Hey AlanT,
Hope you can update us on the future of v17 and future of v18?
Since v17 is released i'm sure alot of new improvements are in the pipeline.
This thread was automatically locked due to age.
Hey AlanT,
Hope you can update us on the future of v17 and future of v18?
Since v17 is released i'm sure alot of new improvements are in the pipeline.
Hey tom greene
Make sure to keep an eye out on our Release Notes & News and Sub-groups for new updates and upcoming betas for future releases.
I'll also tag AlanT and talex in case they wanted to chime in with any further information.
Regards,
FloSupport | Sophos Community Engineer
V18 will go EAP in July, v18 is expected to ship late this year best case and early Q1 next year in the worst case.
Emile
Common sense dictates you take XG for what it does right now, and do not expect anything new in a predictable future. Meaning, if XG cannot do what you need right now, use something else 3 or 4 years, and check XG again only then. Ironing bugs in v18 will take 3 years. Much like v16/v17 - one and the same - which is clearly not ironed yet.
I'm more convinced than ever Sophos should scrap XG altogether and pimp up everyone's favorite: UTM.
Paul Jr
Hi Paul Jr,
v18 is supposed to be a complete rewrite of XG.
History. I have said this bofore in other threads from memory. When Astaro was running the show they employed a forum member oto review available takeover firewalls. When Sophos took over they decided to but what is now XG against much advice from forum members and the person they employed to review the offerings.
The reason why Sophos wanted a newer product was because the UTM was becoming too bloated and adding features was becoming very time consuming. If you compare the number of default services etc in UTM compared to the XG you being to understand why the UTM was bloated but a much better product.
Now hopefully V18 will fulfil the promises about a better and more flexible product that was supposed to ben the earlier versions of XG.
Looking forward to trying V18.
Ian
Hello
Complete re-write ? I'm perplex because to my understanding, most of XG/SFOS core/features is Open Source. For example, the mail gateway is EXIM. https://www.exim.org/ I doubt they would re-write this.
I would described XG (i.e. SFOS) as a GUI that implement some of the features of the Open Source code used behind the scene, via CLI/scripts.
I suspect that Open Source code already has many features we are cruelly missing. It will become available only in v18.
My 2 cents.
Paul Jr
Hello Paul,
V18 is a full redesign and kernel do over from the ground up that was started shortly after the release of v15.
This was done so that the systems can be designed to support the ASIC based hardware and fully diverge from Cyberoam and truly be the Sophos Firewall OS. Everything between v15 and v18 was jus feature/function tests for v18 and what is release later this year is the culmination of the experience of Astaro and the ambition of Sophos in the NSG market.
You misunderstand the depth of rewrite, they aren't going to redesign exim or snort, that would be stupid. They are redesigning how the the entire system is put together.
Emile
Hey that sounds promising. [Y]
But two questions about that:
1. Do you know when the EPA program will be started? (Mid or end of July?)
2. Can a home user participate?
Thank you.
This ASIC still has to be some form of RISC CPU. Or "reduced" RISC in this case ... They did certainly not re-invented the wheel.
There are tons of development tools to migrate codes specifically for a CPU to another CPU. They could run "as-is" on another CPU if they wish. Kind-of. Or would it make any economical or strategic sense ?
As for the Kernel, for what I know, 99% of Kernels have disappeared from this planet. Kernels eco-systems have been shrinking dramatically since the 90s. Everything started to gravitate around two or three options. No-one has the money, balls, or guts to rewrite a "Kernel" from scratch. It's either Linux or Windows alike now. Those Kernels that are really apart these days are "Real Time" kernels (we find in programmable controllers (PLC) or Numerical Controls (CNC) for example)
I assume Sophos play "Lego Bloc" with what's existing and while adding or removing Kernel features, they try to fit this to the actual high level code. Like EXIM.
I suspect the complication at doing so is not because few very complicated things. It's more because there are billions of simple things to go after.
