From the V19 EAP 'What's New' file - "Advanced Shell – With the addition of many comprehensive logging enhancements in the GUI, and in-line with industry best-practices, access to the Advance Shell will be restricted to licensed commercial versions of the product only."
Why the distinction between licensed commercial and other licences (which I presume means Home licenses)?
Only the Home license is affected by It.
If you access the logs through the device console after trying to open the advanced shell, there will be a line showing It has detected the Firewall is running the Home License, and that's why It blocked the access for the shell.
Any other license (Including Trials) can access the advanced shell without any issues.
If a post solves your question use the 'Verify Answer' link.
Software Trials are also included in this. Generally speaking, all licenses, which are not tied to Sophos directly. For example, if you do a Proof of Concept with a Hardware Appliance from Sophos, you have access to the Advanced Shell. But not with a virtual appliance or a home license. As the statement described because of industry best practices.
could you please clarify that last sentence. "but not with a virtual appliance"
You mean, a virtual appliance w/o a license?
If the virtual appliance owns a paid license it will still have access to the adv. shell, right?
Correct. The true impact is simply something, you download and install at your own. Everything else, which had Sophos involved (You downloaded a virtual appliance and purchased a base license) will give you the Advanced Shell.
LuCar Toni said:because of industry best practices
...and what would those be? I read that but have no idea what 'best practices' it is talking about!
'best practices' is very selective, depends on what you are trying to justify.
Xeon 1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP
XG115W - v18.5.2
If a post solves your question please use the 'Verify Answer' button.
@rfcat_vk: it's my impression that Cisco, Fortinet, and PAN don't have free firewall software that you can load on your own hardware. So, by logical deduction none of them allow raw shell access to the OS underlying their firewalls. QED. ;-)