is an SMB product and so long as your not trying to re-invent the wheel with it then it works nicely. Personally i find it so much nicer to work with than the old SG series. if you want Palo Alto levels of product....buy a Palo Alto. The XG isnt perfect by any means but its alot better than some other products and the fact ou can get one out of the box, online and basically working in less than 10 mins isnt bad. It would be nice if Sophos engaged a bit more with its community for the v18 firmware so they can get some real world feedback from here, simlar to the MS insiders system so they can fix some of the things that get missed with internal testing. AV side its not all about who tests the best, its about the whole product, thats why Gartner have given MS ATP the top spot above Sophos and Checkpoint, but Sophos is still well in the top quadrant and has been very good with its test results for years, Bitdefender always scores high on the test result but Gravityzone is Woefull to use in real life
JimtheITguy said:It is like people forgetting this is an SMB product and so long as your not trying to re-invent the wheel with it then it works nicely. Personally i find it so much nicer to work with than the old SG series. if you want Palo Alto levels of product....buy a Palo Alto.
In all fairness, it wasn't me who kept trying to compare Sophos firewalls to the big shots like Checkpoint and PA. In fact, I told the guy the same thing you just told me: If you want Checkpoint, buy Checkpoint. Don't expect Sophos to be Checkpoint.
I love the XG, despite all its shortcomings and issues. I use it in my home office and I like it a lot. I would never ever put it in a datacenter or at the perimeter of an enterprise network though. That's just not their game.
I know it wasnt you :-D, I really like the product and with heartbeat auth now working well it makes a brilliant product for SMB's who need some control and security. Having jumped on board at v16 i have been through alot of the "OMGWTFBBQ" moments with firmware after firmware but actually other that a few moments with 17.5 its been pretty solid.I always poke fun at sophos about the XG at any expo they are at and the poor guys on the stands know where we are coming from but i do see the vision they want to build and that i am onboard for. Just switched my pfsense at home back over to an XG after a small break to test some stuff and alot of my customers run XG's now also with very few problems, also cant imagine PA or CP effectively giving away the product for home use like Sophos does.
Well. I am still running few Checkpoint appliances 600's, 1290's, 3000's and virtual. Gaia, Embeded Gaia, Splat. And I have been using these firewalls almost since Checkpoint was founded. One would have a hard time showing me something Checkpoint can or cannot do that I am not aware of already.
When I write Checkpoints logs are second to none in the industry, I really mean it.
Not long ago, Palo Alto integrated passwords in their services code ... Fortinet too. So go ahead and forge your own opinion, but Checkpoint have never been stupid enough to do something like that ... When I checked 2 1/2 years ago, the "firewall" portion of the product was good. It's all others modules that come with a modern UTM that sucked. Particularly Palo Alto's end-point. Usability is their strong point. But they consistently score below major players when the are surveyed and compared on the net.
Paul Jr
Big_Buck said:When I write Checkpoints logs are second to none in the industry, I really mean it.
That must be the reason why basically any larger enterprise is purchasing tools like Tufin or Algosec then? Or even purchase SIEMs? Unless you activate their database driven SmartLog feature, the logging is a slow monster that takes forever to load. Ever worked in a large Provider-1 environment?
I don't want to discredit Checkpoint, to the contrary. They have a very solid product, arguably one of the best on the market, and they are the market leader for a reason. But they lost an awful lot of customers to Palo Alto (and to Fortinet, to a lesser extent). And if you work in large enterprise networks with hundreds of firewalls like I do, you know why. Checkpoint are only cooking with water like anybody else.
Not long ago, Palo Alto integrated passwords in their services code ... Fortinet too.
What does that even mean? Care to elaborate?
When I checked 2 1/2 years ago, the "firewall" portion of the product was good. It's all others modules that come with a modern UTM that sucked. Particularly Palo Alto's end-point. Usability is their strong point. But they consistently score below major players when the are surveyed and compared on the net.
You "checked" their product 2,5 years ago, which indicates you never really worked with them. Also, you keep bringing up endpoint security. We're discussing firewalls here though. And that's where Palo Alto really shine. They consistently lead and win the major firewall test fields like those provided by NSSlabs. They have consistently been the leader in Gartner's magic quadrant for Next Gen firewalls for many years now. Their UTM features are top notch. For example, their URL filter is so good, that many companies abandoned their dedicated Blue Coat proxies and replaced them with Palo Alto firewalls just for the URL filter. Their IPS system scores amongst the best on the market (evidence provided by NSSlabs). Ever tried enabling IPS on Checkpoint and load up anything else than their default rule base? Have fun watching your 10 gbit Checkpoint firewall drop to 500 mbit throughput. The same can be said about Palo Altos on-firewall antivirus detection rates and their sandboxing feature. All of them do anything but suck.
Does that make Checkpoint bad firewalls? No. Absolutely not. But saying that Palo Alto firewalls suck is a massive show of cluelessnes. No offense.
