Is it possible to upload a home license from the CLI?
For family members, I built and admin a few Sophos UTM boxes (custom hardware, home licenses) - like, my parents and sister. I usually have IPSec tunnels up. I missed a license expiration for my parents, and unfortunately my parents are actually at my sister's...and wondering why they can't access certain things at home (IPsec tunnels usually link us all - they were saying "x" is down, but X is up...the tunnel is down!).
I walked them through getting a new home license...but they can't install it unless they go home, right? Can I install it via CLI (I have SSH access). The Webadmin is not exposed to the internet, only the LAN and other networks via IPSec tunnels (which are down). Is the only thing I can do is wait until someone is on the LAN (I don't have a way to remotely access that network other than the UTM!).
What happens if I reboot the UTM; will it switch to a trial license? I just need the site to site VPN to come up, and then I can access the webadmin!
Thanks for your help!
One of the things I always include in Allowed Networks is "BAlfson(User Network)" so that I can connect via remote access from anywhere to access WebAdmin at the IP of the UTM's VPN server - https://10…
I was researching some more...maybe I can do this (except make webadmin exposed to the WAN interface)? Web admin no longer accessible - Management, Networking, Logging and Reporting - UTM Firewall - Sophos Community
One of the things I always include in Allowed Networks is "BAlfson(User Network)" so that I can connect via remote access from anywhere to access WebAdmin at the IP of the UTM's VPN server - https://10.242.12.1:4444/ for the SSL VPN. You can add this at the command line with:
cc set webadmin allowed_networks 'REF_NetAaaBalfsUserNetwo'
Just substitute the first 5 letters of your username for mine. First letter must be upper case in the REF_ like 'REF_NetAaaGarpaUserNetwo' for user garpace.
I know a command to upload the license at the command line, but I've never tried it even in my lab.
Cheers - Bob
Thanks Bob. I didn't have the SSL VPN set up (just sites to site), but I was able to add "Any" temporarily to webadmin allowed_networks, pop in, upload the license file, bring back the site to sites, and get rid of "any". Thank for all your guidance on this and other posts.