Security protection on Sophos Firewall requires a Subscribed/Evaluating subscription.
If a subscription is Expired/Unsubscribed, Sophos Firewall cannot perform corresponding security protection.
Here is table of subscription and security features.
Reference: Sophos Firewall > Administration Help > Licensing
Once Base Firewall becomes Expired/Unsubscribed,
It applies to Sophos Firewall v18 and later.
Once Email Protection becomes Expired/Unsubscribed, Sophos firewall delivers email without anti-spam/anti-virus scanning.
It applied to all Sophos Firewall OS versions.
If both Enhanced support and Enhanced plus support are expired/unsubscribed
2022-12-09, updated the section "Enhanced support, Enhanced plus support"
2022-09-29, minor update
2022-07-19, updated for v19.0 MR1
2022-01-14, fixed expired URL
2021-05-31, updated with section "Email protection"
2021-05-24, first release
What about the other licence modules?I thought, that REDs are part of the Base Licence (same as for Wireless Protection). So the connection, ACLs and NAT should work for REDs with the base licence.
If Network Protection expires (and the base license is stil valid), all rules should still apply and control the traffic. But SOFS won't apply Security Heartbeat, IPS, ATP and SSL/TLS inspection, right?My expirience with expired Web Protection was, the Web Proxy was reachable - but didn't apply any rule itself (It was on 17.5 - and long ago. I don't know, whether this is valid).
The RED device is part of the Network protection license. So you won’t be able to configure a RED device using only the Base License.
If the Network Protection expires, you’ll be able to configure any module but it won't be enforced.
if I have a RED device already working what happens if Network protection is expired?
We dont use any Security Heartbeat, IPS, ATP and SSL/TLS inspection with RED
Just starting to use Sophos FW's as I've been using Juniper SRX for a bit now. link
You can still use the RED device, but the security modules won't be enforced, you can configure them, but they’ll be ignored.
How long is the grace period after the license expires?
the grace period starts 30 days bevore expiry end ends at the time the license has expired
if you are in trouble ask your sophos sales representative for a demo license unlike UTM Licensing your partner cannot grant you a demo license anymore.
SCA (utm+xg), SCSE, SCT
Sophos Platinum Partner
This is messed up, I've bought a device that would have worked until his death and now it will be just a white brick only because I've updated to V18. I'll roll back to V17.5 for the next days and in the meanwhile I'll buy a firewall of a different brand!
What a shame Sophos!
What do you mean? Base License is valid until 2999.
I read that "Sophos Firewall v18: impact of expired license" and on the 1st of April the licenses of my XG 125 are going to expire.I gotta say that I didn't read which license, I've just seen a list of licenses.But if the base firewall never expire, why in this article there is this "Once Base firewall becomes Expired/Unsubscribed"?By the way, I see that the Webserver protection is expiring, so it still means that I have to renew the licenses (I'm looking for the prices and I really don't understand which license should I get, is there a comparison of the different licenses with the relative features?).