Sophos UTM-Hardware: End of Sale for UTM licenses
If you are currently using Sophos UTM hardware, you should soon be looking for a replacement. The reason for this is that from 30 June 2017 no renewal licenses will be available for these devices. As of 30 June 2018, the product will finally be End of Life.
Unfortunately you have read correctly. Although your UTM probably still works fine and runs the latest operating system, you won’t be able to use the features without a license from 30 June 2018. The firewall will then become a “disempowered” standard firewall.
The old hardware has to be replaced
Without a license it will not be possible to continue using your UTM in the future, because there are no more licenses.
This is of course disappointing, because on an old smartphone, for example, the latest operating system is no longer supported, but the phone can still be used. But well, with the British everything runs a little differently compared to us. They also drive on the “wrong” side of the road. :-)
The UTM operating system of course still exists (still runs on SG firewalls), simply the UTM hardware is no longer supported and thus dies as a waste product. The same will probably happen to today’s cars in a few years. The car will still be in a great condition, but unfortunately there will be no fuel left to drive …
By the way, for us there is only one reason why Sophos wants an End of Life for UTM licenses. The fact is that anyone who owns UTM hardware including a valid license will get a new UTM if the hardware fails. We assume that Sophos wants to prevent UTM hardware from having to be replaced in the future.
What to do with the old hardware after June 2018?
There are two ways to continue using the hardware, although both are not optimal.
Since the UTM hardware is set in combination with a “hardware license”, you could simply install the software version on the UTM. The software version, however, is licensed according to the number of IP addresses in the network. You can get to know the products UTM Software and SFOS Software in our shop.
- as a home user, you can switch to the free Sophos UTM Home license at any time. This will continue to work.
Switching to a new hardware
A change to a new SG firewall is fortunately relatively easy. If you stick to Sophos’s migration path, even the current license will be retained.
Suppose you have a UTM 220 with a valid license until 13 January 2018. If you now choose an SG 230, you can migrate the license in the MyUTM portal and get an SG 230 license with the same expiration date. But if you now buy an SG 135 instead of an SG 230, the migration path will not be followed and you will have to buy a new license.
Migration path of the license
Here’s a list so you know which SG firewall you would need to buy to keep the migration path:
- UTM 100 > SG 105
- UTM 110 > SG 115
- UTM 120 > SG 135
- UTM 220 > SG 230
- UTM 320 > SG 330
- UTM 425 > SG 430
- UTM 525 > SG 550
- UTM 625 > SG 650
If you are using a FullGuard license, we recommend to let the license expire and then buy a TotalProtect Bundle (hardware and license). This is the cheapest way.
Migrating the configuration
To an SG firewall
If you buy an SG firewall, the migration is pretty easy. An SG firewall comes with the UTM operating system pre-installed. All you have to do is save the configuration from the UTM hardware and import it to the new SG firewall. The job will be done in 15 minutes!
On an XG Firewall
You can also order XG hardware which has the Sophos Firewall operating system installed (SFOS). Sophos also provides a demo of SFOS if you want to take a look (username: demo / password: demo). If you choose this way, you have to rebuild the whole configuration, because there is no import from the UTM operating system. So you start almost from scratch. I say “almost zero” because you already have an idea of what to rebuild. On this occasion it certainly doesn’t hurt to rethink the structure of the configuration right away. What we still often see, for example, are servers, clients, telephones, backup NAS in the same network. You don’t do that anymore.
Switch to SG and later to XG?
An SG and an XG firewall have the same hardware. So you won’t obstruct anything for the future if you order an SG firewall first. The only difference is that an SG comes with the preinstalled UTM operating system, while the XG has the new SFOS installed. We have already described the differences in an earlier article in detail.
So you can migrate to the SG first and switch to the new operating system later for free.
Sophos once announced a migration wizard for configuring from UTM to XG. But it has already been postponed twice. The idea is that you can take the backup file from the UTM and the wizard will prepare the configuration for the SFOS for you. But not everything is taken over and it doesn’t mean that everything runs after that. Therefore we prefer to start on a greenfield site and question the architecture of the network again.