Hi Everyone, You're all overdue for an update on current and next steps, so I wanted to take some time to share a brief update. Since v16 launched last year, we've seen a huge increase in deployments worldwide! It's great to see that the feedback and effort you've provided has really been helpful to shape a successful v16 launch! Thank you to everyone who has used XG, and shared your feedback. It's been immensely valuable, and a big factor in the success thus far. We've also launched v16.05 (Also called 16.5 sometimes, by lazy people like me..) which closed off the last high-level feature gap between XG and UTM9. I've seen some questions on why this release didn't contain more, so I'll take a moment to go over why we released only what we did. Earlier in 2016, we launched Sophos Sandstorm on both UTM9 and Sophos Web Appliance, to MUCH greater success than we had initially expected. This resulted in far greater demand to launch it on XG, and left us with a tough choice. We could delay v16 significantly, or leave Sandstorm until v17, as originally planned. We believed that delaying v16 by even a few more months, would have caused significant problems for our existing XG partners, and waiting until v17 to launch Sandstorm was just too far out. With that in mind, we looked at what it would cost to deliver Sandstorm sooner. Our web and email teams were already going to begin working on Sandstorm as soon as they finished with v16, so if we limited the features in a release to just Sandstorm, a 16.05 release was possible, without causing a meaningful delay to v17. If we included more features, quality testing would take too long. With this in mind, we decided to launch a highly focused 16.05 release, dedicated to delivering Sophos Sandstorm by end of December. This would get 16 out when it was needed, and also get Sandstorm out close enough to the 16 launch, that we could reduce the problems caused by 16 not having it. So far, the decision has proven to be justified, as the launch of 16.05 has significantly accelerated the already fast growing v16. This sort of smaller feature release, on a fast timetable, isn't something we normally want to do - but in this case, the circumstances called for it. While our web and email teams were working on v16.05, the rest of our teams began working on v17, and we're marching towards a beta start around April or May. I can't go into too much detail on all of it just yet, but here are some if the highlights of what you can expect: Troubleshooting and Visibility Improved log viewer v2 - Unified view of all log sources, better filtering and searching, improved readability and display of log contents, unified view of live and historical logs Improved Log Retention - Persistent storage of logs, retained for 1-2 weeks, to improve troubleshooting issues that are days old More insightful log contents - firewall logs will now log meaningful reasons for "invalid" packet drops, web logs will include more details for troubleshooting Rich Policy Test - Enter criteria to check,such as source, destination, user, etc.. and find out what firewall rule will allow or block it, what policies will be applied, and for web traffic, a full analysis of what rule within the web policy will be matched, and what action will be shown to the user Firewall Rule Management - sliimer layout, custom grouping, cool design IPsec VPN engine Improvements - IKEv2, Suite-B protocols, Reliability Upgrades NAT Business rule improvements - Object based, more familiar to UTM9 users, more powerful Synchronized Security - changing game for application control Email - UX Improvements, Spam improvements, Outbound relay Web - streaming improvements, faster content filtering Zero-touch firewall deployments (not strictly part of v17, but part of a parallel project) Licensing and Registration- more usable, less mandatory This forum has a heavy hand in what shapes our roadmap, but it isn't the only source. For example I and other PMs have frequent calls with customers and partners, and even competitor's customers and partners. Usability study participants, Sophos support, and ideas.sophos.com, also contribute valuable feedback. Quite often these sources are at odds with the community feedback. It rarely differs in whether a feature is desirable or not, but it often differs in importance, and we have to factor all of it into our planning. I mention this, because I know that after reading the above list, there will be immediate questions about "what about feature X?", or "Why not feature Y?". To that, I say: If we're not doing it in v17, we're more than likely still planning it, but the order of priority might might be different than you prefer Some of you will disagree with one feature being chosen over another, and perhaps even disagree very strongly. Just know that this doesn't mean we're ignoring your feedback. The majority of the features and focus of v17 are driven by requests coming from these forums. We're listening! The above list isn't exhaustive, or detailed. What you're looking for might still be planned for v17, but I can't outline all the details just yet. Stay tuned for the start of beta. Finally, I want to call out a group of features I know you're going to ask about. Renaming/disabling interfaces, and other objects. It's obviously important, and highly desired in the community. Some more enabling/disabling options may be added in v17, but not interfaces, and there won't be improvements in what you can rename just yet, either. I know it's a big annoyance for some of you not have those features, but we need to do it right. (Bring on your apple, copy/paste analogies.. :) ) I worked with the teams to see if we could come up with a plan that included at least interface enabling/disabling in v17, but it wasn't practical. There are hidden costs, that aren't obvious, and there are also other projects in the works, that will significantly reduce those costs. At the risk of being too much of a tease in this post, we have a plan to implements enable/disable, renaming, and many other ui usability niceties everywhere. It depends on completing a project that's been in the works for a while, that I can't discuss just yet. Rest assured, it's all coming, and you're going to like the results! Be patient, and stay tuned! Best Regards, Alan Toews Sr. Product Manager, XG Firewall One last tease..

