Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 27 replies
  • Subscribers 34 subscribers
  • Views 7910 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Where is V17.5.8 MR8 ???

Big_Buck

Seriously.  It has been waaaaaaay too long already ...

Paul Jr



This thread was automatically locked due to age.
  • 0 in reply to StefanS

    So basically we are not talking about a Product / Maintaince Issue here, instead about a Support issue?

    I mean, the support people here like  could review your Cases, maybe there is something going on. 

     

    Do not worry, i just share my experience with my peers. There can be difficulties, if you migrate from no matter what vendor. I guess, there are also difficulties, if you migrate to other vendors. Like you said, we are talking about a perimeter firewall with features on it. So basically, if X of Y features works fine, one feature does not for what ever reason, the whole product is not good. And that is simply not true at all. 

     

  • 0 in reply to LuCar Toni

    Hello Lucar.

    I note the week end have been busy :) :) :)

    Thanks for you answer.  There are point in there that were already answered in other posts.  

    But there are few things I'm curious.

    The re-imaging process.  Why an OEM disk would have a proprietary partitioning, accessible most probably within an UEFI boot loader, but invisible with regular disk tools - which is a kind of basic security -, but the re-imaging ISO would generate regular partitions ?  Is it really because of German law ?  I will try that, but not on an appliance I have sentimental value for.

    Sophos Central.  Last time I attempted to do anything there, one hour later Sophos Central could not register appliances anymore, and would be dysfunctional for few days ... Maybe I should apologize to the community fro breaking it.

    NAT.  Where comes the Idea that each an every firewall rule should have its own NAT.  Ultra complicated to manage and debug.

    Forgot to mention IPv4/IPv6.  Having two sets of firewall rules is another incredibly cumbersome hassle.

    Communications at Sophos needs serious pimp-up.

    By the way : Where is V17.5.8 MR8 ???

    Paul Jr Robitaille

  • 0

    I'll comment by adding the same thing I did on other posts:

     

    I've been using Sophos (SG and XG) for 6 years now (this year is the last as my last Sophos will be replaced by a Cisco, yes!), and I lost several points of life because of it:

    • SOPHOS SG and XG isn't suitable for Enterprise networks, even tho it scales well you should never use that solution if you plan the use it more than proxy your clients and manage your WAPs!
    • It sucks at everything else (NAT, WAF etc.) they even managed to ruin SNORT somehow!
    • Don't even get me start with the support, it is hilarious at first, then you'll just lose your mind since the "default" fix for everything if you listen to them is always to factory reset the appliance.
    • Logs are using a shitty format, I had to spend months creating special parser on my logger, and Sophos IVIEW is the most useless logger ever created! I mean KIWI does a better job, come on!
    • Interfaces conf doesn't support JumboFrames on XG, it did on SG (same appliance, they just forgot to carry it over)
    • And so on, and so on.

     

    The solutions I've implemented:

    • Replaced some Sophos by Cisco FirePower (OH?! it works without frustration!!!! Weird..)
    • Retrofit the old Sophos SG appliances into PFSense with Licenced Snort (OH?! it works perfectly AND I can tune it as I want !!! Weird....)
    • Use the remaining XG for Proxy and basic firewall (OH... it even managed to fail at that by for instance randomly dropping websocket traffic...) BTW, answer from the support on websocket: "Indeed, there may be some issues using websocket in certain situations, we're working on it" :( 

     

    So, Sophos SG/XG is easy to use, user friendly, scales well and can be managed by non-tech savvy people for most of it. BUT it should be used only if you stay at the level of "home usage" kind of setup . Anything as fancy as NAT ;)   and you're good for some frustration (using some trick it will eventually work, ish).

    I'm sure it could be a great product with some more common sense from the developers, but I'm starting to believe those Devs never asked a network admin or a cyber admin their inputs on how those type of appliance should work.

    I can picture those people easily: "I don't need to ask Network admins, I manage my AT&T modem/router at home myself so I know exactly what I'm doing!"

     

    To sum-up, not so happy with that!

     

  • 0 in reply to aimnkill

    Hello Christophe,

    • Replaced some Sophos by Cisco FirePower (OH?! it works without frustration!!!! Weird..)

    Really ? I think it wasn't really the best decision. Resp. FirePower by SourceFire is and was the best NGIPS at the market but Cisco FirePower which is the SourceFire NGIPS + Cisco ASA "conglomerate" is perhaps the worst thing in the enterprise firewall market. This solution is absolutely the worst conglomerate on the market, trust me ... I have more than three years experience with it.

    But maybe give XG v18 a chance. As I had the opportunity to see and play with new features in v18, we will see. Might you like to come back ...

    alda

  • 0 in reply to alda

    But maybe give XG v18 a chance. As I had the opportunity to see and play with new features in v18, we will see. Might you like to come back ...

     

    Is there an official EAP date for v18? Because the EAP should have started in July already.

  • 0 in reply to TheBalmasque

    EAP or not, no one in his right mind will put v18 in production until late 2020.  The unicorn will be beta for months.  And even then, there will be tons of bugs to iron out.

    So don't count on it.

    Meanwhile we need v17.5.8,  v17.5.9,  v17.5.10,  v17.5.11,  v17.5.12,  et.c.  Q U I C K.

    Paul Jr 

  • 0 in reply to Big_Buck

    Yeah that's right. The v17.5.8 is very necessary because in 17.5 there are still many issues to fix.

    But i want to use the v18 beta for home purpose.

  • 0

    I've not yet seen anyone suggest that maybe the brexit possibility is making Sophos drag their feet slowly on multiple things

    Brexit might be having a chilling effect on investment in the UK as it tries to leave the EU

    This might be dragging at them slowly and causing them to be careful with hiring the right developers or paying them right. I'd be interested to see the investor meetings if they discuss this. In good news:

    Trump of usa might establish a trade relationship with UK which might help Sophos sell more in the usa where I am. USA is a big market with a lot of IT shops and MSP's-

  • +1

    Hello all,

    just has been released.

    Regards

    alda