Any timeframe on DHCPv6-PD support? Or do I start replacing XG Firewalls with something with better IPv6 support?

UTM supports IPv6 way better than XG.

Hi Rfcat_vk,

IPv6 is always a big challenge for appliances (in this case XG). I had a problem even with routers that had IPv6 issues. XG should manage IPv6 like UTM 9. Let's see"

Any GA date for the 16.5? End of the month?

Thanks

Hi Luk,

I would hope for a RC2 seeing we didn't get a beta of this version. Maybe to include some of the fundamental missing stuff eg country blocking that works, mail blocking that works.

Hope rises eternal for those with an optimistic outlook.

Rfcat_vk,

as I know 16.5 includes only Sandstorm and few UI improvements. That's all! For other missing feature we have to wait v17. Country blocking? Nice question. Maybe v17?17.5?

Who knows?

Feature requests are not marked as Planned inside the ideas.sophos.com

In Sophos they are following multiple products now (UTM and XG together, Cloud, Intercept, etc...). I hope to see soon only XG as a very UTM9 replacemenet, so even them are able to provide fixes and new features quickly.

Even on UMT9 with the lastest releases there are some bugs. The competition is killing the quality!

v17 will want to have a major improvement in feature set if Sophos wants to replace the UTM within the next year or two. Just so much missing this is an ongoing discussion that doesn't really get any good useful feedback from Sophos.

AFAIK there is one more v16.5 fix build (4 issues) that should be out next week and that is intended to go GA.  No new features. I don't know when it will go from soft release to GA.

v17 is currently being worked on.  AFAIK Sophos has worked with partners on what the top priority issues and features are.  I suspect at this point the feature list for v17 is planned and will be hard to change at this point (can't put something in without taking something out).

I know that my subject area (Web) v17 will make us pretty close to full feature parity with UTM 9.

AFAIK there is one more v16.5 fix build (4 issues) that should be out next week and that is intended to go GA.  No new features. I don't know when it will go from soft release to GA.

v17 is currently being worked on.  AFAIK Sophos has worked with partners on what the top priority issues and features are.  I suspect at this point the feature list for v17 is planned and will be hard to change at this point (can't put something in without taking something out).

I know that my subject area (Web) v17 will make us pretty close to full feature parity with UTM 9.

I'm not getting the whole country blocking thing.  It seems it would be one of the simpler and easier features to get right, and competitors (ie. Sonicwall) have had it right for years. 

Here is the issue.  In my opinion, and completely without management input.  :)

Users and partners request 200 features.  We estimate effort and it will take 2000 man days effort to do all of them.
In the next release we have 1000 man days of development effort available.
So someone has a hard job deciding which of the 200 feature requests to do.
Maybe by focusing on the most often requested features we can do only 50.
Maybe by ignoring some of the harder features we can do 100 features.
Maybe the features that are "feature parity" with UTM 9.4 are highest priority.
Maybe the features that Partners request are highest priority.
Maybe the features that generate the most $ sales are the highest priority.
Maybe the features that generate the worst "review" comments are the highest priority.
Maybe the features that have been promised the longest time are the highest priority.
Is XG losing a sale to a competitor (due to features) a bigger deal than XG losing a sale to Sophos UTM?
Is XG losing a sale to new customer a bigger deal an existing UTM customer who is going to hold off on migrating from UTM to XG?


In addition, each component team has its own list of features, its own amount of available time, its own priorities.  So maybe one component is working on "nice to have" features while another component is working on "absolutely required core" features.  Features that span multiple components also have inherently greater complexity and if one of the component teams is already working on higher priority features it could hamper the ability to do the feature.

It is an incredibly difficult task to take all these different priorities and tries to balance them to a plan for what will go into the next release.
And no matter what they do there will be features that don't make it in, and there are going to be people who are upset.
And even if the new features you bring in make 80% of the people happy, the 20% whose favorite feature didn't get in will be more vocal.

So how do you make it so your personally favorite feature gets in?

Lets take some examples:
A) "Please support WebSockets.  The standard has been around for years and all browsers now support it."
B) "As a partner supporting 100 clients, the biggest feature that is preventing my customers moving from UTM to XG is country blocking.  In addition, I have lost 3 sales (valued at umpteen dollars) to SuperFireWall+ in part because those potential customers required country blocking."
C) "I tried for 3 days to get NetFlix working at home and couldn't get it.  So I'm switching to back to OtherFreeFirewall.  That product is sooo much better."

Which feature request is more likely to get higher priority?
When making a feature request, don't only talk about what the feature is.  You should also say why it is important - both to you and to Sophos.

Hi Michael,

thank you for your detailed personal explanation.

I suspect some people, resellers included do not understand the difference between utm and XG and are trying to sell the wrong features.

From my point of view where Sophos went wrong was saying that the XG product would replace the UTM when the XG is nowhere near ready to replace the UTM. If you had never used a UTM you would be quite happy with the XG, but having used a UTM for work for a short time and at home for many years I find the XG very limiting. I came to try out the new product to learn about a different way of managing security, I get no monetary gain from either UTM or XG, but a learning experience.

Of to rebuild by XG, I locked myself out of it.

Michael,

I really appreciate your reply and your point of view. This is not even the right thread to talk about missing features, complaining,etc. Anyway, building a perfect product is impossible and if you think about the short time, the risks and difficulties increase the level of building the perfect one.

