Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 14 replies
  • Subscribers 31 subscribers
  • Views 3280 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Everyone Please Read!!! Sophos Removed a Feature with No Notice

MichaelBolton

Hello everyone,

Most may not realize this because you don't use it, but Sophos has decided to remove a feature from our firewall with no notice at all.

They have removed the HTTP/HTTPS bookmark feature from clientless access on V17.X. This feature removal was previously announced and told it would be in an upcoming major release, I.E. V18. It would not affect V17.

Over the past weekend, Sophos decided to remove the feature from any device running V17.x. They did so with no notice at all. The hotfix was deployed the same day the notification was released. Here is the notification https://community.sophos.com/products/xg-firewall/b/blog/posts/sophos-xg-firewall-http-s-bookmarks-feature-retirement.

This feature may not matter to you, but I bring it up beacuse our firewall vendor decided to remove a feature from a production product with no notice whatsoever. I tagged  and  in the comments but did not get a response.

If Sophos will remove that feature with no notice, what will they do in the future? What an unbelievable move from a firewall vendor. We use this feature and have no alternative right now. WAF does not suport 2FA and we cannot install a VPN client as we don't own these machines.

Let's all ask for answers! How can Sophos do this with no warning?

Mike



This thread was automatically locked due to age.
  • 0 in reply to Arie

     I have had too many issues with them as well. I would not recommend them for anything over a small business.

    I am still waiting for them to get the XG platform FIPS 140-2 certified. I was told they would with V18, but I don't even see where they have started the process. V18 was supposed to be release in 2018, so, who knows how long it'll be.

    I do have a call scheduled with product management this week though to discuss it. We'll see what happens. I have a feeling I'll be looking for another vendor, which is a shame since they have great technology with the ability to integrate XG with Intercept X

  • 0 in reply to MichaelBolton

    Agreed on it being a great product, but also agreed that there are just too many items that preclude it from being a good choice for all but small companies and non-profits.

    Here's another essential feature request Sophos "is considering": https://community.sophos.com/products/xg-firewall/f/web-protection/75113/how-do-i-re-categorized-specific-url-domains-and-ip-address-to-already-included-categories

    That was four years ago...

    I'm tempted to start a new topic to list the outstanding issues, but I'm afraid that it'll become unwieldy very quickly and in the end not much will change.

  • 0 in reply to Arie

    LOL yes that is one I have been waiting on. Also waiting on IKEV2 remote access. They "just" released IKEV2 site to site tunnels and route based VPN not long ago. Features a 50 Microtik have. They are very far behind and they know it.

    There are alot of very active forum members like    and  (sorry for anyone that I didn't tag, I know there are others I have talked) that have all voiced their concerns but it doesn't seem to matter. Sophos does what they can make the most money on. I would wouldn't waste your time opening a new topic of missing features and outstanding issues. Most of us here already know the list unfortunately.

    I am very curious as to how this conversation will go tomorrow. I will definitely post what happens.

    Side note, what do you guys run in your corporate network?

  • 0 in reply to MichaelBolton

     

    thanks for your post. I am not writing on the community anymore as I have some personal problems that take me all day so I have no time to stay connected!

    Regarding this feature, this is something that many users use and Fortigate have been implemented from many years now and it is still used. I guess that they are removing as it is not designed/implemented securely. As I said, I guess. Someone here, like me is a Sophos Partners, but we do not have a say to decide if a feature should be removed, added and so on.

    From my understanding, Sophos XG group is not open like the UTM group was! Indeed, every feature here for Sophos Devs and Sophos Product Manager (XG's line product) needs to be (SW developers call them) Use Case. Nothing against it. The main problem is who gives to them the use cases and how. In every communication and translation there is a misunderstanding. v18 is a nice stepforward but from my point of view is not the product that should be, based on the efforts Sophos spent since 2015. The product is still unstable, some features are implemented half and so on.

    My advice for Sophos is to consider properly who is the customer in the SDLC (SW Development Life Cycle) because if from the other side they have Parterns that do not understand what their customers want, what other vendors do, we have the product we see today. If the input is wrong + issue emerged during translation, you can imagine the result is totally different from what the market is expecting.

    I am preparing the SW Development exam (Master Degree in Computer Engineering) and I can now understand what developers and product manager do and how they think, but most of the output depends on customer input, feedbacks from the customers and how this feedbacks are re-iterated in the next sprint or timeboxed. I would suggest Sophos to create more feedback questionairre, involving new customers during their development, writing USE CASES and LISTEN LISTEN LISTEN. If I think the NAT translation implemented in the firewall rule.....OMG! I offered myself voluntary to be involved as a "customer" during their development but for the moment, no voice, no feeedback, nothing!

    I still have issue with Skype calls and empty the recycle bin in hotmail.com when I am connected to XG and from the logs you do not understand what is wrong, you can imagine how happy I am (I am using HTTPS scanning).

    This is my opinion!

    Regards