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG v17: what's coming next

Hi Everyone,

You're all overdue for an update on current and next steps, so I wanted to take some time to share a brief update. Since v16 launched last year, we've seen a huge increase in deployments worldwide! It's great to see that the feedback and effort you've provided has really been helpful to shape a successful v16 launch! Thank you to everyone who has used XG, and shared your feedback. It's been immensely valuable, and a big factor in the success thus far.

We've also launched v16.05 (Also called 16.5 sometimes, by lazy people like me..) which closed off the last high-level feature gap between XG and UTM9. I've seen some questions on why this release didn't contain more, so I'll take a moment to go over why we released only what we did.

Earlier in 2016, we launched Sophos Sandstorm on both UTM9 and Sophos Web Appliance, to MUCH greater success than we had initially expected. This resulted in far greater demand to launch it on XG, and left us with a tough choice. We could delay v16 significantly, or leave Sandstorm until v17, as originally planned. We believed that delaying v16 by even a few more months, would have caused significant problems for our existing XG partners, and waiting until v17 to launch Sandstorm was just too far out. With that in mind, we looked at what it would cost to deliver Sandstorm sooner. Our web and email teams were already going to begin working on Sandstorm as soon as they finished with v16, so if we limited the features in a release to just Sandstorm, a 16.05 release was possible, without causing a meaningful delay to v17. If we included more features, quality testing would take too long. With this in mind, we decided to launch a highly focused 16.05 release, dedicated to delivering Sophos Sandstorm by end of December. This would get 16 out when it was needed, and also get Sandstorm out close enough to the 16 launch, that we could reduce the problems caused by 16 not having it. So far, the decision has proven to be justified, as the launch of 16.05 has significantly accelerated the already fast growing v16. This sort of smaller feature release, on a fast timetable, isn't something we normally want to do - but in this case, the circumstances called for it.

While our web and email teams were working on v16.05, the rest of our teams began working on v17, and we're marching towards a beta start around April or May. I can't go into too much detail on all of it just yet, but here are some if the highlights of what you can expect:

Troubleshooting and Visibility
- Improved log viewer v2 - Unified view of all log sources, better filtering and searching, improved readability and display of log contents, unified view of live and historical logs
- Improved Log Retention - Persistent storage of logs, retained for 1-2 weeks, to improve troubleshooting issues that are days old
- More insightful log contents - firewall logs will now log meaningful reasons for "invalid" packet drops, web logs will include more details for troubleshooting
- Rich Policy Test - Enter criteria to check,such as source, destination, user, etc.. and find out what firewall rule will allow or block it, what policies will be applied, and for web traffic, a full analysis of what rule within the web policy will be matched, and what action will be shown to the user
Firewall Rule Management - sliimer layout, custom grouping, cool design
IPsec VPN engine Improvements - IKEv2, Suite-B protocols, Reliability Upgrades
NAT Business rule improvements - Object based, more familiar to UTM9 users, more powerful
Synchronized Security - changing game for application control
Email - UX Improvements, Spam improvements, Outbound relay
Web - streaming improvements, faster content filtering
Zero-touch firewall deployments (not strictly part of v17, but part of a parallel project)
Licensing and Registration- more usable, less mandatory

