Hi Community contributors,
Starting Sophos Firewall v19, with the addition of many comprehensive logging enhancements in the GUI, and in-line with industry best-practices, access to the Advance Shell is restricted to licensed commercial versions of the product.
Partners and certified architect engineers have an option with Not-for-Resale license to set up labs or customer PoC with unrestricted advanced shell. Also, Sophos Support is able access the Advanced Shell via support access channel. Hence, in case of critical issues, support can still can access it.
Sophos Firewall has been incrementally improved since v18 with comprehensive logging enhancements in the GUI (Better search, filtering, configurations, SD-WAN logs, VPN logs, gateway logs etc). However, we acknowledge that Advance Shell restriction might have created challenges in certain database related configurations, especially for home users.
Please help us understand the specific examples of challenges you face due to this restriction - configurations where GUI and console tools are reaching the limits. We will suggest the possible workaround for the specific scenario. We will also plan and gradually improve the product for those scenario.
Sophos Firewall Product Team
Due to your passionate feedback, we are adding the Advanced Shell access back into SFOS v19 GA.
We greatly appreciate your feedback and are listening. Thank you very much for…
Without the advanced shell it is impossible to change the file upload size limit for the WAF which is needed for eg. OWA or Outlook running on MAC OS. For years now Sophos is telling it's partners to use a temporary workaround to "fix" this, using the Advanced shell. It is working, at least as long as you don't edit the correspoding WAF protection policy. I even created a ticket on this, asking when this get's finally fixed, just to get the same lazy answer as everyone else: "use this temporary workaround".
How con you treat your partners like this for years? It's a shame!
There will be a console switch for this limitation in the next upcoming version.
I don't get why it is not possible to just have a GUI option in the settings of any protection policy to control this limit? This makes no sense, instead of implementing such a simple thing you telling your customers and partners to use this dirty workaround FOR YEARS!
Can we please keep this thread to the topic of matter? Otherwise this is not be able to be reviewed properly. Thanks.