We are here to improve the XG, learn how it works and which are the issues that exist on it in order to get a better XG ever.

To develop and add more features require a lot of efforts internally but it is "normal" that most of us pretend a Leader Product from XG soon, very soon (even more if they are coming from UTM9).

XG is the next generation Firewall after UTM9 and people look at it as the UTM replacement because even Sales are pushing XG. What I suggest here and to my customers is to try XG and to understand what they are looking for in terms of features.

Nothing against which features are missing or must be added but in my opinion is the information delivery. If you think about the Country Blocking, it was simple to inform the users that the feature is only available for Firewall Rules and not for BAR. This information should be delivered at the feature delivery and not after months and after the users discovered them. This is not a fair.

We need clarity! "Roadmap are subject to change without notice" This is a message I receive from another SW where we are Distributor. Another good example of bad communication is when an issue will be fixed.

If you go around the community, you see that there are some issues that should be fixed and no ETA yet for that issue. How can Partner explain to their customer: Yes it is a know issue and it will be fixed........no date yet!

I know that internally you have a lot of things to complete and now you have to follow UTM9 and XG at the same time but be sure to share with us information, problems and even doubts with us and we will help you in that.

For example, after the v15 some of us were contacted by Sophos in order to undestand what we like and what we do not like about XG. I really appreciated it! This should be done regularly. Sharing idea, knowledges and thoughts is the best way to improve a product because different point of view are listened from.

Make sure to keep the ideas.sophos.com updated and in my opinion you should add even features that will be added and not yet inside the ideas.sophos.com, so who visits the site, knows about new planned features.

For new feature planning is a big challenge. It takes time to collect features from multiple sources, putting them inside a HoQ, understanding the efforts and so on but this is the life on how it works on SW development and more and more when you have to built a product that must be safe, always!

Please make sure to keep us updated and to deliver pdf where you well explain what the new feature is intend to be for and I am sure that people will read (most of them) and other will be invited to read by partners/yous and us from community.

If you think about that at the beginning even the release notes was not available It was not a nice "business card" for XG as the UTM alternative.

We are here and we will always here to understand and share issues to make XG a leader product but make sure that we are INFORMED!

Nice week-end to all!

My danger here is that I'm a completely separate information channel, I don't know what else has been described to you guys.  I don't know what is for internal use only, shared with partners, or generally public information.  And my time is what I can eek in while waiting for a build or install, or I do from home on my own time.

In the vein of communication and peeking behind the curtain...

The original plan was to have a v16 and a v17.  Sandstorm was a requested feature that 90% of it is done by the Web team.  It was originally planned for v17 but the Web team said they could deliver it early and some people wanted it ASAP.  So we did a v16.5 in order to add the early delivery of sandstorm.  But for the most part no other teams had features they could deliver early.

That is why v16.5 doesn't contain a lot of features from a lot of different teams.  After v16 was released, most teams have been working on v17 features.  You will see the fruits of their labours in v17.

In other words, don't see 16.5 as halfway to v17 with halfway the features.  It is better to look at v16.5 as v16+sandstorm.
In other words, if you gave feedback for v16 about Country Blocking (for example) do not look at v16.5 as a release that may potentially have that feature in it.

---------------OFF TOPIC---------------

Sorry about derailing the thread.

Regards

Bill

Billybob is rigth! If you think that in Sophos you spent 2 years on XG and it looks Cyberoam with new UI and some new feature.

As I wrote at the v16 release date, Web section is the best part of v16. It looks like UTM9 and even better (even some features are still missing but you are on the good way).

The Web categorization is not working well as UTM9 because different web filtering are used and Users/Chiefs notice web categorization before Admins notice them. Not a good deal!

Personally I believed in XG project because I thought, we can have a better UTM9 with some features that comes from Cyberoam like Layer 8, API, iView and a new Command Center using the API but when I discovered that XG is using Cyberoam code.........I felt really bad but I am still here like others UTM9 old school guys in order to say/write our point of view but we are not listened!

After 2 years we still do not have a way to disable an Interface, Flow Monitor, Custom Dashboard, Logs (the list of basic missing features is so long). You are adding Feature like Heartbeat and then Sophos Enterprise Console does not support HB at all (only Cloud Version).
I think that in Sophos you have to think about that you should first build a product with basic feature, make it robust and then add features. You are doing exaclty the opposite!

Astaro grew up with this philosophy and it succeeded! What's wrong in Sophos? Everything started with the misterious "Astaro Shutdown website" where you decide to close it without warning the users.

We are the key of your success. Without us and without people that buys the product, you are out of business!

Anyway we have never been heard!

P.S

UTQ report PDF is not working. Generating UTQ report using PDF format will produce a blank page while CSV works! Try yourself!

As I wrote with 16.05 RC1, UTQ PDF export is completely blank, can someone else confirm this behaviour?

Also can you make sure to remove the horizontal bar in order to view the Pattern Update status?

See the attach:

Hi Luk,

I am trying to understand your post, the report you posted has details and looks the same as my rebuilt XG report.

Thanks rfcat_vk.

Maybe my post was not so clear. I am facing 2 issues:

• UTQ PDF report is completely blank (even the Sophos Header is missing) so if I upload the report I got is a blank pdf
• Pattern Update Page: inside the columns are bigger than the previous version and now to view all the details you have to scroll the horizontal bar and this is annoying!