Its a shame, I do like Sophos XG and the value for the money is good. If they are truly wanting big enterprise customers only, I would say good luck. XG as it exists right now is not nearly a good enough product to break into that market, the terrible logging alone would be a disqualifier for many.
I don't rate v18 "as a very failed version", they did something right which is the new SSL/TLS Inspection engine, but some other features that we got, such as SD-WAN support don't even work correctly.
And what is the throughput on the DPI again? The xtreme DPI engine...
One honest question, is the firewall not doing It's job to protect your clients, which is the main purpose of it.
I totaly gave up on XG even for home use after the remote code execution problems that was in the wild so no the firewall was not doing its job in its default configuration.
I check in here once in a while since I use SG in my lab due to abundant logging and things are still the same as they were when v16 was released. Big promises little follow through as alda pointed out. Now there is a remote code execution on the SG UTM webadmin. Luckily someone was nice enough to tell them instead of leaking it to the hackers.
And what is the throughput on the DPI again? The xtreme DPI engine.
It's actually High... Also your comparing the throughput of the DPI Engine on Sophos XG with what other vendor?
Fortinet have custom ASIC's to do pattern matching and L3 Networking and crypto, Palo Alto have FPGA's for the same reasons, even checkpoint have acceleration pcie cards now.
If you look at the appliances Sophos have right now are all using old Intel x86 CPU's from 2017<, even then, the throughput is still high for a NGFW.
I'm not here to defend Sophos, but if a USD$50.000 appliance from Palo Alto (PA-5220) that have multiple FPGA's, and uses Marvell "security processors" can only do 1.9Gbit/s of Threat Prevention on a enterprise mix traffic with SSL/TLS Decryption, which is the same as an XG 750 Rev.2 could do on v17.5, then I'm impressed with Sophos results.
I totaly gave up on XG even for home use after the remote code execution problems that was in the wild so no the firewall was not doing its job in its default configuration.
Also, let's talk about the ssh "backdoors" (Which has hard-coded SSH public keys) Fortinet had some years ago, even their SIEM product had a vulnerability like this last year.
Every vendor has shitty vulnerabilities that someday will piss off their costumers, the only difference is how fast they fix it, and if they are going to be public speaking about it, or they will hide it.
Ha, the old "LOOK" other vendors suck to we suck also defense? Or half our stuff works for half the price defense?
If XG is working for you great and that is all that matters. But there is no sugar coating that their code quality has been slipping.
I will leave this alone as Ian doesn't want me to muddy this thread and move back to MR3 release which will probably be next week because they usually release on wednesday or thursday most of the time ;-)
