Sophos XG Room for Improvement

SherifFouad
IT Manager-Africa/Technical Services Manager at a mining and metals company with 201-500 employees
The major problem that I am facing, and I know that others are facing as well, is with the HTTPS classic, in general, or any classic that works on Secure Socket Layers. Let's say I set up a rule to block users from accessing YouTube or Facebook. The rule will only block the HTTP traffic, which is non-secure traffic. But most websites right now, most of the reputable web services providers, for extra security for their own web servers and for the user's security, provide a connection over Secure Socket Layer. The problem comes when you are trying to block, or allow, similar traffic that uses HTTPS. You have to create a certificate and import it into the users' web browsers, whatever they are using. Now, this is not a problem when you're dealing with users stationed and fixed in a specific site or location. They are using desktops, they will never take the desktops and go home with them, nor will they ever take the desktops and travel to another country, or another site with it. The problem occurs when you're dealing with roaming users who use laptops and have to move between different sites that have different types of policies applied to them. You have to import all sorts of certificates from each site into their browser. Doing so will most probably conflict with something else that is totally irrelevant and cause a problem. A way around this is if you are using authentication with Active Directory. But most of the time, especially if you're operating in a remote site with a very slow internet connection, if it's available in the first place, authentication with Active Directory is impossible. So it needs an easier way to apply HTTPS filters, without importing certificates into users' browsers and without the need for using an Active Directory. There must be a way around it. There are workarounds. But with applied workarounds, it will work out once, it won't work out properly 10 other times. That is my only request. Also, since Sophos took over Cyberoam, the online technical library and support library have become super messy. To get a piece of information is becoming a nightmare. They need to reorganize the online technical support and technical library. The easiest way to overcome this is to look at how the Cyberoam online technical library was structured and to build the Sophos technical library the same way. It is messy, totally unorganized, time-wasting. Instead of getting what you want in five minutes it takes half an hour. View full review »
Hesham Sakr
IT Infrastructure & Security Manager at a university with 1,001-5,000 employees
It is performing well. However, the only challenges that we are facing are the effectiveness with blocking the proxy and tuneling applications, aside from proxy and similar applications. So the application filter on the product is not really performing 100%. Every now and then there are some updates that are happening on such applications, and it takes time until it gets the appropriate updates and becomes capable of capturing such applications and blocking them. A new feature I would really like to see would be some sort of an enhanced application filter with greater efficiency when it comes to the applications that can bypass firewall policies. These applications are really a nightmare. Once they are on the network and not detected, or the appliance is not really successful in capturing them and unblocking them, the bandwidth gets wasted all the time. View full review »
SecMgr5390
Senior IT Infrastructure Solutions Engineer at a tech services company with 51-200 employees
I would like the update process to be easier, to update the firmware of the boxes. I think it's much better automatically than having to do it manually: Download the file, do network discovery. If they can make the update process much more automatic that would help. View full review »
Jeroen Vercoulen
System Engineer with 51-200 employees
Email Protection has room for improvement. It doesn’t have an intuitive rule base. I would much like it to be like the Sophos UTM software. The level of detail in the settings is much too low. View full review »
Danyllo Cabral
IT Project Consultant at a tech services company
Sophos XG lacks link load balancing options like ratio and spill over, both useful in some scenarios. I also think they might consider improving the RAM of some of the appliances, since there are processes that are very memory intensive. Lastly, I would say packet monitor is another area for improvement as it lacks capabilities like exporting the capture from inside the GUI tool. View full review »
Sean Gambill
Lead NOC Engineer at a energy/utilities company with 51-200 employees
The VPN and central management need to be improved, but that's being nit-picky. The IPsec VPNs are a little on the buggy side and you sometimes have to jump through hoops to get it to work. When I looked at them last, they were still in development for the centralized management of the firewalls, so when I saw it, it was very much in its infancy. One more thing to add to what they can improve is the firewall policy presentation, they have their own special way of doing it which takes time for some to get used to, especially if you’re used to Cisco ASA. View full review »
Ivanildo Teixeira Galvão
Consultant Information Technology at a tech company with 51-200 employees
It could offer other important functions such as a DNS Filter for blocking botnet networks. View full review »

Sign Up with Email