Sophos Firewall Appliances – Supported hardware for SFOS v18+
Update February 2021: The information in this blogpost is unfortunately no longer correct. Sophos has reversed its original decision to exclude older firewall revisions from current firmware updates nearly a year later. All SG Firewalls with SFOS or XG Firewalls will receive version 18.5. As for newer versions, such as SFOS v19 (expected to arrive Q2 2022), it is not yet clear if these can be installed on the older firewalls.
Sophos has published a list of which hardware models can run SFOS v18.0 and SFOS v18.5 in the future. Here you can find out if your hardware is still compatible.
2020 will be cleaned up
The still new year has started with two new end of sale announcements.
- The AP series of Sophos access points will no longer be sold after March 31, 2020.
- Sophos Central Wireless licenses for AP15, AP55 and AP100 will also no longer be sold after March 31, 2020.
- As of August 2019, the Sophos XG 85(w) and XG 105(w) are also no longer sold due to underperformance.
Sure, Sophos offers a successor for each of these devices, but depending on how many devices you have, you have to budget accordingly. That is why we are now looking a bit into the future, as older firewall models will no longer support the new firmware from SFOS.
SFOS Hardware Support
v18
In order to use the new release SFOS v18.0, you need an SG or XG firewall that has at least 4 GB of RAM. All other models are supported.
Yes, read correctly. The SG models can also be installed with the “new” Sophos Firewall OS. In the KB post Installing Sophos XG Firewall OS on an SG Appliance, we explain how this works. If you need help, our support will be happy to take care of it as well.
As mentioned, it’s particularly annoying for SG/XG customers with an 85 or 105 revision 3 model. These desktop models were revised in April 2018 and now, two years later, can already no longer have the latest OS from SFOS.
If you run the firewall virtually, you get a free upgrade from 1CPU 2GB RAM to 1CPU 4GB RAM.
v18.5+
But if we now look further into the future, there is a bigger cut of old hardware. Here, it is mandatory to have the latest hardware version. The cycle is slightly longer for the rack models than for the desktop models. If you now have the latest version, which was released in September 2017, you are also on the safe side with SFOS 18.5. This release can then no longer be installed on all older models and the firmware or the function status is retained.
Compatibility table
Sophos XG Appliances
Sophos SG Appliances with SFOS
Buy new hardware?
As I said, it’s just a preview so you know what upcoming firmware releases might mean for your hardware. This is not immediately a reason to buy new hardware. The hardware will continue to work and will also get security updates, but will not get any new features. Sure, new features often bring more security, but that’s something everyone has to decide for themselves. From my point of view, new is always better.
If you want to switch to the latest hardware, you can renew a 1-year, 2-year or 3-year license (FullGuard, FullGuard Plus, EnterpriseGuard or EnterpriseGuard Plus) for half the price of a new firewall. However, owners of an XG 85 or XG 105 must purchase at least a 2-year license for this deal. This promo is only applicable in the DACH region and can be used until 30.09.2020!
Incidentally, the end of March also marks the end of Sophos’s fiscal year. New hardware was already promised last September. By the end of March, this will now certainly not come. The promo empties the warehouses and brings sales once again. I don’t think the new hardware will be here as early as April, as it was two years ago, but something will and must come in 2020.
FAQ
- When is version 18.5 coming? According to the current status as of February 14, 2020, version 18.0 is still in beta and should be released in the next few weeks. Thus, if Sophos is fast, v18.5 will come no earlier than the end of 2020. Anything else would be very surprising to me.
- What revision of hardware do I have? You can find out what revision you have by looking at the serial number of the appliance on this page: Check revision of your hardware.
