Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 170 replies
  • Subscribers 33 subscribers
  • Views 26237 views
  • Users 0 members are here
Options
Suggested

Restricted Advance Shell - examples of challenges

PMParth

Hi Community contributors,

Starting Sophos Firewall v19, with the addition of many comprehensive logging enhancements in the GUI, and in-line with industry best-practices, access to the Advance Shell is restricted to licensed commercial versions of the product.

Partners and certified architect engineers have an option with Not-for-Resale license to set up labs or customer PoC with unrestricted advanced shell. Also, Sophos Support is able access the Advanced Shell via support access channel. Hence, in case of critical issues, support can still can access it.

Sophos Firewall has been incrementally improved since v18 with comprehensive logging enhancements in the GUI (Better search, filtering, configurations, SD-WAN logs, VPN logs, gateway logs etc). However, we acknowledge that Advance Shell restriction might have created challenges in certain database related configurations, especially for home users.

Please help us understand the specific examples of challenges you face due to this restriction - configurations where GUI and console tools are reaching the limits. We will suggest the possible workaround for the specific scenario. We will also plan and gradually improve the product for those scenario.

Sincerely,

Sophos Firewall Product Team

Parents
  • 0

    The logviewer is way to slow, during troubleshooting I definitly need the console ability.
    Expressed other way around - I see NO acceptable reason to deactiviate it.
    Thats independant of licensed / not licensed !
    Our technicians are using the home-license for their home and family, like it's planned and for troutbleshooting the cli is needed - definitly.
    I can't understand the reason behind thinking aout disabling that feature...

    Grüße

    Olaf Pelzer

  • 0 in reply to OlafPelzer

    I've done a little research and I really don't think any major competitor offers unrestricted shell access to their underlying OS. Fortinet's CLI is not a UNIX shell, it's a highly-restricted shell similar to Sophos' CLI, and it's my impression that other competitors are similar.

    So in that sense, Sophos has been offering something that their major competitors haven't and they're now saying they are moving towards withdrawing it. I can also imagine that security-wise, the Advanced Shell is pretty much impossible to audit well. A much-restricted, custom CLI (such as Sophos has and Fortinet, et al, offers) would make a lot of sense from that direction.

    That said, Sophos needs to not just enhance their GUI -- which is the point of this thread -- but also enhance their CLI so that log viewing, traffic monitoring (iftop) and other real-time tools are available for the kind of troubleshooting you're talking about. (ASCII-based tools may be primitive, but they are fast and low-overhead.)

  • 0 in reply to Wayne Folta

    You are missing the point completely. Palo Alto is not giving away free home use licenses either so sophos should stop doing that is not the point here. The point is that they are saying that for some reason home version is not in line with industry best practices and paid versions don't need to be in line with those practices.

Reply Children
No Data
Cookie Information Banner