Problem is it sets the name of all of the tunnels, ACLs, objects, gateways etc to a random string. Then it goes out and sets it all up for you. They recently released SD WAN orchestration via their central platform but it’s just a quick wizard where you choose the firewalls to group and what resources will be shared. MSP crowd is the push where it’s attractive for the new/low skill guys to be able to click click click basic config. The biggest issue with them is that they are designed for people who don’t actually know how firewalls/routing work and want to use a wizard to do everything. I manage dozens of these by force and I can say that they have grown on me a little but I still don’t like them, they are just ok. stop treating engineers like we're pleebs that need a dumbed down interface that hides things) The moved some buttons to more logical places, stopped hiding certain options by default (like the edit buttons), fixed the UI so it has scroll bars and sticky panes so that it can run on lower res screens, and fixed several annoying bugs.Īt least they had the decency to put the options in the same places.īest advice I got from support Top right corner of the screen click the login name > Select 'classic mode' > most problems solved (I've told the devs that should just be the goddamn default. I spoke my piece and a month later a bunch of the complaints I made about the Gen 7 gui got fixed in the new firmware. Oddly enough when I got my hands on a Gen 7 I made complaints to the sales team about the UI as a vendor and to my surprise they got me in touch with the development team for Gen 7. The old firmware upgrade process left a high chance of installing with factory settings if you’re not really paying attention. I also find firmware upgrades painless with them these days which is good. Pre-6.2 was difficult for a lot of people (myself included) because it was a bit disjointed in how the workflow was but after that they’ve been doing a lot to simplify the user experience. The TZ300’s are pretty old at this point but the SonicOS version would play a huge part since they qualify for the 6.8 firmware. Unfortunately I only have one customer with one right now but it was managed by someone who didn’t know what they were doing or had a clear plan with the end goal so it’s an absolute mess. The vpn performance on site to site is good but that SSLVPN app seems to have problems with breaking itself on multiple workstations with enough frequency that I am skeptical of it. I find some stuff with Fortigate easier but there’s multiple ways to do a lot of things which can be problematic when two people work on it but do things differently. Hope other people have had better experiences but for me this bridge has been burned. As an engineer you never know if you did something wrong or if the firewall is having a tantrum. What I think is the worst is the lack of consistency. The above has happened across multiple deployments now, all different models so it's unlikely I just got a bung unit. Again, a restart is needed to resolve.īuggy firmware - It has happened more than once now where what should be a simple firmware update, bricks one of the devices in an HA pair. It doesn't drop them, it just does nothing. The configuration is correct, packets are arriving at the interface but the XG just decides not to process them. Reboot needed to resolve and you never know which config you'll end up with. A reboot fixes it but sometimes on reboot it takes 5 min to come up, sometimes 15 min.Ĭonfiguration disparity - At times, the Web UI configuration will show different values to the CLI. Web Interface/CLI - The web interface is slow and clunky and sometimes just hangs. I don't even know where to start so will just do a brain dump. I've worked with many firewalls over the years and have never come across anything as buggy as Sophos XG.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |