Sophos Firewall v18: impact of expired license

Overview

Security protection on Sophos Firewall requires a Subscribed/Evaluating subscription.

If a subscription is Expired/Unsubscribed, Sophos Firewall cannot perform corresponding security protection.

Here is table of subscription and security features.

Base firewall Firewall rule, NAT rule, VPN, Wireless Protection, site-to-site RED
Network protection RED appliance, ATP, IPS, Security Heartbeat
Web protection Web Filter, Anti-virus, Application Control
Email protection Anti-spam, Anti-virus, email encryption (SPX), DLP
Web server protection WAF, Anti-virus, reverse proxy
Sandstorm Sandstorm service
Enhanced support It is the minimum subscription for RMA and Sophos Technical Support service.
A valid Enhanced support subscription will become mandatory for firmware upgrades after three free upgrades for v19.0 MR1 and later.*
Enhanced plus support It provides more benefits than Enhanced support.

Reference: Sophos Firewall > Administration Help > Licensing

* It does NOT impact the trial license, home use license or firmware upgrades from the install wizard.

Base firewall

Once Base firewall becomes Expired/Unsubscribed,

  1. All firewall rules stop working, no matter they are configured to allow or block traffic.
  2. All NAT rules stop working.
    In another word, Sophos Firewall stops applying firewall rule and NAT rule on any traffic.
    The following traffic is allowed and has masquerading applied automatically by Sophos Firewall, even if there is a firewall rule to drop it. 
    • from LAN zone to WAN zone
    • from DMZ zone to WAN zone
    • from LAN zone to LAN zone
    • from LAN zone to DMZ zone
    • from DMZ zone to DMZ zone
    • from DMZ zone to LAN zone
    No other traffic except the above can traverse Sophos Firewall.
  3. No VPN cannot be established.
  4. Site-to-site RED cannot be established.
  5. AP and wireless network stop working.

It applies to Sophos Firewall v18 only.

On Sophos Firewall v17.5 MR15 and earlier, firewall rule and NAT rule still work even if Base Firewall becomes Expired/Unsubscribed.

Email protection

Once Email Protection becomes Expired/Unsubscribed, Sophos firewall delivers email without anti-spam/anti-virus scanning.

It applied to Sophos Firewall v17.5 and v18.

Enhanced support, Enhanced plus support

If both Enhanced support and Enhanced plus support are expired/unsubscribed, Sophos cannot provide RMA and Technical Support service.

It applied to Sophos Firewall  v17.5 and v18.

Edition history

2022-07-19, updated for v19.0 MR1

2022-01-14, fixed expired URL

2021-05-31, updated with section "Email protection"

2021-05-24, first release



updated for v19.0 MR1
[edited by: taowang at 1:33 AM (GMT -7) on 19 Jul 2022]
Parents Reply Children
No Data