Restricted Advance Shell - examples of challenges

What's the solution for downloading a pcap file without access to the advanced shell - Sophos Firewall: Create and download a packet capture

What's the solution for downloading a pcap file without access to the advanced shell - Sophos Firewall: Create and download a packet capture

Currently there is no workaround of "downloading" the wireshark dump. You can still do a packet capture on CLI (console) and on GUI. 

But apparently there is no download of this dump. 

Just out of curiosity: If you look at the packet capture of the Webadmin: What use cases do you miss there to resolve your issues beside a download capability for Wireshark? 

You cannot compare at all the WebUI packet capture viewer compared to opening the pcap with wireshark.

You're a Sophos Employee, you should already know the limits and challenges of using the Firewall WebUI by now.

I know what i can do in the webadmin and most likely it should be sufficient for XX % of the home users. I mean, i am interacting with Sophos Customers the entire day. And most of them use the webadmin packet capture. Simply because they do not use the CLI in the first place. They simply want to know the following:

Is there a packet?
Which interface is used?
Which Firewall rule is used?
Is NAT being used? 

The more advanced troubleshooting like looking into Header, checking TLS handshakes is not being done by the average user. And i am assuming the same are doing home users. 

BTW: You can do the same just not "graphical". You see the HEX dump of a packet. Means you could translate this into a dump, if you really want. 

The vast majority, if not all, of us here are not your typical "home users" - we MSP's looking after multiple clients with multiple Sophos devices. And having a full featured lab is great when needing to troubleshoot / simulate an issue.

Specifically when it comes to troubleshooting VOIP, SIP packets and RTP streams you'll not win with the Webadmin. Having it in Wireshark is much more readable.

I'm not saying bring back the advanced shell for "Home Users" although extremely helpful when needed as its a decision the business has taken and all our customers appliances should be licensed anyway.

A XG Home license is not to "rebuild" a Lab as a partner. It was never intended to do this. As i stated above: 

There are currently two different programs for Partners. The partner as a organisation can get NFR licenses for its own organisation. For example for the Firewall of the partner. Then there is a program for the education. If you are a Sophos Architect (you did the training and certification) you can get all Sophos products (and a 3 year Sophos Firewall subscription) for your own environment. 

NFR licenses, as you stated above, are not intended to be used in a lab either, but in a production environment, therefore they can't be used for testing purposes. Home networks on the other hand are useful to test something out with real network traffic like mail, voip etc. without the risk of breaking something important. If you're not a certified architect, what are the options besides using a restricted home version or buying a fully licensed device?

Why would a typical home end user download and run a fully fledged enterprise firewall and why should Sophos care about typical home end users anyway?

NFR are for test labs as well. There are multiple firewall licenses, you can can get as a Sophos Partner. Feel free to talk to your Sophos Sales Rep for your eligible packages. 

Sophos XG Home is regulated by the EULA: https://www.sophos.com/en-us/legal/sophos-end-user-license-agreement

It is clearly intended for the non commercial usage. If you want to reproduce something or you want to test something for your customer, there are options to do this for every partner. Feel free to contact Sophos Support or your Sophos Sales Rep, if you feel of missing features. Sophos XG Home was never intended to rebuild a test lab on Partner site in the first place. The Partner should use valid licenses and not licenses build for the personal use case at home. 

And Sophos XG Home is used by personas at home, as intended. Do not think, it is purely used by partners in labs. We are talking about a technical home person, wanting to use a better firewall product in the first place. We are not talking about the "ISP router persona". 

As a silver Partner we only get two NFR licenses for firewalls, so there doesn't seem to be room to give a license to every employee for his private home environment. Is it even allowed to use NFR licenses in home networks that are not directly connected to a partner anyway?

It's not like installing a home license to use it as a testing device, it's more like using it as a private firewall but gaining experience with it outside production environment.

Anyhow, not being able to basically administer WAF anymore, for me, is a dealbreaker. Maybe I just go back to UTM or use something completely different, thanks for your time toni.

In principle, WAF is still there. You cannot see the WAF mod rule blocks, which is some feedback to include in the Logviewer. 

If the logviewer would include mod rule blocks, would you still need to access the CLI /log ? 

Well, there are a few things that I personally need @home.

- The possibility to set the WAF file upload size (which you already said will get implemented), best would be in the GUI as setting on a WAF policy

- WAF rule IDs from triggered rules, best would be in real time.

- Access to all full log files in the log viewer: As mentioned before, I can't even see why the spam engine dropped a mail in the GUI. In the log I can at least see if it was bulk or something else.

- Proper filter functions in log viewer: simple tasks like "show me firewall rule #3 and #4" or "exclude DELIVERED and QUEUED as email action" are already too much for the GUI, so if I want a filtered view of all not delivered mails and export it, I'm screwed with the GUI. No problem with grep of course.

- The GUI lacks an export function for the mail logs. Yes, I can export logs in the log viewer, but eg. rejected mails don't even show up there, a thing I don't understand to this day. Why on earth is that? Change this!