XG / XGS ongoing issues list

Let me rephrase this: 

1. This should be fixed by now, based on the PPPoE Protocol. There are certainly some scenarios, which could still lead to this problem (if the ISP is doing something odd). 

2. You can simply save the interface without change - This will reload the interface and essentially doing the same like "Turn off/on" on UTM. 

3. Mail relay is a question, what they do. SMTP Auth is not implemented on SFOS. This means: you cannot do a smtp auth against the firewall. You could do a host based relay. SFOS uses Exim like UTM does. BTW: SMTP Auth is a poor design decision IMO - You do not have a summarized Email summary / logs. I would always recommend to send all Emails first to the Email server. 

So for 1)... that seems like a disclaimer. My Dlink router at home as no issues with the ISP Changing ip addresses. So, I'm not very confident with this reply.

2) This is a workaround... I would like a way to release\renew WITH confirmation that this was done. This is a basic function that all routers should have. 

TP-Link can do it. 

3) So for this one, I'm reading that it's not going to work (or work well), plus it's not how you'd recommend it done, so you suggest doing something else. Another... workaround suggestion, to a feature that works on SG, but not on SFOS(XGS). 

XGS constantly seems like a downgrade. Shouldn't these devices let administrators run their network the way they want? Where is the flexibility? Seems like SOPHOS is going the way of Apple. "We'll tell you the way you want it and you'll like it our way".

So for 1)... that seems like a disclaimer. My Dlink router at home as no issues with the ISP Changing ip addresses. So, I'm not very confident with this reply.

2) This is a workaround... I would like a way to release\renew WITH confirmation that this was done. This is a basic function that all routers should have. 

TP-Link can do it. 

3) So for this one, I'm reading that it's not going to work (or work well), plus it's not how you'd recommend it done, so you suggest doing something else. Another... workaround suggestion, to a feature that works on SG, but not on SFOS(XGS). 

XGS constantly seems like a downgrade. Shouldn't these devices let administrators run their network the way they want? Where is the flexibility? Seems like SOPHOS is going the way of Apple. "We'll tell you the way you want it and you'll like it our way".

Are we talking about PPPoE or not? Because it depends on this answer at this point.

PPPoE is something, which has a reconnect option. There is a renewal process in place etc. 

If you get a standard Ethernet connection, this is something else. 

About SMTP Auth. Sure you can do what ever you want in your network, but maybe sometimes it is time to consider to rebuild some installations. SMTP is a product, which is current under review to be migrated solely to microsoft. Most customers i am talking to are going to M365 as a mail provider. So no need to do this firewall email relaying anymore. 

Sophos is investing in the next generation email security technologies like Central Email. 

I'd need to find out from the ISP how they do DHCP renewals. Suffice to say... no issues with SG, constant issues with XG...

Would you agree to this?  "If it worked for SG, it'll work for XGS"

So I hear what you are saying... "SMTP Auth is not implemented on SFOS". So this means no... SOPHOS has removed this feature?

So... a workaround for IP renewal, No to SMTP, WAN IPs might possibly renew if dynamic, and this is all because SOPHOS is investing in the future. I'm sure this is all for my own good too.

And the biggest question of all for me is.... "What else will I find out AFTER i've migrated our 14 firewalls over". Since the response of the things I know of are nope, maybe, and not an issue... Not compelling.

UTM is a old product. It has now 20 years development. So in this timeframe there are certainly features which are on UTM and not implemented in SFOS. But on the other side, you will find plenty features, which never made to UTM. So you are currently focusing on "missing features" and not on the security advantages you will get by migrating. Certainly you cannot say "if its worked on UTM, it will work on SFOS" - Simply because the focus moved to Security first. Protecting the customer is more important than getting a SMTP workaround for a implementation like that. Using a UTM as a Mail MTA relay for your entire company sounds like a mistake to me. 

If you experiencing a problem with the ISP renewal, you can contact Support to get this clarified. I am not aware of a issue based on the current version. 

SMTP Auth - Feel free to reach out to your Sales Rep to get this addressed. But in the long run, maybe you are on your way for M365 as well. 

That's all fine and good. Yet, here is a forum with complaints from a real customer. And the replies are pushback. Not, let's look into that. 

The marketing I get is, move to XGS, it's better. Then I do that in one spot and I say... "this is not better". This is broken. And the response is not, we should look at that. It's pushback.

Fair marketing should be "it's better, but it's gonna hurt". If keeping existing SG features is not on the roadmap.

Its better, if you are looking for a security upgrade. SFOS is in all aspect more secure. I am wondering, if this is not your focus? Do you want to increase your IT Security? 

And i cannot give you anything else, as i am a sales engineer, not a product manager. So if you want to get a respond by the PM team, you should get in touch with your Sophos peers to discuss this further. 

I am giving here simple answers on the current state of the implementation and what i would recommend to do.