This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IP-based License "downgrade" requires reinstall?

So we have a UTM9 deployed at Amazon (AWS) that is currently licensed for 100 IP addresses.   It's up for renewal and, after looking at our usage patterns and projected next year, we see no possibility of needing more than 50 IPs.   

We're currently being told by Sophos (via our reseller) that while they can provide a renewal license for 100 IPs, if we want to "downgrade" to 50, they will have to provide a NEW license (ok, no problem so far) and installing THAT license will require us to reconfigure the UTM from scratch.    i.e., they're telling me that installing the new license will completely wipe the existing configuration.  Now, esp. because this is an AWS ec2 instance, it's not too hard for us to save the config, destroy the old instance, bring up a new one with the new license and reload the saved configuration .....   

but should that really be necessary?   I find it really hard to believe that loading a new license will reset all config to factory defaults as they're telling me.   Can anyone confirm that this is indeed the case?   It *sounds* more like a clumsy attempt to lock us into the higher-cost license we don't need... but I want to believe better of Sophos than that...



This thread was automatically locked due to age.
  • I don't think it's anything other than a misunderstanding.  I'll send you a PM in a few minutes.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello, what was the final outcome? Had you have to reconfigure the UTM after applying the "smaller" new license?

    We are facing the same dilema.

    Thanks in advance

  • UPDATE: Things have changed for AWS-based UTMs.  See my post below.

    I've done this at two different customer sites over the last two years.  The reseller for lprikockis was either ignorant or dealing in bad faith.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Just did it: applied a new 25 users license on a UTM that had previously a 50 users license

    -> Worked like a charm

     

    Thanks Bob

  • Anyone an idea why it does not work with us?

    UTM 100 user network protection to UTM 25 user network protections subscription.

  • BAlfson said:

    I've done this at two different customer sites over the last two years.  The reseller for lprikockis was either ignorant or dealing in bad faith.

    Cheers - Bob

     

    Hi Bob,
     
    What is the trick? We have the same exact szenario. UTM installed on an AWS server, 100 IPs, only network protection subscription.
    We got a full new network subscription / license for 25 IPs (no renewal) and it does not accept it. Currently we even have a test license as the old one expired. How to get the licences accepted?
  • Apparently, Robert, too many people were cheating with their UTMs in AWS.  Sophos now requires any new or renewal license on AWS to be a minimum of 150 IPs.  Instead of the BYOL approach on AWS, can the PAYG work for you?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    that explanation makes sense to what the error message says. 25 is not 150 -> Error.  Looks like my reseller had no clue as he does not know how to install a licence without reinstall (still unanswered btw)

    We had 100 IPs before and only use it for a few incoming User VPNs (Currently daily is 8 max) and the reseller sold us 25 now. After it did not work, he claimed that a new install is required, just like the initial post of this thread, hence the question what the trick is with getting it installed.

    I did have a look at the PAYG, but wouldn't that require a new install as well?

     

    [It could be an option, but it opens so many more questions. You refer to this one: https://aws.amazon.com/marketplace/pp/B01M1ORUI6 ?

    We only want to cover a few more weeks with this one and right now we only have and need network protection. Is the billing only depended on the instance? It looks to me I can only get a fix set of bundle which I would guess is FullGuard Plus? So PAY as go for Fullguard if I only need network sub?

    The AMIs are quite old t2, m3, why? What if I wanted a t3a micro, small or medium or m5a? ]

  • I'm not a guru on AWS, Robert - I just know it well enough to install and manage an instance.  I've not used PAYG.  I think you can get a one-month free trial of PAYG UTM where you only have to pay for the AWS time used. 

    You should be able to get a 150-IP trial license from your reseller to get your current instance going again.  You should then be able to make a backup with 'Unique site data (license, passwords, certificates/keys, endpoints)' removed.  That should be restorable to a new PAYG instance.  Depending on how your VPNs are configured, you will probably need some time to reestablish them.

    Ich wünsche Dir viel Glück dabei !

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA