Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 21 replies
  • Answers 1 answer
  • Subscribers 32 subscribers
  • Views 7667 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

v18 EAP2. Anyone have a clue when ? Because I have quit testing EAP1 ...

Big_Buck

Ok

I concluded it was useless for me to continue testing EAP1.  First because I am on the impression things are simply not working.  We are testing something "in the pipe" which, to my judgement, means before EAP.

And there's the thing that many - including me - had half of their posts deleted by moderators with no appropriate judgment.  It has become counter-productive.  What's the point of testing hours just to have our comments deleted in the end ?

Paul Jr



This thread was automatically locked due to age.
Parents
  • 0

    To clarify things up.  As far as I am concerned, it was not a complete waste of time. 

    1. The free introduction course for v18 was VERY appreciated. 
    2. Playing with TLS/SSL inspection gave me a hint to what will will get around December 2020.  Because obviously, it is not gonna be before that, since it took 6 months this year to solve things like DHCP and all.  Things to fix in v18 are far more elaborate and will certainly take more than a year to fix. 
    3. NAT improvements are more than welcome, I wish I could continue to play with it, but the rest of v18 is just unworkable for now, even for home use.  Things freezes way too often.

    Tonite that was my screen before I reverted back to 17.5.8:

    WEB pages do not render properly, performances graphs shows that everything is idle while pinging the firewall shows an extreme latency.  Icons keeps disappearing, particularly in firewall rules.  Activating TLS/SSL reduces performances even more up to frozen molasse.  Outlook takes forever to open.  Really un-workable.

    Finally, I really don't take that Sophos do not upgrade X105W for reasons that are nothing more than marketing and nothing to do with technicalities.  This is extremely frustrating.

    Maybe others will find positive continuing testing EAP1.  There are many reasons for that and I encourage it.  But me, I do not find the gain is worth the effort.  Also, my enthusiasm is not there most probably because I have waited the bride for too long.

    I will re-evaluate at EAP2, or once I read EAP 1 is ironed out enough to be workable.

    Paul Jr

  • 0 in reply to Big_Buck

    Hi,

     

    Are you sure that your latency issue is because v18? I've been using v18 EAP1 since the release on a low-powered machine, and had no issues like this. Couldn't it be something else in your network?

     

    Also, I've been testing the v18 EAP1 since release, and it's being an love/hate relationship with it.

     

    The SSL/TLS inspection works, but it's performance is bad. (Mainly compared on port 443 for https traffic, web proxy is way faster than SSL/TLS inspection.(but of course, web proxy only supports 80/443, while SSL/TLS inspection supports any port.))

    Somehow IDS/IPS managed to get at least 50% slower compared to v17.5.x.  *

    My machine will lock itself for 10~ seconds if the load on it is really high for a long period of time.

    I've had to remove two WAF rules, because country blocking isn't woking with WAF on v18. (Already reported.)

     

    * I currently have a J1900 with 4GB of RAM, i'll be upgrading to 8GB RAM (6GB usable), i belive the IPS performance issue is being caused because my machine doesn't have enough RAM for snort alocate to work correctly. One friend of mine, which have the same machine but with 8GB of ram has seeing much higher throughput than mine with 4GB of ram.

     

    Thanks,

  • 0 in reply to Prism

    Let's start with the start.  A J1900 is at a bare minimum 2 times faster as an XG115's E3827.  4 cores vs 2 cores, 2 GHz vs 1.75 GHz, 2 MB cache vs 1 MB cache.  It is MUCH, MUCH faster.

    https://www.cpubenchmark.net/compare/Intel-Celeron-J1900-vs-Intel-Atom-E3827/2131vs2716

    A E3827 is around $55 while a J1900 was $100.

    Note an XG105, is a E3826 clocked at 1.46 with 2 gig of memory.  Marginally slower than an XG115.

    I tested v18 since it was released.  Problems started few days later when I activated TLS/SSL inspection rules. It did two things.  Render Outlook 2010 inoperable.  But also, huge latency you saw on my screenshot.  Latency problem does not revert after deactivating SSL/TLS rules.  It happens many times a day.  And rebooting changes nothing. But at least Outlook runs.

    Luk, I'm not interested for now at posting in the EAP section for obvious reasons mentioned above.  I stopped using it - at least for now - so why would I post there for now ?

    Paul Jr

  • 0 in reply to Big_Buck

    Paul,

    Regarding deleting post in v18 section several   Mine answers were deleted and at some point I have been removed as moderator too. After complaining and writing email, people from Sophos and other moderators stopped on deleting comments. Some Sophos staff are new to community and they did not know how to behave here. Now this is not occurring anymore. As moderators we do not have rights to see who deleted or blocked the reply and we already asked this to be improved. Keep posting and your content is deleted, send me a pm and I will investigate

  • 0 in reply to lferrara

    Hello Luk,

    isn't it just a waste of time? I think we all feel how dilapidated the Kingdom of Denmark is. You wrote your opinion because you have many years of experience and because your opinion does not fit into Sophos politics is it deleted? Why should I continue to work with products of this company that do not value my work and my experience, which I provide them for free? Two years they feeding us as v18 will be completely rewritten and today we see the result of their work over the last two years.

    We just waste time ...

    Regards

    alda

  • 0 in reply to alda

    I replied here:

    https://community.sophos.com/products/xg-firewall/sfos-eap/sfos-v18-early-access-program/f/recommended-reads/116102/understanding-new-decoupled-nat-and-firewall-changes-in-v18/418428#418428

    with the experience gained during these days. If they do not want to listen, amen! We move the remaining customers from UTM9 to other vendors. Life is not a static thing and we cannot change the world. If they do not want to listen, great, we move away. No problem. Me and other community users/partners remember the XG v15 disaster that you cannot even find documentation anymore. They forget about and many of us told them the UI was terrible, the rest is history. If most of the customers will complain with the new firewall section, something will change like v15 or like firewall registration method where using XG was not even possible if no internet connection was available. I guess before 16.5

    Regards

Reply Children
No Data