When we see very simple things repeatedly broken, like DHCP, Reporting, and so on, and very simple features still absent like NTP management, we can only scratch our heads and wonder what kind of fight they have on the sub-basement called "Kernel".
SFOS v15 was end of 2015 ... That’s a lot of time to re-write a “linux-based” Kernel … The real danger here, that we can already observe at the competition, is SFOS might reach obsolescence before it’s even born !!!
Paul Jr
Hi Paul,
"This ASIC still has to be some form of RISC CPU. Or "reduced" RISC in this case ... They did certainly not re-invented the wheel."
Why does it have to be Risc based? Sophos are not departing from the core of the system being x86 based, they are using ASICs for offloading of SSL, IPS and other repeatable tasks. ASICs existed long before Risc.
"There are tons of development tools to migrate codes specifically for a CPU to another CPU. They could run "as-is" on another CPU if they wish. Kind-of. Or would it make any economical or strategic sense ?"
As above, what do you mean? Sophos are not moving CPU.
" As for the Kernel, for what I know, 99% of Kernels have disappeared from this planet. Kernels eco-systems have been shrinking dramatically since the 90s. Everything started to gravitate around two or three options. No-one has the money, balls, or guts to rewrite a "Kernel" from scratch. It's either Linux or Windows alike now. Those Kernels that are really apart these days are "Real Time" kernels (we find in programmable controllers (PLC) or Numerical Controls (CNC) for example)"
I suppose Kernel rewrite may not be entirely the correct term, they are basing it off one of the latest Ubuntu kernels (afaik) but Sophos always makes sure to make all the adequate changes and modifications to the OS to harden it. So it may be based but it is "re-written" as such as it is no longer an off the shelf product.
"I assume Sophos play "Lego Bloc" with what's existing and while adding or removing Kernel features, they try to fit this to the actual high level code. Like EXIM."
The vast majority of firewall vendors do this, most of them are using iptables, snort, squidproxy/awarren based, exim and other open source tools. Sophos is no different, it's how they connect them and fit them in that creates their USPs.
" When we see very simple things repeatedly broken, like DHCP, Reporting, and so on, and very simple features still absent like NTP management, we can only scratch our heads and wonder what kind of fight they have on the sub-basement called "Kernel". "
Somethinf being broken by changes or improvements is nothing new, can't defend them on this because we have Customers whom are affect by the major bugs some of which you've noted. I hope they're fixed soon and i can guarantee you i apply the pressure where i can as well, if i can.
"SFOS v15 was end of 2015 ... That’s a lot of time to re-write a “linux-based” Kernel … The real danger here, that we can already observe at the competition, is SFOS might reach obsolescence before it’s even born !!!"
As the first XG in the architect in the UK (full stop) i definitely don't need to be reminded how poor the release for v15 was handled but they have come leaps and bounds since. Sophos have put their Q4 release (latest Q1 start) as their on the line "this has to be done" and they know if they don't it will cause more problems than they can imagine. I have been dealing with delays of v18 since early Q2 last year.
@TheBalmasque, EAP v18 should start this month or latest start of August and i believe you should have no problems running it on home.
Emile
Thanks Emile for your posts, really good stuff.
From the "cheap seats" of a customer, I can say that while I'm happy with my XG's (I came on after v16 was released, so I didn't experience v15), I'm very much looking forward to v18 and hopefully seeing the "rewrite" pay dividends in reliability improvements and feature introduction.
Thanks Emile for your posts, really good stuff.
From the "cheap seats" of a customer, I can say that while I'm happy with my XG's (I came on after v16 was released, so I didn't experience v15), I'm very much looking forward to v18 and hopefully seeing the "rewrite" pay dividends in reliability improvements and feature introduction.
Hello Bill,
Happy to help but please remember I'm not a preacher in Blue, Sophos could change arrangements or roadmaps at any time and what is said is just an opinion :)
Emile
