The availability of certain features on Sophos UTM is defined by licenses and subscriptions, i.e. the licenses and subscriptions you have purchased with your Sophos UTM enable you to use certain features and others not.
Sophos UTM ships with a 30-day trial license with all features enabled. After expiration, you must install a valid license to further operate Sophos UTM. All licenses (including free home use licenses) are created in the MyUTM Portal.
Sophos Utm 9 License File
Download File: https://byltly.com/2vzA8l
Once you have received the activation keys by email after purchasing a Sophos UTM license, you must use these keys in order to create your license or upgrade an existing license. To activate a license, you have to log in to the MyUTM Portal and visit the license management page. At the top of the page is a form where you can cut and paste the activation key from the email into this field. For more information, see the MyUTM User Guide.
Another form appears asking you to fill in information about the reseller you purchased the license from as well as your own details. The portal tries to pre-fill as much of this form as possible. Also, Sophos collects the Sophos UTM hardware serial number on this form if appropriate. After submitting this form, your license is created, and you are forwarded to the license detail page to download the license file.
To actually use the license, you must download the license file to your hard drive and then log in to your WebAdmin installation. In WebAdmin, navigate to the Management > Licensing > Installation tab and use the upload function to find the license text file on your hard drive. Upload the license file, and WebAdmin will process it to activate any subscriptions and other settings that the license outlines.
Those can be purchased separately or in combination according to your needs. The FullGuard license contains all subscriptions. Each of the subscriptions enables certain features of the product. The table below gives you an overview which features are enabled with which subscription.
Sophos UTM units can also be managed and licensed by Sophos UTM Manager (SUM). In this case, the SUM provides the MSP (Managed Service Provider) license to Sophos UTM, and the Installation tab is disabled. Subscriptions can only be enabled by your SUM service provider.
A base license without any subscriptions supports only limited automatic updates: solely pattern updates such as online help updates and the like will continue to be downloaded and installed automatically. You will, however, not be informed about available firmware updates, and the firmware updates have to be downloaded manually. Announcements for new firmware updates can be found in the Sophos UTM Up2Date Blog.
You have just purchased a Sophos UTM license and now need help with activation? Or you have received a license paper for a license renewal and do not know how to activate it now? In this blog post you will find the help you need.
Recommended ProcedureIf you want to upgrade your licenses or create new licenses, please download your license files. Then download the license files to your appliances. You will need your serial number and your license key(s)
If you are using IPSec, you will find the serial numbers and activation codes (not to be confused with UTM activation codes) for your purchased clients in the license file. Use them for each client when you set up IPSec.
If your license details show unaligned subscription end dates. You can balance your license so that all features are co-terminus. It is also possible to activate new featuers that are currently not active. In this example we will activate Sandstorm. When balancing a license remaining dollar value is transferred from one feature to another based on the remaining license term.
After applying your upgrade keys and verify your license is as expected, it is then time to download and install it on your UTM. Installing the new license file will replace the existing one running on your UTM. If you need to retain the old license for any reason make a UTM backup before installing. This is almost never necessary but you might be a special snowflake and have a good reason to do that.
The main reason it does not work, is that the /etc/asg file is now missing, because this file tells the installer that it is running on an appliance, you cannot copy this from another appliance solely, because you need to modify it (Ex. remove ASG_id and ASG_Serial lines):
I plan to have about 15 users and not all of them on all the time.I have a main PC and Laptop.I have 2 phones and 2 tabletI have an HTPCa VM/file server ,will have a VM running deluge or transmission (I do not torrent much but on some occasion having a always on client helps)SubNZB/coach potato/sick beard (either as standalone VM or running along side the deluge)a PlexServer VMand maybe a MythTV VM
It seems like I'm not the first person to assess one of these devices, and honestly, this writeup probably saved me several more hours of poking around. The gist of the writeup is that the author found that the .plx files are Perl files that have been compiled using ActiveState's Perl Dev Kit and that you can access the original source by running the .plx file in a debugger, setting a break point, and recovering the script from memory.
