Sophos Firewall – Base License

In this article, we would like to take a closer look at the Sophos Firewall OS (SFOS) “Base License”. We show where this basic license is included everywhere, which functions can be found in it and how long it is valid.

Where is the SFOS basic license included?

Hardware appliance

If you buy an XGS hardware appliance, you get the Base License for free. So if you only buy the hardware, without paid licenses such as “Network Protection” or “Web Protection”, you can at least use the free functions of the basic license.

⚠️ Important: Without the Enhanced Support license, there are no firmware updates for the firewall.

Info: If you still have an SG hardware appliance and install the new SFOS on it, you will also get the Base License for free. The following article explains how to install the new SFOS on your SG appliance with the UTM operating system: Installing Sophos XG Firewall OS on an SG Appliance

Virtual appliance

Unfortunately, the base license is not included free of charge with a virtual appliance and must be purchased once. After that you get a license file with a serial number for the VM.

Info: Unlike the hardware appliance, the virtual appliances do not have a hardware serial number. For this reason, it must be acquired and defined.

Important: The serial number can only be specified once during installation.

Which functions are included in the basic license?

• Create firewall rules: Manage network traffic and protect your network from threats by creating firewall rules.
• SD-WAN: Monitor and control network traffic by creating firewall rules and optimizing traffic using Application Aware Routing and Traffic Shaping.
• Remote VPN: Connect securely to remote sites or networks via SSL VPN or IPsec VPN.
• Site to Site VPN: Create IPsec VPN connections.
• Wireless Protection: Manage your Sophos Access Points through the firewall, create WLAN networks and the appropriate firewall rules.
• XStream architecture: Use the powerful XStream architecture to process network traffic quickly and efficiently (Flow FastPath).
• TLS 1.3 Inspection: Monitor and optimize the transmission of data in real time by monitoring TLS 1.3 connections.
• Deep packet inspection: Monitor and optimize network traffic by monitoring packets in real time.
• History logging and reporting: Monitor network traffic and generate reports to monitor security and network performance.
• Sophos Central Cloud Reporting: Monitor network traffic and store reports for up to 7 days for free in Sophos Central Cloud.

How long is the basic license valid?

In principle, the base license can be used indefinitely, regardless of whether you own a hardware appliance or have purchased the base license for the virtual appliance once. The expiration date of the base license is specified by Sophos for the year 2999. I think one can speak of a “lifetime license” in this case without exception. However, the hardware itself has a lifetime and is not supported by the software forever.