This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upload Home License from CLI

Hi,

  Is it possible to upload a home license from the CLI?

  For family members, I built and admin a few Sophos UTM boxes (custom hardware, home licenses) - like, my parents and sister.  I usually have IPSec tunnels up.  I missed a license expiration for my parents, and unfortunately my parents are actually at my sister's...and wondering why they can't access certain things at home (IPsec tunnels usually link us all - they were saying "x" is down, but X is up...the tunnel is down!).

  I walked them through getting a new home license...but  they can't install it unless they go home, right?  Can I install it via CLI (I have SSH access).  The Webadmin is not exposed to the internet, only the LAN and other networks via IPSec tunnels (which are down).  Is the only thing I can do is wait until someone is on the LAN (I don't have a way to remotely access that network other than the UTM!).

  What happens if I reboot the UTM; will it switch to a trial license?  I just need the site to site VPN to come up, and then I can access the webadmin!

  Thanks for your help!



This thread was automatically locked due to age.
  • I was researching some more...maybe I can do this (except make webadmin exposed to the WAN interface)?  Web admin no longer accessible - Management, Networking, Logging and Reporting - UTM Firewall - Sophos Community

  • If you can access WebAdmin, you can upload the license file.  I've never known a way to install a license via CLI, but I am not all that great with the CLI for Sophos anyways.  ;)  

    If you had a SUM up and running to manage your UTMs, you could have done it that way. 

    UTM - 9.711 | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

  • One of the things I always include in Allowed Networks is "BAlfson(User Network)" so that I can connect via remote access from anywhere to access WebAdmin at the IP of the UTM's VPN server - https://10.242.12.1:4444/ for the SSL VPN.  You can add this at the command line with:

         cc set webadmin allowed_networks 'REF_NetAaaBalfsUserNetwo'

    Just substitute the first 5 letters of your username for mine.  First letter must be upper case in the REF_ like 'REF_NetAaaGarpaUserNetwo' for user garpace.

    I know a command to upload the license at the command line, but I've never tried it even in my lab.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • (I have SSH access).  The Webadmin is not exposed to the internet, only the LAN and other networks via IPSec tunnels (which are down)

    One thing that comes to mind is using a ssl port forwarding (aka tunnel) like

    ssh -L 4444:127.0.0.1:4444 user@remote

    So you can throw https://localhost:4444 into your browser on the local machine which will be forwarded to port 4444 on the UTM box.

    Depending on your configuration and firewall settings you might need to replace 127.0.0.1 with the internal (LAN) IP of the UTM,

  • Thanks Bob.  I didn't have the SSL VPN set up (just sites to site), but I was able to add "Any" temporarily to webadmin allowed_networks, pop in, upload the license file, bring back the site to sites, and get rid of "any".  Thank for all your guidance on this and other posts.