Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 170 replies
  • Subscribers 33 subscribers
  • Views 24839 views
  • Users 0 members are here
Options
Suggested

Restricted Advance Shell - examples of challenges

PMParth

Hi Community contributors,

Starting Sophos Firewall v19, with the addition of many comprehensive logging enhancements in the GUI, and in-line with industry best-practices, access to the Advance Shell is restricted to licensed commercial versions of the product.

Partners and certified architect engineers have an option with Not-for-Resale license to set up labs or customer PoC with unrestricted advanced shell. Also, Sophos Support is able access the Advanced Shell via support access channel. Hence, in case of critical issues, support can still can access it.

Sophos Firewall has been incrementally improved since v18 with comprehensive logging enhancements in the GUI (Better search, filtering, configurations, SD-WAN logs, VPN logs, gateway logs etc). However, we acknowledge that Advance Shell restriction might have created challenges in certain database related configurations, especially for home users.

Please help us understand the specific examples of challenges you face due to this restriction - configurations where GUI and console tools are reaching the limits. We will suggest the possible workaround for the specific scenario. We will also plan and gradually improve the product for those scenario.

Sincerely,

Sophos Firewall Product Team

Parents Reply
  • 0 in reply to lferrara

    Mandatory for which use case? This came up earlier in this thread and from what i could tell, the current version of GUI seems sufficient for most home users. 

    What kind of debugging are you going to to on advanced shell? 

    (Keep in mind, tcpdump, drppkt is on the console as well and still accessible).

    __________________________________________________________________________________________________________________

Children
  • 0 in reply to LuCar Toni

    LuCar: the level of troubleshooting that these tools can give are not comparable to what gui can do. I do not understand why you want to enforce people to use certain tools, that are useless or that do not provide insights. Tcpdump available in console does not include all the flags that classic tcpdump command does. Conntract -E and -L are very helpful in tracking issue with web surfing or when a connection is closed.

  • 0 in reply to lferrara

    About Conntrack vs Connection List in GUI. Which flags are missing for your debugging as a home user? Can you give us some examples, missing in GUI? Which flags are missing? 

    I just want to understand, what is missing. Because right now, most scenarios are covered for "basic troubleshooting". Can you give us some examples? 

    __________________________________________________________________________________________________________________

  • 0 in reply to lferrara

    I recommend you to stop trying to make them understand the mistake they are making.

    You can give the best scenario for them and showcase how important the shell is for home users, but nothing will change.

    The "I just want to understand" from Lucar feels the same as anyone else saying "This feature isn't currently available, please post it at ideas.sophos.com"

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    I am not a Product manager nor do it have impact on product decisions. I am simply here helping out. If you do not want to interact with my questions, its fine for me. 

    __________________________________________________________________________________________________________________

Unfiltered HTML