Hey AlanT,
Hope you can update us on the future of v17 and future of v18?
Since v17 is released i'm sure alot of new improvements are in the pipeline.
This thread was automatically locked due to age.
Hey AlanT,
Hope you can update us on the future of v17 and future of v18?
Since v17 is released i'm sure alot of new improvements are in the pipeline.
Hey tom greene
Make sure to keep an eye out on our Release Notes & News and Sub-groups for new updates and upcoming betas for future releases.
I'll also tag AlanT and talex in case they wanted to chime in with any further information.
Regards,
FloSupport | Sophos Community Engineer
The game may balanced with UTM in 2020 (I'm forced now to doubt it). But Sophos is loosing ground compared to the competition.
The "Unified" principle is being catch-up by everyone in the industry. On-Premise "Unified" is being killed by everyone in the industry and will soon mean "in the cloud" almost most certainly. Hybrid or not ... May we like it or not.
Just look at Symantec Endpoint Protection in the cloud ...
2020 will be too little too late.
PJR.
Hi,
in another thread i read it is currently scheduled for H2 2019:
Hello TheBalmasque,
I think it corresponds to what I wrote, I think the autumn of this year is H2 2019, or am I wrong? I think we all have an experience with the published (predicted) terms that Sophos publishes. In my opinion autumn this year a very optimistic term. If I remember well, the v17.5 MR1 that should allow APX access points was scheduled for mid-December last year. And now is the end of January and support for APX in XG still is not available, right? It is planned for next week, but maybe could be delayed for a week ...
At the latest in two months we will know who was right. The first milestone is planned at the end of March, so we will see ....
Regards
alda
The issue with HA is only affecting Sophos XG Management through Sophos Central.
This issue is also present in Sophos XG 17.5 GA.
The problem is, that with this issue a Sophos XG 17.5 GA or 17.5 MR-1 can't be managed through Sophos Central.
It isn't affecting anything else in HA Setup.
Also Sophos XG 17.5 MR-3 is scheduled for 10th Feburary 2019.
So you might want to wait for that. :)
Hi Ian,
My apologies regarding this delay.
Our team has recently published this KBA to provide more information regarding APX and Sophos XG Firewall compatibility.
Hope that helps! Please don't hesitate to reach out to me directly if you had any further questions or concerns.
Regards,
At the pace things goes, I will most probably get "exited". I have a year left on subscription and as usual, in 6 month I will take a decision. V18 won't be there. I am not enthusiast at moving things on another platform, considering moving into XG was the most painful in my life, but what I see here just don't work.
When they engaged into wrapping many open source products and integrate them into an interface package called XG, the idea was nothing short of excitements. "All-in-One" dream like we say.
However, the implementation that was once first and unique is being was doubled by other actors in the industry. Seriously. Much like the story featuring actors like a turtles and rabbits.
Don't get me wrong, APX is a welcome addition, but I welcomed that addition in written here more than a year ago.
XG is trailing behind just too much. The level of knowledge required to make XG work properly is such that one might wrap all those package himself. XG being just a GUI in fact.
It is only my opinion however. Everybody else is welcome to be more optimist.
Paul Jr
Also, as a reminder:
MR1 – Was for Central Management EAP Fixes.
MR3 – APX and Airgap Support – February 10. Well it's delayed for now.
MR4 – Backup Features. Encrypted Backups and Backup Management from Sophos Central - March That is two weeks from now. That was no priority.
My list, which is pretty basic requirements :
Logs are still helpless.
Would be nice we had something that compares to Checkpoint ...
Some shy improvements in v17.5.
The best would be a direct link with WireShark while logs becomes acceptable in a future version.
STAS needs a complete remelting.
Why not having A SINGLE CLIENT FOR ALL SOPHOS PRODUCTS AND APPLIANCES ?
Instead of going tru all those ports, registry keys, et.c. non-sense setups ?
XG as an NTP is a basic requirement. Should have been done long ago.
Full features DHCP.
At least we could point desktops to 2 or 3 trustable NTPs.
Pooled NTP web sites is such a non sens to me.
