XG Roadmap - Still too early?

Maybe a little off-topic, but I am mostly surprised with the lack of communications from the existing Cyberoam users, both in previous Astaro.org and now in this new forum. I've seen max. 3-4 posts from the users who identified themselves as existing Cyberoam users. They obviously never had this kind of community (just checked, there is no official Cyberoam users forum).

That could explain that lack of communication between company and community, because they never had that kind of relationship with users before. Guys like AlanT and others are from Sophos and I am sure that they are not allowed or not entitled to expose things like future Roadmap. They are, in my opinion, only the second-hand source of  information.

Vilic,

XG is under "Sophos" brand, so developers need to follow Sophos's policies (they like or not). It is a mess at the moment. Here we are helping each other but for me it seems the "war of the poor" and sometimes some Sophos stuff pop-ups. This is not the way it should work.

It is a new product and no one has experience on XG (I mean us) so we need support from Sophos otherwise we will never buy this product and even product improvements will stuck. Most of us are using XG at home because one day we would like to sell it (or swap UTM) but if this is the way the communication works, more time will be required and some of us will move to another vendor!

So Sophos Managers should coordinate Cyberoam staff and decide a way to move and communicate with people and partners. Do not forget that Sophos acquired Cyberoam almost 2 years ago, so at least Cyberoam developers should be compliant with Sophos rules (more or less).

Moreover this product still seems to be a beta product, where basic functionality are missing and many bugs are there.

We absolutely need contact with developers as they need our feedback.

[:@][:@][:@]

Luk

I understand your thoughts, but realize the following

1. "good community" was a cultural of Astaro, not Sophos. With the move to XG, Sophos is dumping the Astaro pieces entirely and I suspect the Astaro codebase devs are not moving over to the XG code base and have little interest to support XG users.

2. Cyberroam has not had any community focus so this is par for the course for them.

3. XG is not considered beta to Cyberroam devs. Its a minor upgrade to the Cyberroam code base. So they don't see any need to keep tight tabs on this like its a beta program. For cyberroam, XG isn't "missing" anything. Its only missing features when you come from Astaro/Sophos.

The aswer is simple:

"Sophos will lose many many Astaro customers and position in Magic Quadrant".

They are publishing XG as the "Next Generation Firewall with innovative Technology ", then the product can be used at home only (if you have a lot of patience and not many requirements).

Luk

The aswer is simple:

"Sophos will lose many many Astaro customers and position in Magic Quadrant".

They are publishing XG as the "Next Generation Firewall with innovative Technology ", then the product can be used at home only (if you have a lot of patience and not many requirements).

Luk

lferrara said:

The aswer is simple:

"Sophos will lose many many Astaro customers and position in Magic Quadrant".

They are publishing XG as the "Next Generation Firewall with innovative Technology ", then the product can be used at home only (if you have a lot of patience and not many requirements).

Luk, If you attended XG sales course on Sophos partner portal, you should noticed the slide with a truck and a sports car (comparing UTM and NGF), explained with:

1. "Whilst UTMs will typically do more, they are designed with those other tasks in mind, so they are more utilitarian; they will still get you safely from A to B, but are designed to do many other things on the way. The NGFW is more focused in nature... it's the one you want for the race track!"

2. "The Next-Generation Firewall market is dominated by Palo-Alto networks and Checkpoint followed by Fortinet and Cisco in the distance. We’re currently a niche player in this market place… but we intend to change that.".

My conclusion -> no more UTM, we are now NGF.

 

vilic , I always enjoy your interpretations of little tidbits that you find from sophos. I agree on the feature request site. Maybe cyberoam user base has different requirements and they don't see lack of logging and interface names being stuck as problems.

Regarding the partner sales course and race car analogy, I know they have touted the speed numbers before blogs.sophos.com/.../ and I am not testing the troughputs in the lab so I won't challenge what they say but those numbers seem unrealistic to me.

Unless they have added some kind of hardware acceleration for packet processing, kernel tweaking is not going to give you 50% additional throughput. Same with IPS/AV engines specially with a single threaded v2 of snort. Running multiple instances of snort won't increase your processing by 40% if you are downloading a single file using a single stream.

Have they given any indication in the sales meetings on where this FASTER concept is coming from? Or are they moving full speed ahead listening to their own FUD in their own echo chamber? This is really curious considering that now that they are a public company with more funding availability, you would think their future plans would include better quality software along with better ideas and not just better marketing.

Billybob said:

Have they given any indication in the sales meetings on where this FASTER concept is coming from? Or are they moving full speed ahead listening to their own FUD in their own echo chamber? This is really curious considering that now that they are a public company with more funding availability, you would think their future plans would include better quality software along with better ideas and not just better marketing.

Cyberoam technology:

FastPath Packet Optimization - FastPath optimizes the decision making in the firewall policy engine. Once a connection is deemed trusted, all related packets take the fast path. It is NOT Stream scanning as used by some competitors – stream scanning lightly scans packets as they pass for malware - we properly scan all content in real-time or batch mode – we do not stream scan.

This means that data gets through faster, whilst still being fully scanned for malware.

Thanks, I found a few references to the fast path documentation in old cyberoam docs and understand better what they are claiming. I am assuming that once the packet is in fast path, its bypassing IPS/AV/FW checks.

I also noticed that the XG appliances have higher throughput numbers compared to SG appliances. Found one thing curious that they don't publish the maximum UTM/NGF throughput numbers. Just each individual daemon. A breakdown of how fast a single daemon is capable of performing is nice but if you buy a UTM appliance, you are more than likely going to use it as a UTM. I can see fast path advantages in pure firewall or even AV scanning to a certain extent but I am not sure how they are tagging fast path packets transversing the whole UTM/NGF appliance without scanning.

blogs.sophos.com/.../

On this link you can find more info on Fastpath. I knew about it from Webinar and maybe that's why XG have better performance than UTM.
As Billybob said, they should upgrade to Snort 3 or to another IPS engine in order to get more performance and use more CPU resources.
Anyway we are dreaming. What we need at the moment are responses from Developers and what will happens in the next months (2016 is here).

Luk