Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: Impact of expired license

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


Overview

Security protection on Sophos Firewall requires a Subscribed/Evaluating subscription.

If a subscription is Expired/Unsubscribed, Sophos Firewall can't perform corresponding security protection.

Here is the table of subscription and security features.

Base Firewall Firewall rule, VPN, Wireless Protection, NAT rule, site-to-site RED
Network Protection IPS, ATP, SD-RED device, Security Heartbeat
Web Protection Web Filter, Application Control, Anti-virus
Zero-day Protection Machine Learning, Sandboxing File Analysis, Threat Intelligence
Central Orchestration SD-WAN VPN Orchestration, Central Firewall Reporting Advanced
Email Protection Anti-spam, Anti-virus, DLP, Encryption (SPX), Email Malware Protection
Web Server Protection WAF, Anti-virus, reverse proxy
Enhanced Support It is the minimum subscription for
  • RMA,
  • Sophos Technical Support service and
  • firmware upgrade*.
* It applies to v19.0 MR1 and later. More details in the section Enhanced support, Enhanced plus support
Enhanced Plus Support It provides more benefits than Enhanced support. Details in Sophos Support Service Guide.

Reference: Sophos Firewall > Administration Help > Licensing

Base Firewall

Once Base Firewall becomes Expired/Unsubscribed,

  1. Sophos Firewall stops applying firewall rules and NAT rules on any traffic.
    • All firewall rules stop working, no matter if they’re configured to allow or block traffic.
    • All NAT rules stop working.
    • The following traffic is allowed and has masquerading applied automatically by Sophos Firewall, even if there’s a firewall rule to drop it.
      • from LAN zone to WAN zone
      • from DMZ zone to WAN zone
      • from LAN zone to LAN zone
      • from LAN zone to DMZ zone
      • from DMZ zone to DMZ zone
      • from DMZ zone to LAN zone
      No other traffic except the above can traverse the Sophos Firewall.
  2. No VPN can't be established.
  3. Site-to-site RED can't be established.
  4. AP and wireless network stop working.

It applies to Sophos Firewall v18 and later.

Email Protection

Once Email Protection becomes Expired/Unsubscribed, Sophos Firewall delivers email without anti-spam/antivirus scanning.

It applied to all Sophos Firewall OS versions.

Enhanced support, Enhanced plus support

If both Enhanced support and Enhanced Plus support are expired/unsubscribed,

  • For all Sophos Firewall OS versions, Sophos cannot provide RMA and Technical Support services.
  • For Sophos Firewall OS v19.0 MR1 and later, the firewall has three free firmware upgrades, and further firmware upgrades will only be possible with a valid support subscription. It does not impact the trial license, home use license, or firmware upgrades from the install wizard

Edition history

2022-12-09 updated the section "Enhanced support, Enhanced plus support."

2022-09-29, minor update

2022-07-19, updated for v19.0 MR1

2022-01-14, fixed expired URL

2021-05-31, updated with section "Email protection"

2021-05-24, first release




Updated Links to latest
[edited by: Raphael Alganes at 10:26 AM (GMT -8) on 14 Nov 2024]
Parents Reply
  • the grace period starts 30 days bevore expiry end ends at the time the license has expired

    if you are in trouble ask your sophos sales representative for a demo license unlike UTM Licensing your partner cannot grant you a demo license anymore.

    lna@cema

    SCA (utm+xg), SCSE, SCT

    Sophos Platinum Partner

Children
No Data