Restricted Advance Shell - examples of challenges

Hi there,

So industry best practices apply to unsupported home users? Fully licensed admin can bork their appliance and support will fix it and industry best practices seem moot?

Here are my use cases that I use shell for all the time.

1.Run top, just to check whats happening on my machine including hung daemons etc which can happen with any software.

2. Run iftop to get a quick snapshot of whats happening on my network. 

3. Change different kernel parameters like swappiness and change my IO scheduler to noop since I run under esxi.

4. Look at logs since its much easier to grep them in the shell.

5. People have mentioned WAF but luckily UTM is not EOL yet.

There maybe other reasons but other than industry best practices, can you guys give a solid reason for restricting home license only. Unless theft of software is a big issue and you guys can't fix it by using better methods. This one is a total head scratcher.

Regards,

Bill

I don't understand your confusion: Sophos needs to make money, and they give more support and more features to folks who pay them. Home users get free firewall software that is commercial-quality with few restrictions, which I'm not aware any other major vendor (Fortinet, Cisco, PAN, etc) provides.

There is no "theft of software" issue: Home is free. There may be issues with non-home users using the free version -- which is quite capable and can run on fairly powerful hardware -- instead of paying. But "better methods" to prevent or discourage this would involve intrusive mechanisms. Would you want your home version to shut down or throttle throughput because it thinks it detects corporate use by you? This approach is a train wreck in the making that would generate a lot of issues and complaints. Better to remove some features that commercial users would need and home users don't need (though they may want/appreciate them).

Also, free folks who bork their system are not actually free. They come here and poorly explain what's going on and take a lot of time and effort from volunteers and Sophos staff as well.

Your points are valid desires -- which I share -- but they aren't really required-to-haves for a free home system. For a hobby, pfsense or OPNsense make a lot of sense -- particularly if you already have capable hardware sitting around, and you can customize it to your hearts content.

I don't understand your confusion: Sophos needs to make money, and they give more support and more features to folks who pay them. Home users get free firewall software that is commercial-quality with few restrictions, which I'm not aware any other major vendor (Fortinet, Cisco, PAN, etc) provides.

There is no "theft of software" issue: Home is free. There may be issues with non-home users using the free version -- which is quite capable and can run on fairly powerful hardware -- instead of paying. But "better methods" to prevent or discourage this would involve intrusive mechanisms. Would you want your home version to shut down or throttle throughput because it thinks it detects corporate use by you? This approach is a train wreck in the making that would generate a lot of issues and complaints. Better to remove some features that commercial users would need and home users don't need (though they may want/appreciate them).

Also, free folks who bork their system are not actually free. They come here and poorly explain what's going on and take a lot of time and effort from volunteers and Sophos staff as well.

Your points are valid desires -- which I share -- but they aren't really required-to-haves for a free home system. For a hobby, pfsense or OPNsense make a lot of sense -- particularly if you already have capable hardware sitting around, and you can customize it to your hearts content.

Please stay on topic. The title clearly asks challenges faced by home users if cli is not available. So no my points are not desires, that is what they were asking for.

You can open a new thread and I will be more than happy to argue free community support and what is free and how sophos needs to make money.

Also, nobody is stopping sophos to make changes to their free license and say no cli at all for home users or no gui for home version etc. That is all understandable. This cli removal is not being presented as such and was nowhere in the release notes. After people started questioning this thread was created so please be kind and start your own thread.,

Actually that is not correct.

The first version of the Document has this statement on it: https://community.sophos.com/sophos-xg-firewall/sfos-v19-early-access-program/b/announcements/posts/sophos-firewall-v19-xstream-sd-wan

Linked: https://community.sophos.com/sophos-xg-firewall/sfos-v19-early-access-program/m/files/9519

Advanced Shell – With the addition of many comprehensive logging enhancements in the GUI,
and in-line with industry best-practices, access to the Advance Shell will be restricted to
licensed commercial versions of the product only.