Thread Info
Options
Suggested

How to migrate Web Proxy License

Netzzwerker

Hello, I need to merge two physical Sophos XGS instances in the coming weeks. One is the main firewall, the other has so far only been used as an Internet or Http proxy.

I have already read how to transfer the web proxy license to the main firewall in this article: docs.sophos.com/.../index.html

However, this still raises follow-up questions for me:
1) Since live systems need to migrate - how long does the process take after I hit “migrate license”? Ideally, there should be no downtime for the users. Alternatively, I route the requests directly via the main firewall without a proxy for the duration of the migration.

2) If the systems have to be separated again later - for whatever reason - how can I transfer individual licenses? The migration tool does not seem to allow me to select which active license should be transferred.

3) I can guess the answer, but to be on the safe side: Existing licenses of the main firewall will not be overwritten, right? Only the transferred part is added to it?

Bonus question: Are there any best-practice articles on web proxy on Sophos, especially dealing with clientless groups? Our approach with clientless groups only works to a limited extent, as an IP can only be in one group at a time. Entering individual IPs quickly becomes confusing.

Thank you very much and I look forward to your answers!



Added Licensing TAG
[edited by: Erick Jan at 1:55 AM (GMT -8) on 27 Feb 2025]
  • 0

    Are both appliances same model? As far i know you can just transfer licenses between same models.
    You can check your licenses here: https://central.sophos.com/manage/firewall-management/licenses/device-list and you can open the transfer-wizard and show what destination appliances are offered.

    Webproxy usually not part of the individually licensable modules. It's usually bundled in standard-protection, xtream-protection, ...
    You should check / compare current licensing on both appliances. Might help to share a (anonymized) screenshot of System -> Management -> Licensing for both.

    • 0 in reply to FFin

      Yes - they're both XGS 2100.

      It's the "Web Protection" License which needs to be transferred.

      • +1 in reply to Netzzwerker

        That's great - i cannot tell if it'll try to transfer enhanced support as well. If so you might transfer enhanced-support of first appliance back. So Swap them 1:1.

        Once transferred you should initiate license-sync in webadmin on both appliances. They probably do this from time to time themselves, and that's the timeframe you might have for migration.

        You can enable evaluation for web protection before transfer, and you will have 30-day trial if not already used. With that you might have a smooth transition and move licenses once everythings ready within 30 days.

        • 0 in reply to FFin

          Are there any risks with the production firewall if I start the evaluation license there? Such as restarts or disconnections? Or overwriting existing licenses?

          If not, it sounds like the best solution.

          Thank you very much for your answers.

          • +1 in reply to Netzzwerker

            Starting evaluations should only enable additional modules. Never seen production licences being overwritten.

            • 0 in reply to FFin

              By the way, Transferring a License will transfer the entire suite of this device to the new device. So it would transfer the Enhanced Support as well. 

              __________________________________________________________________________________________________________________

              • 0 in reply to LuCar Toni

                Even if the expiration date of the enhanced support of the target device is further in the future?

                • +1 in reply to Netzzwerker

                  License Transfer will transfer all licenses - Regardless of any other factors like END Date. 

                  __________________________________________________________________________________________________________________

              Unfiltered HTML