Hello, I need to merge two physical Sophos XGS instances in the coming weeks. One is the main firewall, the other has so far only been used as an Internet or Http proxy.
I have already read how to transfer the web proxy license to the main firewall in this article: docs.sophos.com/.../index.html
However, this still raises follow-up questions for me:
1) Since live systems need to migrate - how long does the process take after I hit “migrate license”? Ideally, there should be no downtime for the users. Alternatively, I route the requests directly via the main firewall without a proxy for the duration of the migration.
2) If the systems have to be separated again later - for whatever reason - how can I transfer individual licenses? The migration tool does not seem to allow me to select which active license should be transferred.
3) I can guess the answer, but to be on the safe side: Existing licenses of the main firewall will not be overwritten, right? Only the transferred part is added to it?
Bonus question: Are there any best-practice articles on web proxy on Sophos, especially dealing with clientless groups? Our approach with clientless groups only works to a limited extent, as an IP can only be in one group at a time. Entering individual IPs quickly becomes confusing.
Thank you very much and I look forward to your answers!
Added Licensing TAG
[edited by: Erick Jan at 1:55 AM (GMT -8) on 27 Feb 2025]
Quote