Unlike some of the other brands out there, the licensing for Sophos XG firewalls is relatively straightforward. In fact, the license for basic firewall functionality is included out of the box, and is perpetual. So in some cases, no additional licenses may even be needed.
Never the less, we do often get questions regarding the Sophos XG firewall license, so we wanted to put together a quick guide to licensing in common scenarios.
1 - The basic license
Out of the box, all XG-series firewalls include a basic license that covers the network firewall, SSL and IPSec VPN, and wireless protection such as hotspot support.
However, there is one exception to this: The basic licenses are limited by the number of CPU cores and gigabytes of RAM that are installed, and this is true for both physical and virtual implementations. Licenses will be coded accordingly, such as 4C6 (4 cores, 6GB) or 6C8 (6 cores, 8GB). This reflects the maximum amount of resources the license will cover. So, for example, if you added more cores and RAM to an existing 4C6-licensed system, you might need to purchase a new 6C8 license for the firewall to make use of those additional resources.
2 - Additional subscriptions
There are several feature sets a business might or might not need beyond the basic firewall capabilities, so these have separate licenses. These include: Web Server Protection, Email Protection (including anti-spam), Web Protection, and Network Protection.
These include additional security features relevant to the protected assets. Network Protection can also optionally include Sophos Security Heartbeat protection - a powerful all-network oversight tool - but that will also require a subscription to Sophos's Cloud Endpoint Protection system.
3 - Bundles
As is typical, Sophos offers several licensing bundles that have lower overall prices. Bundles also come with Sophos Enhanced Support, which extends technical support and equipment replacement, making them a good value. These bundles are are:
- EnterpriseGuard: Network Protection, Web Protection, Enhanced Support
- EnterpriseProtect: Network Protection, Web Protection, Enhanced Support, plus one additional security appliance or virtual device.
- FullGuard: This includes all the licenses. Network Protection, Web Protection, Email Protection, Webserver Protection, and Enhanced Support
- TotalProtect: The most expansive bundle, this has the full set from FullGuard plus one additional security appliance or virtual device.
4 - Associated Products
There are a few products or virtual applications which can be added to an XG Firewall. Licensing on these is extremely simple:
- Sophos Firewall Manager: Available as either hardware or a virtual ISO, the Sophos Firewall Manager has a perpetual non-expiring license. Licenses are based on the number of devices to be managed, ranging from 15 to 1,000.
- Cloud Firewall Manager: The perpetual license for this is included in the existing cloud services package at no additional charge.
- Sophos iView: This virtual management system is licensed based on the amount of storage capacity being used. The first 100GB are free, then licenses range from 500GB up to Unlimited use.
Hummingbird Can Help Sort Out Any Licensing Confusion
Even a relatively simple licensing system like Sophos uses can be rather complicated, and some manufacturers' licensing plans are downright baffling. But Hummingbird can help! If it's a brand of network hardware we carry, we can work with you to ensure every piece of hardware you own is properly licensed and delivering the functionality you need.