License expiration - what happens

I'd like to know if there's any notification made by UTM before the license is due to expire.  It's fair enough paying for services, but as a busy sysadmin I'm not automatically going to know if a license is due, so a reminder would be nice.  yes, I know I could set up a reminder in  my calendar, but what if I was ill?  At least an email notification could tell my collegues...

There's a warning at 15 days, 7 days and 1 day, Shaun.  Your reseller should get a notice two months or more from Sophos to get your renewal going.  Note that you can renew at any time as these are extensions of your license, not a new license.

CORRECTING MY POST ABOVE: If the license is set to expire and you want to continue with the free Essential Firewall functionality, those services will continue to function after expiration.  You will need to get a Free Essentials License to be able to login to WebAdmin to make changes though.

Cheers - Bob

Indeed you may get notices and the reseller, but the back Sophos process takes ages to go through and it can impact the service as a result

I'm sorry Max, but I don't understand the issue.

Cheers - Bob

Sophos are really slow at getting the new licences through, even with a months notice!

I can't remember the last time a renewal license key didn't appear in our inbox within 24 hours after we'd placed an order for one of our clients.  I understand that Sophos does things differently in the EMEA region than in the Americas region, but I don't know the details.

Cheers - Bob

I agree here,  I have had problems even with my sophos reseller portal not showing all the devices correctly and email notifications to the client are not always bullet proof.

Another comment I would add is that SOPHOS seems to be the only commercial subscription based security appliance I have run into that kills the VPN connection.  So I would disagree that VPN is NOT a part of a standard firewall.  The majority of firewalls are routers,  and a router is a industry standard to have VPN (especially IPSEC) functionality.   (Sonicwall, WatchGaurd, FortiGate allow you to use VPN IPSEC functions with no license)     

I have deployed a multi WAN client with Sophos UTMs and we stopped installing them after realizing we would loose VPN function after the initial 3 year license.  Since we migrated to sophos software based endpoint filtering too we only wanted basic router functions.  So now we are pulling all the sophos and putting the old sonicwalls back in place for the small remote offices.  Sad and disappointing on sophos part.

Alternate would be to pickup some Ubiquiti EdgeMAX or USG routers for small offices,  Mikrotik work well for this purpose too.  Just depends on what kind of management you would like to do.

The added VPN functionality is part of the enhanced routing facility within the UTM licencing model, not the basic.

A bit like you dont get Layer3 routing on a Cisco catalyst capable device unless you pay for the enchanced licence.

Not granted the software doesnt stop working on a cisco if you dont take out the TAC support for the next year, but that risk of running non supported equipment (ie no updates) in business seems too much in from my point of view.

But it's good to have choices, if the Ubiquiti stuff meats your needs then fine, but there's only so much it scales to. Same for Cisco vs HPE vs Dell vs Juniper etc for switching/routing. You need to be aware of the pluses and pitfalls for each device and the licencing that goes along with it.

I just learned this as well, the hard way. We lost VPN and even WiFi because WiFi is licensed as "Wireless Protection." Yes, WiFi, as in antennas sticking out of our box are now decorative and we had to a get an AP. I am sorry but VPN and WAN link balancing should be the standard as well.

Oh how neat, thanks Sophos!

Security Made Simple....really simple.

Does anybody have a link or info on the different kind of licenses and the difference in the costs?

eg what happens if you only require VPN and nothing else?