At this point I had access to the webadmin.plx code (which is actually asg.plx and is actually Perl code) which was great, but there was a big problem: the asg.plx file isn't a massive file with all of the code. I needed access to the Perl modules that asgx.plx imports, like:
After a couple late nights of trying different things like extracting code from memory dumps, patching the binaries, etc... I posted the problem and the webadmin.plx file in work chat. There were great suggestions on using LD_PRELOAD on libperl.so or using binary instrumentation with frida or PIN to get access to the source code, but then one of our great reverse engineers found that the file actually had a BFS filesystem embedded at the end of the ELF file, and in a couple minutes was able to put together a script that could then be used with _extract to extract the filesystem (and with that, the source).
I spent a fair amount of time extracting the source code out of the .plx files from the UTM instances and also pulled the entire /var/sec/chroot-httpd/ directory to capture any differences in configuration files. My tool of choice for reviewing diffs is Meld as it lets me quickly and visually review diffs of directories and files:
So when an HTTP POST request is made, the SID is sent to confd where it is checked to see if it's a valid session identifier. This can be seen in the log files in /var/log/ on the appliance. If we make the following request with an invalid SID:
At this point I knew exactly what the issue was. Remember at the beginning of this writeup when I said that I like to diff both source code and configuration files? Meet the other diff between versions:
Sophos UTM9 is a AWS Security Competency approved NextGen Firewall solution that helps customers with their shared security responsibilities by offering multiple layers of protection in a single virtual appliance that scans, controls and reports on traffic entering and leaving a VPC.Security features include a Web Application Firewall (WAF), a pre-tuned and automatically updated Intrusion Prevention System (IPS), an Outbound Web Proxy/ Layer 7 Application Engine to protect and control connections to the Public Internet, an Advanced Threat Protection engine to identify and block unknown and evasive threats, and VPN Gateway features to securely connect remote sites and users. The UTM9 NextGen Firewall solution also provides detailed logs and reports which can be viewed on system and/or exported to the AWS CloudWatch Logs service and any Syslog compatible device.You can deploy Sophos UTM as a standalone solution on the EC2 Instance type of your choice, or use the Sophos provided CloudFormation template to deploy an Active/Passive High Availability pair of UTM's that spans across multiple Availability Zones and integrates with key AWS services such as Auto Scaling, CloudWatch, and S3 to comply with AWS Best Practice guidance on secure architecture.Part of a complete cloud security portfolio. A selection of Sophos AWS Marketplace offerings is included below, while more can be found at www.sophos.com/cloud.Sophos UTM Auto Scaling: -autoscaling-payg
Sophos XG Firewall Standalone (Free Trial): -firewall-payg
Sophos Cloud Optix (CSPM with Free Tier): -optix
If you have any questions about Sophos solutions or if you need assistance with deployment or configuration, please contact the Sophos Public Cloud team at aws.marketplace@sophos.com.
Out of the box, PRTG includes a broad variety of sensors for SNMP capable devices. For other device types, like Sophos UTM Solutions, PRTG provides the great possibility to create custom sensors. For example, if the device that you want to monitor supports SNMP, you can try to get a MIB file from the vendor, convert it with the MIB Importer into an OIDlib file for PRTG, and use it with the SNMP Library sensor.
I cannot verify this as we don't have a Sophos XG lying around here. Give it a shot to find out, otherwise try the other MIB as described here for example. Otherwise contact us by email so we can dig deeper into this and also send us this other MIB file.
Free Sophos UTM Home Edition features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses. You can register and request for software download URL here. Register your account as a home user and follow instructions from an email that you will receive to download an ISO image of Sophos UTM. You will also receive a free license in that email. We will be using a USB drive during our installation, so no need to burn an ISO image onto a CD. 2ff7e9595c
Comments