This forum has a heavy hand in what shapes our roadmap, but it isn't the only source. For example I and other PMs have frequent calls with customers and partners, and even competitor's customers and partners. Usability study participants, Sophos support, and ideas.sophos.com, also contribute valuable feedback. Quite often these sources are at odds with the community feedback. It rarely differs in whether a feature is desirable or not, but it often differs in importance, and we have to factor all of it into our planning.

I mention this, because I know that after reading the above list, there will be immediate questions about "what about feature X?", or "Why not feature Y?". To that, I say:

If we're not doing it in v17, we're more than likely still planning it, but the order of priority might might be different than you prefer
Some of you will disagree with one feature being chosen over another, and perhaps even disagree very strongly. Just know that this doesn't mean we're ignoring your feedback. The majority of the features and focus of v17 are driven by requests coming from these forums. We're listening!
The above list isn't exhaustive, or detailed. What you're looking for might still be planned for v17, but I can't outline all the details just yet. Stay tuned for the start of beta.

Finally, I want to call out a group of features I know you're going to ask about. Renaming/disabling interfaces, and other objects. It's obviously important, and highly desired in the community. Some more enabling/disabling options may be added in v17, but not interfaces, and there won't be improvements in what you can rename just yet, either. I know it's a big annoyance for some of you not have those features, but we need to do it right. (Bring on your apple, copy/paste analogies.. :) ) I worked with the teams to see if we could come up with a plan that included at least interface enabling/disabling in v17, but it wasn't practical. There are hidden costs, that aren't obvious, and there are also other projects in the works, that will significantly reduce those costs. At the risk of being too much of a tease in this post, we have a plan to implements enable/disable, renaming, and many other ui usability niceties everywhere. It depends on completing a project that's been in the works for a while, that I can't discuss just yet. Rest assured, it's all coming, and you're going to like the results! Be patient, and stay tuned!

Best Regards,

Alan Toews

Sr. Product Manager, XG Firewall

One last tease..

This thread was automatically locked due to age.

Parents

0 BrettMcNerney over 8 years ago

Is there any update on when the beta will start?

There are some key features hopefully that will show up that are greatly lacking in the web filtering area. UTM and every other device out there allows wildcards and more granular control at the policy level. We have have had to open up sites to everyone due to regex only being available at the global level and this isn't ideal and on some sites there is no way to know every single subdomain they use since they don't publish it.

Hope to see v17 become usefull as we have had nothing but issues with v16 web filtering letting things through it shouldn't and also being able to control access to sites the students need by grade level. If not may have to look at replacing with something else or adding an iboss or m86.

One other suggestion is support really needs training on the xg everytime we call in the person we get says I don't really have much experience on the xg but lets see what we can figure out. So often thigns are delayed getting answered or what they say is not really how it works so we spend a ton of time just debugging issues or figureing out workaround to achieve simple things that can easily be done in about every other firewall.

Don't get me wrong I like a lot of other things in the xg but web-filtering to me needs a major overhaul or upgrade of enhancements.
Cancel
Vote Up 0 Vote Down

Cancel
0 DavidPeterson over 8 years ago in reply to BrettMcNerney

I heard, and I won't say where except from a partner with vastly better inside knowledge than me, that the entire development staff for XG got canned and replaced due to the disaster this is. If that's true, there may be quite a wait for them to come up to speed and get another release out. Part of me hopes it's true, part not. I'd heard the way the code was written there were so many interdependencies that any little change or attempt at fixes caused many ripple effects. Sounds like the code train is just fundamentally rotten and needs an entire do-over, but that would take a long time, longer than Sophos can sit in limbo.
Cancel
Vote Up 0 Vote Down

Cancel
0 BrettMcNerney over 8 years ago in reply to DavidPeterson

I heard today from Sophos that Q3 for xg17. They wouldn't comment on the beta though only that late Q3 for a v17 release.
Cancel
Vote Up 0 Vote Down

Cancel
0 ChristineMeisinger over 8 years ago in reply to DavidPeterson

Woah! If this is true I am glad I decided to send the XG's back and Sophos was refusing to refund my Pro Support hours but now I think I will insist on it!
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 8 years ago in reply to DavidPeterson

Thanks David for your reply.

