I know this is an old thread, and sorry for bringing it up again, but when the license expires are you still able to log into the appliance? I've no issue with the services stopping when the license expire (although dropping VPN's is questionable give any other hardware device that uses VPN's doesn't need to be renewed to keep them up - but I accept that's the way this one works.)
I can't remember the last time a renewal license key didn't appear in our inbox within 24 hours after we'd placed an order for one of our clients. I understand that Sophos does things differently in the EMEA region than in the Americas region, but I don't know the details.
Cheers - Bob
I agree here, I have had problems even with my sophos reseller portal not showing all the devices correctly and email notifications to the client are not always bullet proof.
Another comment I would add is that SOPHOS seems to be the only commercial subscription based security appliance I have run into that kills the VPN connection. So I would disagree that VPN is NOT a part of a standard firewall. The majority of firewalls are routers, and a router is a industry standard to have VPN (especially IPSEC) functionality. (Sonicwall, WatchGaurd, FortiGate allow you to use VPN IPSEC functions with no license)
I have deployed a multi WAN client with Sophos UTMs and we stopped installing them after realizing we would loose VPN function after the initial 3 year license. Since we migrated to sophos software based endpoint filtering too we only wanted basic router functions. So now we are pulling all the sophos and putting the old sonicwalls back in place for the small remote offices. Sad and disappointing on sophos part.
Alternate would be to pickup some Ubiquiti EdgeMAX or USG routers for small offices, Mikrotik work well for this purpose too. Just depends on what kind of management you would like to do.
The added VPN functionality is part of the enhanced routing facility within the UTM licencing model, not the basic.
A bit like you dont get Layer3 routing on a Cisco catalyst capable device unless you pay for the enchanced licence.
Not granted the software doesnt stop working on a cisco if you dont take out the TAC support for the next year, but that risk of running non supported equipment (ie no updates) in business seems too much in from my point of view.
But it's good to have choices, if the Ubiquiti stuff meats your needs then fine, but there's only so much it scales to. Same for Cisco vs HPE vs Dell vs Juniper etc for switching/routing. You need to be aware of the pluses and pitfalls for each device and the licencing that goes along with it.
I just learned this as well, the hard way. We lost VPN and even WiFi because WiFi is licensed as "Wireless Protection." Yes, WiFi, as in antennas sticking out of our box are now decorative and we had to a get an AP. I am sorry but VPN and WAN link balancing should be the standard as well.
Oh how neat, thanks Sophos!
Security Made Simple....really simple.
A minimum of an SG 115 with Network Protection is needed for VPN/RED/IPS. Over a period of six years, this is less expensive than a RED 50 with warranty extensions for a remote office.
Other than that type of general commentary, you won't see any resellers posting information about prices here. Anyone with a question about pricing and purchasing recommendations needs to be talking with their reseller.
Cheers - Bob
A minimum of an SG 115 with Network Protection is needed for VPN/RED/IPS. Over a period of six years, this is less expensive than a RED 50 with warranty extensions for a remote office.
Other than that type of general commentary, you won't see any resellers posting information about prices here. Anyone with a question about pricing and purchasing recommendations needs to be talking with their reseller.
Cheers - Bob