I'll comment by adding the same thing I did on other posts:
I've been using Sophos (SG and XG) for 6 years now (this year is the last as my last Sophos will be replaced by a Cisco, yes!), and I lost several points of life because of it:
SOPHOS SG and XG isn't suitable for Enterprise networks, even tho it scales well you should never use that solution if you plan the use it more than proxy your clients and manage your WAPs!
It sucks at everything else (NAT, WAF etc.) they even managed to ruin SNORT somehow!
Don't even get me start with the support, it is hilarious at first, then you'll just lose your mind since the "default" fix for everything if you listen to them is always to factory reset the appliance.
Logs are using a shitty format, I had to spend months creating special parser on my logger, and Sophos IVIEW is the most useless logger ever created! I mean KIWI does a better job, come on!
Interfaces conf doesn't support JumboFrames on XG, it did on SG (same appliance, they just forgot to carry it over)
And so on, and so on.
The solutions I've implemented:
Replaced some Sophos by Cisco FirePower (OH?! it works without frustration!!!! Weird..)
Retrofit the old Sophos SG appliances into PFSense with Licenced Snort (OH?! it works perfectly AND I can tune it as I want !!! Weird....)
Use the remaining XG for Proxy and basic firewall (OH... it even managed to fail at that by for instance randomly dropping websocket traffic...) BTW, answer from the support on websocket: "Indeed, there may be some issues using websocket in certain situations, we're working on it" :(
So, Sophos SG/XG is easy to use, user friendly, scales well and can be managed by non-tech savvy people for most of it. BUT it should be used only if you stay at the level of "home usage" kind of setup . Anything as fancy as NAT ;) and you're good for some frustration (using some trick it will eventually work, ish).
I'm sure it could be a great product with some more common sense from the developers, but I'm starting to believe those Devs never asked a network admin or a cyber admin their inputs on how those type of appliance should work.
I can picture those people easily: "I don't need to ask Network admins, I manage my AT&T modem/router at home myself so I know exactly what I'm doing!"
Replaced some Sophos by Cisco FirePower (OH?! it works without frustration!!!! Weird..)
Really ? I think it wasn't really the best decision. Resp. FirePower by SourceFire is and was the best NGIPS at the market but Cisco FirePower which is the SourceFire NGIPS + Cisco ASA "conglomerate" is perhaps the worst thing in the enterprise firewall market. This solution is absolutely the worst conglomerate on the market, trust me ... I have more than three years experience with it.
But maybe give XG v18 a chance. As I had the opportunity to see and play with new features in v18, we will see. Might you like to come back ...
EAP or not, no one in his right mind will put v18 in production until late 2020. The unicorn will be beta for months. And even then, there will be tons of bugs to iron out.
So don't count on it.
Meanwhile we need v17.5.8, v17.5.9, v17.5.10, v17.5.11, v17.5.12, et.c. Q U I C K.
EAP or not, no one in his right mind will put v18 in production until late 2020. The unicorn will be beta for months. And even then, there will be tons of bugs to iron out.
So don't count on it.
Meanwhile we need v17.5.8, v17.5.9, v17.5.10, v17.5.11, v17.5.12, et.c. Q U I C K.
