Sophos Firewall OS v19 MR1 introduces changes to our support licensing and future access to firmware upgrades
Currently planned for July 19, 2022, the soft release of Sophos Firewall OS (SFOS) v19 MR1, will introduce some changes to the scope of our support licensing and future access to firmware upgrades.
Once a firewall is running v19 MR1 or later, subsequent firmware upgrades will require a valid support subscription. To allow customers without support sufficient time to add the subscription, the first three firmware upgrades after MR1 will be free.
Once the allocation of three free upgrades is exhausted, the support requirement comes into effect and further firmware upgrades will only be possible if a valid support subscription is available.
Immediate Action Required
Future Action Required
Owns a valid support subscription
Applies to Enhanced and Enhanced Plus
None, as long as support remains valid
Has no support subscription
e.g., using Base License or individual à-la-carte subscription only
None - eligible for next three upgrades after v19 MR1
Purchase support to continue receiving upgrades
Using a Trial license
None, support is included
None, no change
Using a Home license
Customers who have a valid support subscription
For the approx. 80% of Sophos Firewall customers who already have a valid Enhanced or Enhanced Plus support subscription, there will be no change.
Customers who do not own a support subscription
Customers who have just a Base license or an individual à-la-carte security subscription without support today, do not need to take any immediate action. However, to continue receiving firmware updates, they will need to add a support subscription once they have used their allocation of three free firmware updates after installing MR1.
Customers who have a trial license
Customers with a trial license are not affected as that includes support for the trial period.
Customers who have a Home license
Customers with a Home license are not affected.
Note: The three free upgrade limitation mentioned below applies to customers without an active support subscription only.
The allocation of three firmware upgrades postpones the enforcement of the support requirement even when there is no active support subscription. This is in addition to the initial install wizard firmware update.
Any Early Access Program (EAP), General Availability (GA), or Maintenance Release (MR) firmware version which is installed after upgrading to v19 MR1.
These updates will continue to be provided for any product which has not yet reached its end-of-life date for all customers and will not be deducted from the three-free-update allocation for customers without support.
Re-imaging the appliance with the ISO will continue to work as it does today. Any firewall without a support subscription can also be re-imaged with the ISO of any newer firmware, which will not be deducted from the three-free-update allocation. Re-imaging the appliance resets the free upgrade allocation when there is no active support subscription.
Firmware upgrades and mandatory firmware from the initial install wizard will work as today and will not be deducted from the three-free-update allocation.
For customers without support, this will be shown in the user interface.
If you don’t have an active support subscription and have used your free upgrade allocation, further firmware upgrades will NOT be possible. This applies to firmware updates from the user interface, using OpCode, SFLoader, or from Sophos Central. Customers will need to purchase a support subscription to continue receiving upgrades.
There is no impact on the backup-restore workflow. Firmware upgrades (incl. free upgrades) are independent of device configuration and therefore, backup-restore will work as today.
While this practice is new for us (with the exception of Sophos Switch), it is the standard for many of our competitors for their firewalls, switches, wireless access points and more.
Support should be an essential part of every firewall project.
We plan to send emails to all partners who have sold/own, and customers who own Sophos Firewall around July 14, 2022.
While I don't have a real problem with the decision about enforcing the support requirement. You are making a larger set of hardware now definitely e-waste material due to the difficulty of transferring some devices. Maybe you had better look at a more professional handling of transfer of ex lease and bankrupt business hardware. When some equipment is disposed of by a company, having it unable to be transferred allowing for it to be used as service spare, temporary installation and alike is depriving the revenue stream that this type of decision is supposed to allow.
But if the decision is to follow the Cisco / Meraki model. If your not the original owner, and you don't pay a license we want to create a stockpile of e-waste, this is the right way to do it.
I agree, Gavin... and the real reason for this is: "How do we get more money from the existing customers? - Well, other vendors require them to pay support. So let's do it too" haha... and the quality... Please don't talk about quality for some of us who know Sophos from more than 10 years ago. That was quality products! not now..
I have been 1 who has looked to purchase some Ebay and alike XG210 hardware as service spares, and also for doing configuration rewrites for some customers during firmware Upgrades, especially since you cant load a config from an XG210 onto a XG125 and test for an issue. But when you contact support to transfer the device, and support flatly refuses that turns the device into e-waste.
I also have a couple of XG units I use for short term popup business use. Something that is in a place for 3 - 5 months. I would have no issue paying a support license and even a month to month subscription for these, but cant justify the $5k licensing for a new unit when it may sit in the store for 3 months in between use.
picking up a second hand XG, adding a support license and then putting it as a cheap passive HA unit for an existing customer, then when you come around for the XGS upgrade, well they are now purchasing a HA pair to replace what they have.
But again, requires more support to the partners with transferring devices in order to use this as a revenue expansion.
Hi, for your short term business use, reach out to your Sophos partner to see if they are a Sophos MSP. If so, they can bill you month-to-month for your usage. We’re a Sophos MSP partner and we currently do that for some our customers. There is flexibility to provide monthly billing for Sophos licenses for firewalls, etc. Hopefully that can help with your pop-up business use.