Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 170 replies
  • Subscribers 33 subscribers
  • Views 34620 views
  • Users 0 members are here
Options
Suggested

Restricted Advance Shell - examples of challenges

PMParth

Hi Community contributors,

Starting Sophos Firewall v19, with the addition of many comprehensive logging enhancements in the GUI, and in-line with industry best-practices, access to the Advance Shell is restricted to licensed commercial versions of the product.

Partners and certified architect engineers have an option with Not-for-Resale license to set up labs or customer PoC with unrestricted advanced shell. Also, Sophos Support is able access the Advanced Shell via support access channel. Hence, in case of critical issues, support can still can access it.

Sophos Firewall has been incrementally improved since v18 with comprehensive logging enhancements in the GUI (Better search, filtering, configurations, SD-WAN logs, VPN logs, gateway logs etc). However, we acknowledge that Advance Shell restriction might have created challenges in certain database related configurations, especially for home users.

Please help us understand the specific examples of challenges you face due to this restriction - configurations where GUI and console tools are reaching the limits. We will suggest the possible workaround for the specific scenario. We will also plan and gradually improve the product for those scenario.

Sincerely,

Sophos Firewall Product Team

Parents
  • 0

    How am I supposed to change WAN configuration in console without Advanced Shell? Many cloud providers (hetzner, Ionos Cloud, Linode, Lansol, just to name a few) will deploy only /32 ip addresses to the WAN port. As a consequence, there will be no default route on XG. Previously, I was able to help myself by configuring ip route add default manually via advanced shell and enabling system appliance_access via CLI to gain temporary access to WebAdmin. Then I was able to configure the interfaces and make the routes persistent. Both of these solutions do not work anymore in v19. Do I really have to setup a client VM to access the XG locally in a cloud environment? I'm actually better off installing another firewall.

  • 0 in reply to cougz

    Are you using Sophos XG home on those vendors? Is this a real "home deployment" or business deployment? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Why does this matter? Both home and business XGs are affected by this. Even if I want to activate subscriptions I have to access Webadmin, which will not work in this scenario.

  • 0 in reply to cougz

    Only Trials (30 Days) and Home are affect. But its correct, you will not be able to install the appliance in this state. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    No. Business XG's are also affected. You are aware that business XGs do also run on evals before subscriptions are being activated? E.g. when doing fresh install or first setup? For registration and licensing, webadmin access is necessary. So if I deployed a XG before any subscriptions are active, I will also not be able to access the Advanced Shell e.g. to change interface configuration in order to access WebAdmin in Cloud Deployments. Without Advanced Shell, there is no way around this "core issue". Tell me, how would you set up a v19 cloud XG in e.g. IONOS Cloud? Do you tell your partners and customers, they have to install a windows vm to access the XG webadmin locally from inside the datacentre? They will ditch the product right away.

Reply
  • 0 in reply to LuCar Toni

    No. Business XG's are also affected. You are aware that business XGs do also run on evals before subscriptions are being activated? E.g. when doing fresh install or first setup? For registration and licensing, webadmin access is necessary. So if I deployed a XG before any subscriptions are active, I will also not be able to access the Advanced Shell e.g. to change interface configuration in order to access WebAdmin in Cloud Deployments. Without Advanced Shell, there is no way around this "core issue". Tell me, how would you set up a v19 cloud XG in e.g. IONOS Cloud? Do you tell your partners and customers, they have to install a windows vm to access the XG webadmin locally from inside the datacentre? They will ditch the product right away.

Children
Unfiltered HTML