Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 170 replies
  • Subscribers 33 subscribers
  • Views 28741 views
  • Users 0 members are here
Options
Suggested

Restricted Advance Shell - examples of challenges

PMParth

Hi Community contributors,

Starting Sophos Firewall v19, with the addition of many comprehensive logging enhancements in the GUI, and in-line with industry best-practices, access to the Advance Shell is restricted to licensed commercial versions of the product.

Partners and certified architect engineers have an option with Not-for-Resale license to set up labs or customer PoC with unrestricted advanced shell. Also, Sophos Support is able access the Advanced Shell via support access channel. Hence, in case of critical issues, support can still can access it.

Sophos Firewall has been incrementally improved since v18 with comprehensive logging enhancements in the GUI (Better search, filtering, configurations, SD-WAN logs, VPN logs, gateway logs etc). However, we acknowledge that Advance Shell restriction might have created challenges in certain database related configurations, especially for home users.

Please help us understand the specific examples of challenges you face due to this restriction - configurations where GUI and console tools are reaching the limits. We will suggest the possible workaround for the specific scenario. We will also plan and gradually improve the product for those scenario.

Sincerely,

Sophos Firewall Product Team

Top Replies

  • +15 verified

    Hi Community contributors,

    Due to your passionate feedback, we are adding the Advanced Shell access back into SFOS v19 GA.

    We greatly appreciate your feedback and are listening. Thank you very much for all these specific examples of challenges.

    Please be aware that future versions of the Firewall operating system that include additional security measures may need to revisit this issue, but we will be sure to consider your feedback and use cases to ensure that changes won’t be disruptive and advanced shell access won’t be missed.

    Sincerely,
    Sophos Firewall Product Team

    Jump to answer
Parents
  • 0

    Site-to-Site IPsec VPN sometimes need deeper view in logfiles.
    Especially for home-use, where your're dealing with end-user isp-routers, with limited ipsec-functionality on the other site. That's not the same simple seamless experience as with enterprise-firewalls on both sites. That's where you need better logging, than gui provides.

    Example from v19 eap VPN-logviewer:
    "XXXXXXX-1 - Couldn't parse IKE message from XX.XX.XX.XX[500]. Check the debug logs. (Remote: XX.XX.XX.XX)"

    Use case Site-2-Site at home: providing basic IT-Services / Backup / ... for your family with your homelab.

Reply
  • 0

    Site-to-Site IPsec VPN sometimes need deeper view in logfiles.
    Especially for home-use, where your're dealing with end-user isp-routers, with limited ipsec-functionality on the other site. That's not the same simple seamless experience as with enterprise-firewalls on both sites. That's where you need better logging, than gui provides.

    Example from v19 eap VPN-logviewer:
    "XXXXXXX-1 - Couldn't parse IKE message from XX.XX.XX.XX[500]. Check the debug logs. (Remote: XX.XX.XX.XX)"

    Use case Site-2-Site at home: providing basic IT-Services / Backup / ... for your family with your homelab.

Children
No Data