We knew that the code was/is not robust enough to consider XG a real UTM9 replacement. For sure if they changed internally something after the first, we are at half of the way to succeed. UTM9 was robust since first releases. XG is still based on Cyberoam and modifiying code is not simple; making it robust is even worste. Most of time programmers prefer to start from scratches in order to make a good code.

Now we seen what will happen. v17 cannot fail otherwise Sophos will lose all of the UTM customers. v17 is expected for September now, I guess, so we should get hands on beta during July somewhere (I guess and I hope).
Cancel
Vote Up 0 Vote Down

Cancel
0 axsom1 over 8 years ago in reply to DavidPeterson

That's interesting. Helps fill in some of the gaps from my own assumptions on what is going on.

I was getting the sense that the next big project was a rewrite from scratch, but I have no idea obviously. We can only speculate but in the meantime, v17 at least appears to be a bridge to something better.

I'm still excited about v17. I've been an early adopter to XG and have come to prefer it. I know it's limitations and thankfully for 95% of my customers it's more than enough for what they do. My teams biggest gripe, has always been logging. Coming to Astaro from a SWall, I was greeted with logging beyond anything we had ever experienced...and it was on box and kept for more than 90 seconds!! We got spoiled quickly and now it feels like I'm back in 2000 with the logging on XG in it's current state.

I might be a pie in the sky, rose colored glasses kinda guy, but I firmly believe Sophos is behind XG and investing their resources in making it a very capable competitor in the MQ enterprise firewall/UTM space.
Cancel
Vote Up 0 Vote Down

Cancel
0 Bill Roland over 8 years ago in reply to DavidPeterson

I think its time for Sophos to come on here and address all the rumors and innuendo regarding XG. Some of the things in this thread are very concerning (code so bad it got the entire dev team fired?) and I think Sophos should clear it up. As I've said my experience, beyond the initial setup wizard leaving me with a non-functional internet (factory resetting and setting up manually worked fine), I've been fairly happy with the product. Yep logging could be vastly better and some of the things its missing are head scratchers, but if the code is a fragile as suggested here I will start to become very worried.
Cancel
Vote Up 0 Vote Down

Cancel
0 tom greene over 8 years ago in reply to Bill Roland

Hey,

I agree with Bill, its hard for me to stay committed to the xg platform without knowing whats going on. I think Sophos has great products and XG is not that bad but it just needs some more polish and stability. I hope someone from Sophos can gives us more info as to whats going on. It would be nice if they take their time and really make this a great product, but they need to do it in a hurry, because the longer it takes the more people will abandon an unfinished product like XG.

I have used the Cyberoam line of UTM's for the last 5 years and they werent as buggy as the current XG firewall. I understand that the old Cyberoam UTM's didnt have as many features as the current XG but at least they were more stable and bug free. I hope Sophos can get XG fixed as soon as possible.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 tom greene over 8 years ago in reply to Bill Roland

Hey,

I agree with Bill, its hard for me to stay committed to the xg platform without knowing whats going on. I think Sophos has great products and XG is not that bad but it just needs some more polish and stability. I hope someone from Sophos can gives us more info as to whats going on. It would be nice if they take their time and really make this a great product, but they need to do it in a hurry, because the longer it takes the more people will abandon an unfinished product like XG.

I have used the Cyberoam line of UTM's for the last 5 years and they werent as buggy as the current XG firewall. I understand that the old Cyberoam UTM's didnt have as many features as the current XG but at least they were more stable and bug free. I hope Sophos can get XG fixed as soon as possible.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data