2017 and 2018 were dedicated to bug fixes and stability almost exclusively. Seems to me the real improvement this year was the MTA.
None of this is on Sophos' radar.
Paul Jr
Big_Buck said:2017 and 2018 were dedicated to bug fixes and stability almost exclusively. Seems to me the real improvement this year was the MTA.
Apart from the bits they've now broken. DKIM message body hashes for example - workaround is to bypass outbound scanning of internal mail servers that perform DKIM signing.
I did not know DKIM was busted on Sophos.
But that said for $900 a year, I have the much much more powerful and flawless Symantec Brigthmail MTA appliance. With every functions you can imagine.
If you toast a single day debugging Sophos Mail Gateway, or Sophos MTA, you already blew up that amount of money. It is pointless to persist with mail on any Sophos products. Unless you have more than 500 Users I would say.
Paul Jr
Well the MTA in XG 17.5 doesn't do DKIM, but it's modifying messages beyond just whitespace changes such that the message body hashes are broken.
This is probably why others are also seeing MIME message headers in their mail clients - the MTA is modifying the messages sufficiently that the mail client is no longer capable of displaying them as intended.
Will be looking at options this year for better mail filtering and IPv6 support - the current and expected feature set just isn't there.
What I wished was a single yearly renewal. But whatever I wish, there is no such thing as a UTM. Because there is no such thing as unified thread management. Soon or later, a component on the suite fails to bring the minimum. That is true with Sophos, Sonic Wall, or whatever else.
So, since I am stuck with two renewals, I will also move to Symantec EndPoint Protection. Flawless set it and forget it solution. One reason I moved away from it was the disappearance of their Enterprise suite. But I hear it is back. Sophos SEC requires the same maintenance as anything else from Sophos. Chronophagus.
Not set for the firewall yet, but very basic features I require are not even on the radar. I cannot live without a full DHCP or NTP anymore. I hate to maintain a VM per subnet (DMZ, Production, et.c.) just for those roles. And I cannot live without a workable log.
As for IPv6, I won't even try to implement this on XG since it REALLY means maintaining TWO firewalls. As you now, rules, objects, and everything in IPv4 are totally separated with IPv6.
I do not save times with Sophos. Everything is much longer and much harder to the Symantec/Checkpoint combination I had before.
By the way, the published set of new features for the next XG 17.5.x, probably in April 2019 since it is schedule in March 2019, is "better centralized Backups" ...
Other than that, I see nothing of any interest this year mentioned anywhere.
Paul Jr
Have you tried the SG product line (aka UTM)? Its much better than XG (IMHO). I recently switched a customer from SG to XG and let me tell you, its been a painful transition. (The reason for the switch was the integration between Intercept X and the XG firewall.)
Your right about DHCP and NTP, and don't forget about trying to make sense of the log files, either from the GUI or the command line... My biggest complaint about XG is the logging.
That and the damn CSS (or whatever) that limits the width of the "viewing portal" on the web pages...
One last thing, SG supports getting certificates from Let's Encrypt automatically. That means no more forgetting to renew and upload/install/waste 10s of minutes on a certificate. I'm not sure what is worse, trying to remember what to do with certificate(s) and private key(s) after 1 or more years, or having to do it every 90 days or less...
Almost forgot about the ability to search the interface that SG has...
I will to get off my soapbox now.
But, Symantec, seriously? I honestly think your better off with Windows Defender. I mean, lets face it, who has a more vested interest in protecting Windows than Microsoft?
To be honest, Sophos AV is the only 3rd party AV product I feel comfortable recommending anymore. I only sell Sophos products because I understand what it is that they are trying to do and I believe that they are doing it well, (OK, XG has a long way to go...) and they are doing things that no one else is doing (at least I'm not aware of any other company doing it...)
Maybe your unaware of Symantec's follies somewhat recently?
https://www.zdnet.com/article/symantec-antivirus-product-bugs-as-bad-as-they-get/
From above link: "...they were using code derived from open source libraries like libmspack and unrarsrc, but hadn't updated them in at least seven years."
Meaning that the exploit was available for at least 7 years before 2016. True it was a while ago, but seriously? How about them as a Certificate Authority?
