Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 22 replies
  • Answers 1 answer
  • Subscribers 11 subscribers
  • Views 81000 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

License expiration - what happens

rjorissen
I have read multiple threads about license expiration and googled on the fact what would happen when a license expires, but I cannot find a clear answer.

One of our customers is using an ASG220 with Full Guard bundle. The subcriptions / license is due to expire in two weeks. They are about to order a license renewal, but you never know how long it takes for the reseller to get a new license.

So I am looking for an answer to the question: What will happen if all subscriptions expires?

Does the ASG 220 still work with the current configuration, but it cannot download any new updates from Up2Date or does the box completely stop?!?!

I hope that somebody can give me a clear answer.


This thread was automatically locked due to age.
Parents
  • 0
    Scott, your licensing info is a bit out of date.  It's no longer possible for a reseller to issue a temporary license when a license expires.  We will advance up to two one-month extensions without receiving payment, but will not go beyond that.  Of the clients for whom we've done that, only one still owes us for the one-month extensions several months later.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I know this is an old thread, and sorry for bringing it up again, but when the license expires are you still able to log into the appliance? I've no issue with the services stopping when the license expire (although dropping VPN's is questionable give any other hardware device that uses VPN's doesn't need to be renewed to keep them up - but I accept that's the way this one works.)

  • +1 in reply to Satcom Infrastructure

    You can still login to WebAdmin, but you are left with only the services that are a part of the free Essential Firewall license.  You are correct that that does not included site-to-site VPNs.  It does include PPTP and L2TP/IPsec remote access.

    EDIT 2017-04-13: Please see my revised answer below.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • +1 in reply to Satcom Infrastructure

    You can still login to WebAdmin, but you are left with only the services that are a part of the free Essential Firewall license.  You are correct that that does not included site-to-site VPNs.  It does include PPTP and L2TP/IPsec remote access.

    EDIT 2017-04-13: Please see my revised answer below.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Cheers Bob, that clarified things. Ultimately, I think the UTM should act like a normal firewall if the license has run out eg firewall rules, interfaces, vpn's whereas I understand anything that requires frequent updates would probably stop eg AV, IDS etc

  • 0 in reply to Louis-M

    In my opinion it ACTs as a firewall without a license, no more and no less.

    Site2Site VPN is not necessarily default job of a firewall.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

  • 0 in reply to kerobra_retired

    I agree with you, and companies should be used to pay for subscriptions today for other licenses. Still I have been involved in supporting hundreds of small companies 1-5 employees that usually don't have any IT budget and all IT cost is considered an evil unessecary expence disrupting their business.

    Perhaps they have a backup software sending offsite copoy to a NAS via VPN to the home office of the owner or to a branch office. In a lot of these cases I would sell another Firewall, will not mention brand, and sometimes buy no support or extra licensing. The firewall can still be used for IPsec site to site. 

    I like Sophos products very much but i don't like the fact that it does not function wih IPsec after license expire. Perhaps Sophos are not interested in these customers anyway as their not repeat business, but I can't get all my collegues onboard for selling Sophos partly beacause of this. So we usually sell the other brand. We have probably sold 500 appliances the last years of the other brand, and only aprox 10 Sophos. 

    In many cases a Sophos RED would do the trick but they are sized wrong for my Norwegian customers. Basically all companies and homes have 100 Mbit or more internet speed today. and that means they have to go for a RED50 that ends up being to expensive for the home office of for example a hair dresser or a small shop.

     

    Stig
    IT consultant, Norway

  • 0 in reply to BAlfson

    I'd like to know if there's any notification made by UTM before the license is due to expire.  It's fair enough paying for services, but as a busy sysadmin I'm not automatically going to know if a license is due, so a reminder would be nice.  yes, I know I could set up a reminder in  my calendar, but what if I was ill?  At least an email notification could tell my collegues...

  • 0 in reply to Shaun Raven

    There's a warning at 15 days, 7 days and 1 day, Shaun.  Your reseller should get a notice two months or more from Sophos to get your renewal going.  Note that you can renew at any time as these are extensions of your license, not a new license.

    CORRECTING MY POST ABOVE: If the license is set to expire and you want to continue with the free Essential Firewall functionality, those services will continue to function after expiration.  You will need to get a Free Essentials License to be able to login to WebAdmin to make changes though.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Indeed you may get notices and the reseller, but the back Sophos process takes ages to go through and it can impact the service as a result

  • 0 in reply to maxsecobj

    I'm sorry Max, but I don't understand the issue.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Sophos are really slow at getting the new licences through, even with a months notice!

  • 0 in reply to maxsecobj

    I can't remember the last time a renewal license key didn't appear in our inbox within 24 hours after we'd placed an order for one of our clients.  I understand that Sophos does things differently in the EMEA region than in the Americas region, but I don't know the details.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to maxsecobj

    I agree here,  I have had problems even with my sophos reseller portal not showing all the devices correctly and email notifications to the client are not always bullet proof.

     

    Another comment I would add is that SOPHOS seems to be the only commercial subscription based security appliance I have run into that kills the VPN connection.  So I would disagree that VPN is NOT a part of a standard firewall.  The majority of firewalls are routers,  and a router is a industry standard to have VPN (especially IPSEC) functionality.   (Sonicwall, WatchGaurd, FortiGate allow you to use VPN IPSEC functions with no license)     

     

    I have deployed a multi WAN client with Sophos UTMs and we stopped installing them after realizing we would loose VPN function after the initial 3 year license.  Since we migrated to sophos software based endpoint filtering too we only wanted basic router functions.  So now we are pulling all the sophos and putting the old sonicwalls back in place for the small remote offices.  Sad and disappointing on sophos part.

     

    Alternate would be to pickup some Ubiquiti EdgeMAX or USG routers for small offices,  Mikrotik work well for this purpose too.  Just depends on what kind of management you would like to do.

Unfiltered HTML