Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 5 subscribers
  • Views 3062 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SG230 v9.510 License & Hostname.

SilvanoBiger

Hello all,

 

First Question:

We have an SG230 with UTM 9.510 on it. I would like to copy only the license from the machine to back it up for a clean reset.

Where is the license file located in the file system? I don't have access to the Sophos website account for the license, since the original system admin is long gone.

I can see the license ID number in the web interface, can I just copy that number to paste it to the new setup somehow?

I understand that I can backup the full configuration which includes the license but that also includes all the settings that I want to reset anyway.

 

If I do a factory reset will that remove the license also or is there a command to factory reset and preserve the license?

( In a nutshell I'd like to reset to factory but still preserve the license)

An old post specifies the license file should be " /etc/wfe/conf/license " but it is not there in 9.5 version of the utm.

 

 

Second question:

When setting up a new system, the unit asks for a hostname to be a fully qualified DNS hostname, including a domain.

It should be resolvable in public DNS and point to the external interface of the system.

We don't have a public hostname/domain outside as this will be a home setup with Comcast.

What can I put in for hostname? Can I just put in the internal IP of the machine? eg. 192.168.1.10 ? Or any name eg. "RcHeliz", even if it does not point to it from outside?

Any recommendation that would be best for a home company user, would be welcome?

I don't want to have issues with certificates and website not secure messages which is a problem now and the reason I want to start reconfiguring the UTM from scratch.

 

Thank you for any suggestions!!!



This thread was automatically locked due to age.
Parents
  • +1

    Hi Silvano,

    Jaydeeps's answers are spot on, but there is a trick you can use to avoid the factory reset.

    As it will take awhile to reconfigure your 230, I would suggest setting up a VM based on Suse Enterprise Linux 11 - if using VMware, configure it with VMXNET3 nics in the same quantity as in your 230.  When you image the VM with the same ISO that you will need for your home UTM, you will have a blank system with a full 30-day license.  When you're ready to move the configuration to the 230:

    1. Make a configuration backup on the 230.  It's always a good idea to copy that off along with another recent one or two.
    2. In WebAdmin on your VM UTM, make a configuration backup.  If you haven't been able to duplicate 'Unique site data (license, passwords, certificates/keys, endpoints)' except for the license, make a backup with those removed.
    3. Upload this backup into WebAdmin in the 230, restore it and upload your 230 license.
    4. If it doesn't work, just restore the configuration backup made in 1. above and go back to your VM to make modifications while everyone still has the current functionality.

    You do want to name the home UTM with a real FQDN - there are free DynDNS services that work great with home UTMs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks Bob!

    That is a great idea if one needs to use the UTM while doing the migration with minimal down time, but in my case the SG 230 is not in use ATM,  therefore time is not critical.

    The 230 will replace a PC based unit that is currently in use @home( I dont want to migrate the config from it to the 230 since it is a total mess).

    It has screwed up certs and settings. When I test the internet speeds, the upload test errors out with socket errors and <1mbit speeds where it should be 10.

    So I decided to just start from scratch since I just ditched Comcast for WOW!.

    What would really help, if there is a way to export just the “network definitions” from the PC based UTM to the 230 so I dont have to re-enter all these static IP’s and mac addresses. Not a big deal if I have to...

    I have the SG230 and a small UTM120 to my disposal that are not in use.

    The 230 was configured for our corporate environment which has been upgraded to different systems and I ended up with the free boxes for home use.

    I will backup the 230 since it was initially configured by Sophos pro’s and can learn for its config which is super complex with multiple branches etc.

    Afterwards, I will probably load the 230 config in the 110 to use it for reference and studying/learning.

    Here is an interesting thing, I noticed all the hardware nic’s  in the 230 have a virtual mac address with only one number incrementing:

    eth0=00:1a:8c:f0:2d:00

    eth1=00:1a:8c:f0:2d:01

    eth2=00:1a:8c:f0:2d:02

    etc...

    Has this been set up like this in order to do easier future upgrade of the hardware? for example when going to a new unit and restoring config from the old one,  it assigns the interfaces to the exact ports as the unit being upgraded? Correct me if I’m wrong here.

    Lastly, the license on the 230 will expire in May 2020, will I be able to convert the system to home version of the UTM without reinstalling the firmware/os?

    I did read somewhere that renaming the /etc/ASG file or whatever... Will that affect the functionality of the LCD and the picture of the 230 seen in the

    dashboard? I like the orange LCD display and the nice image of the unit shown in dash.

    What would you recommend as DynDNS? a common a reliable one..

    Thank you very much!

    (P.S.Are there people on this forum that are willing to log in a check/configure my system for some money?)

  • 0 in reply to SilvanoBiger

    Depending on the license and the time remaining, it might be worth selling the 230 and the license together on eBay.  It will take a little effort and paperwork with Sophos, but might be a great deal for your company and a new Sophos customer.

    In any case, you will want to use the free home-use license at home.  See ASG 425 Display with home license for tricks on using the home license with a Sophos appliance.

    You have a PM.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to SilvanoBiger

    Depending on the license and the time remaining, it might be worth selling the 230 and the license together on eBay.  It will take a little effort and paperwork with Sophos, but might be a great deal for your company and a new Sophos customer.

    In any case, you will want to use the free home-use license at home.  See ASG 425 Display with home license for tricks on using the home license with a Sophos appliance.

    You have a PM.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    One more question about the license. Is there a command to delete the installed license via cc? I restored a sg230 config into the UTM110 and it pulled the 230 license with it. I had a fresh install with 30 days trial. Now it needs a license to get back to webadmin.

    I would like to delete the installed license via shell. Dont want to reset again and restore a backup without license data, just clear the installed invalid license.

    When doing cc get licensing license on the 110 it shows the sg230 license which of course is not valid.

    I found a good use for the 110 to learn by studying various configurations from other units etc.

    Thank you!

  • 0 in reply to SilvanoBiger

    Im close but ned to enter this command somewhere else:

    If I type "cc reset licensing" it shows some strings and one reads "Are you sure you want to remove your license and run your ASG without any license?"

    'LICENSE_REMOVE_REALLY'

    But dont know what arguments to pass to agree etc.

    So there is definitely a way to remove license.

  • 0 in reply to SilvanoBiger

    You shouldn't need to remove the 230 license - just install the new license.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I figured it out...yey!

    The existing license can be removed and the unit reverts to the 30 days trial which is enough for me to study/test configs and acquire a new test license.

    Not sure why this procedure would be a secret since it can save lots of time if one needs to remove an existing license without the need to reinstall from ISO.

    I will have to be careful importing configurations that contain a license as this screws things up. Normally a sg230 license should not be allowed to install onto a UTM110 even if it comes with the configuration backup, should have been rejected. But what do I know. All good now.

    I just bought two round AP100c’s WiFi’s to add to the sg230. So much fun configuring :-)

    Also, I noticed the lcd display that shows IN/Out kbps for eth0 or eth1 is not reflecting the actual transfer rates and always shows 15/18kbps respectively.

    Only the “All in/out” reflects actual data transfer rates.

    Any ideas why and where should I look to fix it?

Unfiltered HTML