UTM Version 9.352-6 and 9.318-5 released (Do not install!!)

"Slipped Our Attention"

Sascha and Sophos,

Sophos has failed for 3 years to deliver stable firmware. Each and every release is riddled with breaking changes, new bugs and reintroduction of old bugs, most of which "slip the attention" of QC. Nothing gets better, nothing changes. This nonsense is business as usual for Sophos and it is unacceptable, if not outright arrogant to imply that this is an anomaly and not business as usual.

It is not just bugs and breaking changes that raise the ire of my customers. I have UTM units that are less than 2 years old, vastly oversized for their use cases, that are in constant resource shortage. Said units are running a minimum of services with IPS, Dual Scanning and other "features" turned off or down the to the minimum. Support's answer? Turn off more services. Corporates answer? Take advantage of the wonderful trade-up program and charge the customers again. Why? Mostly because Sophos refuses to add $15 of RAM to shipping devices but refuses support if the customer adds the RAM. ARROGANCE.

If is patently clear that Sophos is more concerned about a silly road-map, aimed at useless Gartner awards and clueless buzz-word buyers, than they are about creating a stable product.

This state of the UTM is the inevitable product of open source mixed with proprietary code that is owned by an arrogant parent and managed by a team that did not build it from the ground up, who struggles to keep their heads wrapped around it and the open source, let alone keeping up with asinine roadmap and forked releases.

Where is IKEV2 and the ability to turn off Anti-replay, or is Sophos just going to leave us with a bastardized IPSEC implementation forever?

Another year and still no way to permanently and fully disable TLS 1.0 - Shall we wait another year for that as well? There is nothing like an enterprise class firewall that can't pass a simple PCI compliance scan.

Where is that long ago promised EASY way to blacklist offending IPs? Or do you prefer we just keep building hundreds of network definition objects for that? I mean in this day and age of constant targeted attacks, who needs to quickly blacklist IPs right?

On a side note: This forum layout is horrid, no way to navigate pagination, etc. You guys really know how to make things " better" for us at every turn.

Like many others, I can't simply walk away because I have asked almost every single one of my customers to invest in this garbage. Asking them to re-invest in something else will not fly, and I do not have the resources to eat the cost of replacing all of these devices with something else.

"Slipped Our Attention" is the theme for this entire product, and just about everything else Sophos touches.

Thanx for your comment, BeanAnimal.
I fully agree. Unfurtunatly I checked this strategy by Sophos even after the order of new hardware and maintenance for more than 10.000€. So I bound another 3 years. Time enought to look around for alternate products.
BeanAnimal, if you have an advice, it'll be nice to let me know.
Greetings Nathan

Thanx for your comment, BeanAnimal.
I fully agree. Unfurtunatly I checked this strategy by Sophos even after the order of new hardware and maintenance for more than 10.000€. So I bound another 3 years. Time enought to look around for alternate products.
BeanAnimal, if you have an advice, it'll be nice to let me know.
Greetings Nathan