Thread Info
  • State Verified Answer
  • +9 person also asked this people also asked this
  • Locked Locked
  • Replies 132 replies
  • Answers 1 answer
  • Subscribers 60 subscribers
  • Views 77582 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Where is V18 at?

rfcat_vk

Hi,

this request for an update on progress is for those of us that do not have access top partners/resllers.

Would some-one in the know who is allowed to provide progress on v18 please add to this thread.

I am not after guesses or conjecture, but real timelines (give or take a month).

Ian



This thread was automatically locked due to age.
Parents
  • 0
    The following post is personal opinion and not company position.

    Sophos is in a "damned if you do, damned if you don't" situation.
    If they announce an expected EAP date, and they miss that date, the community gets upset.
    If they don't announce an expected EAP date, the community gets upset.
    Therefore, in my opinion (not officially company position) Sophos tries not to announce a date unless it is firm.
     
    The community then looks at (deliberately) vague statements from months ago about possible dates and then gets upset they are not being met.  Which is a disincentive for Sophos to announce updated dates.
    I *know* people want information.  But pulling up slides and photos from the past and then saying that Sophos missed a date makes Sophos more secretive, rather than more open.  IMO.
     
    There is also a...  conflict inherent in any release by any company.  Any company doing a release wants to ship it as early as possible, right?  So they want to date to be really early.  But early dates leave no room for contingency and therefore are more likely to slip.  So you could announce a later date, which is less likely to slip. But now you might end up releasing later than you could.  This is a problem inherent in any estimation.  When the stakes are high, the impact of making the wrong estimate are higher.  So in this case, Sophos decides to not play the game and not announce an estimate.  Again this is only my opinion.
     
    The solution is that if the community really want to know dates then the community can never be upset if the dates change.  But that would require a culture change in both the community and within Sophos.
     
    Until then, for v18 EAP and any other Sophos release, you probably won't know the dates until it is just about to happen.
     
    Apple announces a new iPhone and its features the day before they start selling it in the store.
  • in reply to Michael Dunn
    This reply was deleted.
  • 0 in reply to Big_Buck

    Big_Buck said:

    Sophos do not meet the pace at which the industry goes. 

    That, again, is such an over-simplified assumption that holds no grounds. Most businesses, at least medium-sized to large enterprises, operate extremely slowly and conservative when it comes to applying new versions and features. Just take a look at how many enterprises are still running Windows 7. Hardware is being replaced at an extremely slow pace, because, you know, never change a running system. Upgrades to software are planned months and sometimes years ahead, because of the sheer amount of dependencies. A smooth running business is usually way more important than using the latest bells and whistles, and downtimes are often unacceptable. 

    It may very well be the case that Sophos is too slow for your own personal liking, but please don't make assumptions on the general behalf. Most serious business don't care how fast Sophos innovates or releases new versions, unless they are suffering from a serious bug that needs fixing. No bugs = no upgrades, until they absolutely must. That is basically a general rule of thumb. 

  • 0 in reply to cryptochrome

    But we IT admins aren't asking for the more advanced stuff. Sophos is YEARS, like 10-20 years behind on a ton of standard stuff that should be in ANY basic firewall/router. DHCP and DNS are so abysmal, most IPS and reporting is useless because you cannot see hostnames at all. In summary the feature parity between SG and XG is embarrassing and to say it is business ready and ready to replace SG is false, they should be working double, triple time in order to bring XG to be what they say it really is. Bring up the standard stuff to parity BEFORE this nextgen stuff.

  • 0 in reply to apalm123

    apalm123 said:

    But we IT admins aren't asking for the more advanced stuff. Sophos is YEARS, like 10-20 years behind on a ton of standard stuff that should be in ANY basic firewall/router.

    Like what? 20 years ago we barely had stateful packet inspection and dealt with proxy based "firewalls". XG packs a plethora of modern features like application filtering and sandboxing. Are these features very refined or can they compete with the big shots like Checkpoint? Most certainly not. But you get what you pay for. 

    DHCP and DNS are so abysmal,

    As a security engineer I would argue that DHCP and DNS servers don't belong on a firewall. If you take your security seriously, you have dedicated servers/services for that. Firewalls aren't meant to be jack of all trades devices. So personally, I could care less whether Sophos puts these services on there or not. Actually, I would even prefer they kept them off entirely. 

    most IPS and reporting is useless because you cannot see hostnames at all. In summary the feature parity between SG and XG is embarrassing and to say it is business ready and ready to replace SG is false, they should be working double, triple time in order to bring XG to be what they say it really is. Bring up the standard stuff to parity BEFORE this nextgen stuff.

