Skip to content


You can see the device registration information and the subscription status. You can activate or evaluate subscription modules.


All modules remain unsubscribed when you deploy the device for the first time.

You can migrate existing Cyberoam or SG licenses when you install Sophos Firewall OS (SFOS) on a Cyberoam or SG appliance (but not on an Sophos Firewall appliance). For information on how to migrate licenses, see License upgrade.

For more details about SFOS licensing, see Sophos Firewall: Licensing guide.

Basic information

The device offers two types of modules:

  • Basic module: Includes Firewall, VPN, Wireless.
  • Subscription modules:
    • Base Firewall: Includes Firewall, VPN, Wireless, site-to-site RED.
    • Network Protection: Includes intrusion prevention system, RED appliances, advanced threat protection.
    • Web Protection: Includes web categorization, antivirus, application control.
    • Email Protection: Includes anti-spam, antivirus, email encryption, DLP.
    • Webserver Protection: Includes WAF, antivirus, reverse proxy.
    • Zero-day protection: Includes the Zero-day protection service and all related settings.
    • Enhanced Support: 8 x 5 (8 hours a day, within business hours).
    • Enhanced Plus Support: 24 x 7 (24 hours a day, 7 days a week).

Once registered, the device can be used for an indefinite time period.

You can subscribe to any of the subscription modules:

  • Without a license key for a free 30-day trial subscription.
  • Without a license key for a free 90-day trial subscription (software only).
  • With a license key.

Sophos Firewall registration details

The Sophos Firewall registration details come from your Sophos Licensing Portal account.

Model: Sophos Firewall model number which is registered and its device key.

Company name: Name of the company under which the device is registered.

Contact person: Name of the contact person in the company.

Registered email address: Email address used for device registration.

Activate subscription: You can subscribe to individual modules using the license key.


Activate subscription will be enabled after you migrate existing licenses to SFOS. See License upgrade.

Module subscription details

Module subscription detail Description
Synchronize Click to synchronize licenses with your account.
Activate evaluations Individual modules can be evaluated for the duration of 30 days.

Activate evaluations will be enabled after you migrate existing licenses to SFOS. See License upgrade.
Module Name of the module.
Status A module can have the following statuses:
  • Subscribed
  • Evaluating
  • Unsubscribed
  • Expired
Expiration date Module subscription expiry date.


You can start an evaluation for each major Sophos Firewall firmware version. For example, you can start a Zero-day protection trial for 30 days in version 17.5 and then start another 30 days in version 18.

License synchronization

If your appliance is connected to the internet, it synchronizes with Sophos Licensing Portal automatically every 24 hours. This means your licenses are automatically updated.

If your appliance is on an air gap network, you must update your licenses manually.

Air gap

For air gap (physically isolated) deployments, you can update licenses manually if your Sophos Firewall has been approved for air gap deployment.

Upload license file

Sign in to your Sophos Licensing Portal account and download the license file. On your appliance, select the license file and click Update license.

License upgrade

You can migrate a CyberoamOS or UTM 9 license to an SFOS license (when device registration is complete).


This option is only available when you upgrade to an SFOS license on Cyberoam or SG hardware.

Migrate UTM 9 license

Transfers your current UTM 9 license to an equivalent SFOS license. The migration is irreversible and you can no longer use the UTM 9 license.

Migrate Cyberoam license

This option provides you with a SFOS license of equivalent monetary value as your Cyberoam license. All the licenses existing in Cyberoam are migrated to SFOS.

High availability

If you configure an HA cluster in active-passive mode, you should be aware of the following scenario: if you have two Sophos Firewall devices, A and B and A has a license but B does not, you cannot configure B as the primary Sophos Firewall device , because the cluster will lose the license.

If you configure an HA cluster in active-active mode, both Sophos Firewall devices need a license. For more information on HA licensing, see Sophos XG Firewall: FAQ on High Availability (HA) licensing.

License transfer

You need to transfer your license in the following cases:

  • If you configure HA in active-passive mode and the passive device has subscriptions attached to it.
  • If you return your Sophos Firewall device and receive a new one.
  • Cold standby: If your Sophos Firewall device has a hardware failure and you have a spare Sophos Firewall device.
  • If you are purchasing a license after a free trial.

For information on transferring licenses, see Sophos XG Firewall: License transfer.

More resources

Back to top