Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 36 replies
  • Subscribers 34 subscribers
  • Views 77735 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Roadmap - Still too early?

lferrara

Hi All,


2016 is almost there! I think that all of us would like to have some feedback from Sophos about what we will see from 1.5 XG release (January ?) and 2.0 in the middle of this year.

Even a simple shortlist of major features that will be released and specially bug fixes. We have feature.astaro.com website but "Planned" does not means next release.

[A]

Thanks.

Luk



This thread was automatically locked due to age.
  • 0 in reply to Billybob

    Billybob said:


    Have they given any indication in the sales meetings on where this FASTER concept is coming from? Or are they moving full speed ahead listening to their own FUD in their own echo chamber? This is really curious considering that now that they are a public company with more funding availability, you would think their future plans would include better quality software along with better ideas and not just better marketing.

    Cyberoam technology:

    FastPath Packet Optimization - FastPath optimizes the decision making in the firewall policy engine. Once a connection is deemed trusted, all related packets take the fast path. It is NOT Stream scanning as used by some competitors – stream scanning lightly scans packets as they pass for malware - we properly scan all content in real-time or batch mode – we do not stream scan.

    This means that data gets through faster, whilst still being fully scanned for malware.

  • 0 in reply to vilic
    Thanks, I found a few references to the fast path documentation in old cyberoam docs and understand better what they are claiming. I am assuming that once the packet is in fast path, its bypassing IPS/AV/FW checks.

    I also noticed that the XG appliances have higher throughput numbers compared to SG appliances. Found one thing curious that they don't publish the maximum UTM/NGF throughput numbers. Just each individual daemon. A breakdown of how fast a single daemon is capable of performing is nice but if you buy a UTM appliance, you are more than likely going to use it as a UTM. I can see fast path advantages in pure firewall or even AV scanning to a certain extent but I am not sure how they are tagging fast path packets transversing the whole UTM/NGF appliance without scanning.
  • 0 in reply to Billybob
    blogs.sophos.com/.../

    On this link you can find more info on Fastpath. I knew about it from Webinar and maybe that's why XG have better performance than UTM.
    As Billybob said, they should upgrade to Snort 3 or to another IPS engine in order to get more performance and use more CPU resources.
    Anyway we are dreaming. What we need at the moment are responses from Developers and what will happens in the next months (2016 is here).

    Luk
  • 0

    @MW:  Nice post, very well written and thought out.  You hit the nail on the head.

    "I just can't believe that this requests have more than double user votes comparing with this essential functionalities" Number of votes is only one (the least important) of several considerations in determining if a feature request is approved.  I've written several posts explaining in detail how this works and the considerations that come into play. 

    "they should upgrade to Snort 3" Snort 3 is still in Alpha. Until it is finalized, it can't be added to a commercial system. Suricata was tried, but it had issues of it's own, making it not ready for prime time. Just have to wait until there's an open source IPS that supports multithreading, which is ready for commercial use.

    "What we need at the moment are responses from Developers and what will happens in the next months"  @Luk:  They will say what they can, when they are allowed to do so.  All the public whinging in the world is not going to change this.  As a reseller, you need to discuss these things with your assigned channel manager.

  • 0
    One concern I have with this product is the lack of product validation / review. So far I have found at least 3 bugs that have been frustrating and /or a grave security concern. I understand this product is free for use and using the users as guinea pigs is fine; but providing a product which is extremely flawed and then the manufacture not discussing the issues users are facing enables me to think Sophos and their products are sub-par in comparison to the average UTM on the market. For these reasons, I will hesitate and not recommend any product that has the for-mentioned qualities.

    The only reason I am still trying to use this SW is that it is slightly better than the Untangle UTM. If someone can recommend a free for non-commercial use UTM, I will most likely jump on it.
  • 0 in reply to Billybob

    BTW, this updated XG/UTM roadmap was revealed in Sophos Community Update Webcast last week.

  • 0 in reply to vilic
    So its the same old same old 6 month expected release schedule and nothing as aggressive as was suggested earlier when SFOS was first introduced. The future sophos releases being labelled as v16 and v16.5 means it is a continuation of cyberoam although they don't like to publicize it. Also interesting is the fact that after v16, they will call it v16.5. This means that the next version of SFOS will be the final merge of UTM/ SFOS and any other missing features after that will probably need a feature request. Then they will start improving on the existing stuff and add new features to SFOS more aggressively as this will be their flagship product.

    Its also interesting that 9.4 will be soft released shortly with sandbox functionality. I guess there won't be a beta for it or a very short beta if they want to release it during the first quarter as indicated in the roadmap.

    Lets hope they can deliver the goodies in the next release of SFOS [;)]
  • 0 in reply to Billybob
    Webcast was recorded and published on Youtube:
    www.youtube.com/watch

    Beside revealing future Roadmap, there are also many other useful information from the first-hand, it is worthy spending 50-minutes watching it.
  • 0 in reply to Billybob
    Sophos Community Webcast Feb 2016 - XG Firewall and UTM 9 Update:
    www.youtube.com/watch
  • 0 in reply to vilic
    That answers a lot of questions. So in essense
    1. V16 and v16.5 have nothing to do with cyberoam. They are using the year as the main version number with v16 as beginning of the year release and v16.5 as second release for the year. There will also be incremental releases within that period.
    2. The concept view of v16 SFOS looks promising.
    3. The features being added in v16 should bring SFOS very close to what UTM is for most of the users.
    4. Glad they are still continuing UTM development, although if v16 is as good as it looks on paper, more and more people will move to SFOS sooner than later.
    5. There is a beta for UTM9.4. Just noticed it posted community.sophos.com/.../74654

    Thanks for the link that definitely answered a lot of questions and we don't have to speculate on some of this stuff. I wanted to attend the webcast but was busy on Thursday. I see got a few questions in. Good job.