    I can't argue with that. Agreed. 

    Either way, it is what it is. I think we should give Sophos the time they need. I prefer stable and bug free over rushed releases. Don't forget that they are in the unusual situation of having to maintain two entirely different code bases at once (XG + SG). There are only so many resources they can throw at things under these circumstances.

     
  • 0 in reply to cryptochrome

    Well Jumbo frames were becoming a thing in 1998 according to an article I saw. That's what I was referring to 20 years old.

     

    I want, and should be able, to provide DHCP and DNS from a UTM if I want to. Any router, even free ones from my ISPs have been providing DHCP and DNS hostname resolution in table format. Some background, I am a small business guy, helping other very small businesses to have IT security similar to that available of bigger companies. I started IT during the very beginning of the new cloud-era, with a good solid 4 years of work during the still "on-prem" era in-between. Ever since about 2015, every company I work for (minus a few bigger contracts) have literally ZERO servers onsite. I expect this to be the future for a larger number of small companies. Sure, there's always enterprises that are going to keep servers onsite. I can see why anyone with years of experience like yourself in the on-prem era still would push customers to use a server onsite to provide DHCP and DNS. But that's just not modern for many small businesses and the expectation in the industry is that a router/UTM can provide reasonable DHCP and DNS for business.

Reply
  • 0 in reply to cryptochrome

    Well Jumbo frames were becoming a thing in 1998 according to an article I saw. That's what I was referring to 20 years old.

     

    I want, and should be able, to provide DHCP and DNS from a UTM if I want to. Any router, even free ones from my ISPs have been providing DHCP and DNS hostname resolution in table format. Some background, I am a small business guy, helping other very small businesses to have IT security similar to that available of bigger companies. I started IT during the very beginning of the new cloud-era, with a good solid 4 years of work during the still "on-prem" era in-between. Ever since about 2015, every company I work for (minus a few bigger contracts) have literally ZERO servers onsite. I expect this to be the future for a larger number of small companies. Sure, there's always enterprises that are going to keep servers onsite. I can see why anyone with years of experience like yourself in the on-prem era still would push customers to use a server onsite to provide DHCP and DNS. But that's just not modern for many small businesses and the expectation in the industry is that a router/UTM can provide reasonable DHCP and DNS for business.

Children
  • 0 in reply to apalm123

    apalm123 said:

     

    Sure, there's always enterprises that are going to keep servers onsite. I can see why anyone with years of experience like yourself in the on-prem era still would push customers to use a server onsite to provide DHCP and DNS. But that's just not modern for many small businesses and the expectation in the industry is that a router/UTM can provide reasonable DHCP and DNS for business.

    Just to be clear, I am not pushing anyone to do anything :)   And using dedicated DNS servers doesn't necessarily mean they have to be on-prem (with DHCP I would argue they have to be, naturally). There are very viable cloud based DNS solutions available (even for small businesses at a very low cost, by the way). The reason I am saying that DNS and DHCP services shouldn't be running on a firewall is purely a measure of security. Sure, it's convenient to have all that on a firewall, especially for small businesses. But that's a convenience that has a risk attached to it. 

    Either way, I realize that small businesses need those features, so I am not saying Sophos shouldn't implement them. I guess we all just have to wait a little longer (or use UTM9 for the time being). 

  • 0 in reply to cryptochrome

    cryptochrome said:

     

     
    apalm123

     

    Sure, there's always enterprises that are going to keep servers onsite. I can see why anyone with years of experience like yourself in the on-prem era still would push customers to use a server onsite to provide DHCP and DNS. But that's just not modern for many small businesses and the expectation in the industry is that a router/UTM can provide reasonable DHCP and DNS for business.

     

     

     

    Just to be clear, I am not pushing anyone to do anything :)   And using dedicated DNS servers doesn't necessarily mean they have to be on-prem (with DHCP I would argue they have to be, naturally). There are very viable cloud based DNS solutions available (even for small businesses at a very low cost, by the way). The reason I am saying that DNS and DHCP services shouldn't be running on a firewall is purely a measure of security. Sure, it's convenient to have all that on a firewall, especially for small businesses. But that's a convenience that has a risk attached to it. 

    Either way, I realize that small businesses need those features, so I am not saying Sophos shouldn't implement them. I guess we all just have to wait a little longer (or use UTM9 for the time being). 

     

     

    Sorry by "push", just a common lingo that I know when you want customers to use a specific recommended setup. Like I "push" customers toward using Sophos even though there's options because I like their selling points