Is it worth changing to an XG version?

I played with XG at home.   I used a crude configuration, using XG Firewall inside VMWare Workstation running on top of Windows, which could only monitor traffic coming from the host PC.  So some of my results may be skewed by my weak test environment.

XG Upsides:  

XG seems to be a true firewall that understands Intranet, DMZ, and Internet as foundational concepts.

XG has a "Sophos Learning" option which can be enabled.  In my perfect world, all of my "uncategorized" links should be forwarded to Sophos for categorization, at least daily.  So I wondered if the Learning option was the answer to my dreams, but I never found a detailed explanation of what data gets shared or how Sophos uses it.   By comparison, I have not seen any evidence or documentation to suggest that UTM provides feedback to Sophos or McAfee.   One would think that if UTM blocks a lot of hostile content from www.example.com, that the reputation of that site would be automatically downgraded.   If it happens, I don't know how, and I am sure that UTM Uncategorized sites do not get automatically processed.

XG Downsides:  

Web filtering combines the concepts of "Category" and "Reputation" into a single item.   I view this as a blunder.

UTM Web Filtering uses category and reputation scores are a combination of Sophos and McAfee (TrustedSource) research.   XG uses only Sophos data.    Posts in these forums complain that the XG database information is (or was at some point in the past) significantly inferior to the UTM database.

I found the XG user interface very difficult to read.   Maybe my eyes are too old.  I also found the user interface generally harder to understand than expected, especially since it is intended to be easier to use than UTM.   I never really understood how to map my entire UTM configuration into the XG test environment, so that I could say "X is comparable, Y is a new capability, Z is a missing capability".

Posts in the forum complain that XG logs are purged after 30 days.  My greater complaint was that the logged data seemed too limited to be useful.

Overall, I concluded that XG was a long way from replacing UTM.    Fortunately, I froze my UTM environment at 9.408, so the roof has not caved in on me as it has for others who upgraded.

XG is still missing many features compared to wonderful UTM9.

Web filtering is working much better on UTM9 because as DouglasFoster wrote, UTM9 is using both Sophos and McAfee engine (we will missing it). In fact some ADS and other websites are not correctly blocked.

Relying only on one engine is always a POF. We hope that in Sophos they will think about that and add McAfee even on XG. Maybe Michael Dunn can have a look at this question and take note of it.

For the rest, web filtering is still missing Regex on Policy&Filter (it is available only on exception tab) but the way they designed the web filtering is fantastic in my opinion. You can decide if you want to use a single firewall rules, attach a Web Profile and customize that web profile for all users using groups/users or create multiple firewall rules using on each one a web profile.

Network Protection, finally, has IPS per rule. On UTM9 IPS is working globally and no way to configure IPS per single firewall rule and no way to create and import Custom IPS rules. What we complained is that XG is using too much space per each single firewall rule. Imagine with 300/400 firewall rules. On v17, they are reducing the space taken by each firewall rule.

XG is improving a lot and even with latest MR is more stable and bugs are reduced. We expect to have the rest of the features in v17 and v18.

So my advice is to always try the XG as you normally do for any new products (or things in a life) and understand/compare what you like and what you do not.

WAF and Wireless features are almost the same on both XG and UTM9.

Regards

What else is missing from the v16 of XG

1/. country blocking - selective

2/. NTP proxy

3/. DNS proxy

4/. mail proxy - MTA partial

5/. logs that live longer than a restart

6/. connection report that shows real connections and does not include devices removed from the network some time previously.

7/. IPv6

8/. DHCP linked to DNS

What does work,

mail scanning as long as you use the configured ports in XG, if you use other ports for mail well that doesn't work. You cannot add additional port to the mail scanning rule. XG does not abide by the mail rfc regarding port 465.

Mail use reporting, just a joke.

Somewhere in the UTM there is a report to Sophos of the url categories, but can't find it at the moment.

Looking forward tot eh much promised v17.

What else is missing from the v16 of XG

1/. country blocking - selective

2/. NTP proxy

3/. DNS proxy

4/. mail proxy - MTA partial

5/. logs that live longer than a restart

6/. connection report that shows real connections and does not include devices removed from the network some time previously.

7/. IPv6

8/. DHCP linked to DNS

What does work,

mail scanning as long as you use the configured ports in XG, if you use other ports for mail well that doesn't work. You cannot add additional port to the mail scanning rule. XG does not abide by the mail rfc regarding port 465.

Mail use reporting, just a joke.

Somewhere in the UTM there is a report to Sophos of the url categories, but can't find it at the moment.

Looking forward tot eh much promised v17.