Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=getting-started-AWS-FAQ

Amazon Web Services (AWS) FAQ

Find answers to common questions about Sophos Firewall on Amazon Web Services (AWS).

Do I need security solutions beyond what AWS provides?

AWS supports a shared responsibility model. While AWS actively manages the security of their cloud, you must manage and maintain the security of your applications and data in the AWS Cloud. For more information, see AWS Shared Responsibility.

Why use a third-party security solution when I can use AWS security groups or network Access Control Lists (ACLs) to protect my AWS workloads?

AWS security groups and network ACLs act as local firewalls for your hosts and VPC subnets. For more information, see Internetwork traffic privacy in Amazon VPC. As basic firewalls, they don't perform deep packet inspection to identify malware and intrusion attempts. They don't provide the granular control needed to protect user or application traffic. Sophos Firewall provides additional security features such as IPS, web filtering, web application firewall, VPN gateway, and Synchronized Security.

What is Sophos Synchronized Security?

When you deploy Sophos Intercept X advanced security agents and Sophos Firewall, you can guard against a compromised system becoming the entry for further malicious activity. Sophos Firewall prevents a compromised AWS EC2 instance with Intercept X Advanced from communicating with other AWS EC2 instances or sending traffic to the internet. For more information, see Sophos Synchronized Security.

How is Sophos Firewall on AWS different than the Sophos Firewall that can be run on-premise or in local virtual environments?

Sophos Firewall on AWS offers the same features and benefits as Sophos Firewall running on-premises, but you can easily install and run it in the AWS Cloud. Currently, Sophos Firewall on AWS doesn't support high availability, and you must deploy it as a standalone appliance. Sophos Firewall on AWS also supports additional purchasing options, as described below.

Are Sophos Firewall free trials available for AWS?

Both the PAYG and BYOL licensing options allow for Sophos Firewall free trials. PAYG trials are provided directly from AWS Marketplace and are available for 30 days. After the first month, AWS automatically starts charging for any Sophos Firewall PAYG usage incurred. If you have a BYOL license, you can start a trial during the initial configuration or get a trial license from the Sophos free trial link.

Can I migrate my UTM license to Sophos Firewall?

You can convert your UTM production license into a Sophos Firewall license. For more information, see How to convert an SG appliance to an XG appliance with SFOS.

Can I use an existing Sophos Firewall license for a new Sophos Firewall on AWS?

Sophos Firewall license transfers are only supported under certain circumstances. For more information, see License transfer.