Seriously. It has been waaaaaaay too long already ...
Paul Jr
This thread was automatically locked due to age.
You must be aware there's sand in those XG gearings ?
I am, like many others, kind of exausted by workarounds. That, by the way, gets reset after each "Factory Reset".
There's hundreds of bugs and non-senses to fix. And Sophos development shows all signs of being stalled like molasse @ zero Kelvin. DHCP problem is close to 6 months old. That's plenty of time to write such a DHCP module from scratch.
What is going on ??? They lost their main engineers and they can't find and hire qualified programmers ???
Paul Jr
LuCar Toni,
Do not you read the criticisms of the firmware updates, are you already so far away from the customer?
A similar question has also asked me a Sophos supporter.
And the other thing I notice that you are running the sophos firmware version SFOS 17.5.3 MR-3, which is old and have the same kind of issues you are facing. I recommend you to upgrade it to newer version 17.5.7_MR-7, which resolve lot of these issues.
Our answer:
A few words to your remark about MR3.
Did you ever bother and read the damning reviews on MR7, but also MR4-6 ??
Between claiming to be a perimeter firewall and the reality is currently a big gap.
We are still at MR3 and can not believe it how bad the quality of the firmware update has become.
Similar to Windows 10, you now have to be afraid with every update / upgrade that the system works without a problem afterwards.
We came from Astaro v3 on Netscreen / Palo Alto to XG and have to realize that the XG is currently not really suitable for enterprise use.
Between April and July there were alone 4 firmware upgrades and every upgrade has additional bugs !!
And that although Sophos has the claim, to have an Enterprise Firewall with the XG. There is still a long way to go.
We would be ready to switch to mr7, if you guarantee, that we will not have additional bugs like DHCP or SSL-Vpn.
If you can not guarantee that it will get better and not worse, we wait for MR8 in the hope that SOPHOS will be able to roll out a firmware that does not contain any new bugs !!
Currently, the product and unfortunately the support is a mean disaster.
We have a ticket open at L3 for 6 months, with no prospects of success. Recently opened a ticket that is already at L2 and probably will go to L3 and probably no solution is found.
One thing is certain, that in the current situation, after three years of subscription we will look for another firewall manufacturer.
Don't be too rude with LuCar Toni ...
Since lferrara left this forum, for legitimate reasons, LuCar Toni is pretty much the only deep knowledgeable guy left that helps all day long ...
He is tag "Sophos Staff", but is he really ? Or part time for the forum purposes ....
Paul Jr
Paul,
This is not a personal attack on LuCar Toni and thank him for the good qulified help here in the forum.
But if you're a Sophos staff member and that's who he is, you know the situation (i hope so) and should think about it a bit more.
As i said, i'm glad that there are forum moderators like LuCar Toni,
however, we are already a bit frustrated with such a semi-finished product as the XG and a totally overloaded support.
We have 200 employees who can work very limited because of these many problems depending on the situation and a solution to this problem is not really in sight.
If we followed the recommendation of Sophos Support to switch to MR7, there would probably be one problem less but 5 new ones.
That's why we also hope for a MR8 that fixes all known problems and does not cause any new ones.
StefanS
Hi all
I also have the impression that subsequent MR patches fix one functionality and spoil others. In my opinion, the most stable soft was v16.5 MR5. Later problems with various functions started.
Some of my clients say that they are looking for something else, such as Fortinet. Unfortunately, the lack of information about the planned release date of v18 means that customers will not wait for an undefined future, but will take a different product.
I have the impression that SOPHOS is constantly learning how to make a good product. Maybe version 18 will bring more, because in production environments I would rather not recommend the SOPHOS installation.
So many words from me. I do not write to smash someone, but out of concern, because there were times when I was delighted with this product.
greetings
Darnok
Dear All
First of all I don't want hurt anybody's feeling . We have been using Sophos XG 17.6 MR7 with more than 200 Endpoints with EDR and very satisfied with the product stack . There are
some shortcoming and short fall but in terms of number of product feature versus price point it is one of the best product around. It will be better
if all forum members make push to share there Future plan and list out our problem or feature request and collectively push them as community to fix them on priority .
Best Regards,
Vishvas
Hi VishvasChitale,
I am not sure you have read many of the various forum threads.
When asking for a summary are you asking for :-
1/. missing features compared to the UTM
2/. features that don't work correctly
3/. bugs?
This could grow to be a very long thread.
Ian
Hi Guys,
maybe its because of my deep knowledge with all Sophos Products but i do not have any problems in XG right now, which i cannot resolve in short time.
I guess it is because i work with XG / SG the whole day in my business hours.
Most likely i respond here in the forum in my free time.
But lets wrap up those points.
I am still not sure, where the RCA for this issue is. Maybe because i could not have a look into the logs.
All my customers uses XG Alerts and Backups via the XG inbound service.
But maybe you should try out XG Central Management? There is another Backup Service, which should work for you. The Backups are stored on Central. (5 Temporary backups, one permanent).
This is one story, there are couple of work in progress about NAT Rules in the next release.
But which NAT rules does not work for you? I did not hear any issues about NAT rules stop working after a certain Update?
That is a real bumper, that there is a issue, but the workaround is quite simple.
As you know, you can revert the DHCP generation mode.
Interesting enough, i did not heared about this issue at all in business cases.
Only my personal appliance (XG135) and you guys in the Community bring this issue up to my attention.
Strange.
You should simply take a USB Stick and reimage the Appliance.
In the reimage process, all partition will be formatted.
https://community.sophos.com/kb/en-us/126906
I rarely use the factory default process, instead i have to reimage the appliance (German Law).
Like the DHCP Issue. But here is a actually RCA already done and the issue is found in the XG.
https://community.sophos.com/kb/en-us/134173
I do not argue with you guys about certain points. DHCP and Reporting looks kinda bad.
But i am talking about my personal experience with Partners and Customers.
Another point:
Did you ever bother and read the damning reviews on MR7, but also MR4-6 ??
Between claiming to be a perimeter firewall and the reality is currently a big gap.
I read those reviews and comments in the Release notes, but i personally do not comment on them.
If there are problems, those people should open a "normal" thread or (better way) open a Support Case.
Under the Release notes should not be the right place to discuss all issues. Maybe those issues are "personal?".
For example:
Under MR7 are two people talking about SSL VPN broken after Update.
I did not hear anybody in the community or my peers talking about such an issue. All my SSL VPN Clients working fine.
There are couple of DHCP Gateway issues.
I already talked about this above.
LuCar Toni,
Thanks again for your commitment here in the forum, we appreciate that already.
But apparently we both have totally different experiences in things XG.
## maybe its because of my deep knowledge with all Sophos Products but i do not have any problems in XG right now, which i cannot resolve in short time. ##
Our problem is that we are slowly losing confidence in this XG product.
I do not know how many times I've been looking for bugs with the L3 support, without success.
If even the L3 Supporter does not know what to do anymore? We are shocked by the helplessness of Support who really wants to help but ultimately can not.
The idea behind the product XG is good, but there are too many massive bugs that even the support no longer understands.
I know these are maybe tough words.
Mind you, we are talking about a perimeter firewall here and not about XBox, Nintendo etc.
Again, please do not take it personally, but over the years we have been used to other support and quality of the product.
We think back to Netscreen / Palo Alto with sadness......