Effective immediately, Sophos is discontinuing the sale of new and renewal subscriptions of our Web Application Firewall (WAF) and Comprehensive Value Subscription (CVS) bundle on Cyberoam firewalls. The Web Application Firewall secures websites and web-based applications in organizations against attacks such as SQL injection, cross-site scripting (XSS), URL parameter tampering, session hijacking, buffer overflows, and more, including the OWASP Top 10 Web application vulnerabilities. After careful consideration, we have decided not to renew our contract with the vendor who supplies code used in the WAF service and are therefore moving WAF to the End-of-Sale phase of its product lifecycle.

As of the End-of-Sale date, the Cyberoam WAF SKUs will be removed from all Sophos price lists and disabled on the Partner Portal so that they are no longer available for order. Active WAF subscriptions on your customers’ Cyberoam firewalls will continue to function without change until their expiration date. Technical support for active WAF subscriptions will also continue until the expiration date.

Sophos recommends the following migration paths for customers who wish to move on from the WAF service on their Cyberoam firewalls.

• Purchase and activate Cyberoam Total Value Subscription (TVS) or Total Value Subscription Plus (TVSP)
• Transition the firmware on your customers’ Cyberoam firewalls to XG Firewall (SFOS)

Further details about Cyberoam product lifecycles can be found at https://www.cyberoam.com/endoflife.html.

Should you have any questions, please do not hesitate to reach out to your Sophos sales rep.