Sophos Firewall Appliances – Supported Hardware for SFOS v18+

Update February 2021: The information in this blog post is no longer entirely accurate. Sophos reversed its original decision to exclude older firewall revisions from current firmware updates roughly a year later. All SG firewalls running SFOS as well as all XG firewalls will receive version 18.5. It is currently still unclear whether more recent versions – such as SFOS v19 (expected Q2 2022) – will be available on older firewalls.

Sophos has published a list of which hardware models can be used with SFOS v18.0 and SFOS v18.5. This makes it easy to check whether existing hardware will remain compatible.

2020 starts with a clean‑up

The new year has already brought several end‑of‑sale announcements:

• The AP Series access points will no longer be sold from 31 March 2020.
• Sophos Central Wireless licences for AP15, AP55 and AP100 will likewise no longer be offered as of 31 March 2020.
• Since August 2019, the Sophos XG 85(w) and XG 105(w) have also no longer been sold due to insufficient performance.

Each of these devices has a successor, but depending on how many appliances are installed, the budget needs to be carefully planned. It is therefore worth looking ahead: older firewall models will not necessarily support future SFOS firmware versions.

SFOS hardware support

v18

To be able to run the new SFOS v18.0 release, you need an SG or XG firewall with at least 4 GB RAM. All models that meet this requirement are supported.

Yes, you read that correctly: SG models can also run the “new” Sophos Firewall OS. The KB article Install Sophos XG Firewall OS on an SG appliance describes how to do this. If you need assistance, feel free to contact our support team.

The situation is particularly frustrating for SG/XG customers with an 85 or 105 model of revision 3. These desktop models were updated in April 2018 and can already no longer run the current SFOS release just two years later.

If you are running the firewall virtually, you will receive a free upgrade from 1 CPU / 2 GB RAM to 1 CPU / 4 GB RAM.

v18.5+

Looking at v18.5 and later releases, the cut‑off for older hardware generations becomes more apparent. Here, the latest hardware revision is mandatory. For rack‑mount models, the lifecycle is slightly longer than for desktop devices. If you are running the most recent revision, which was introduced in September 2017, you are safe with SFOS 18.5. This release can no longer be installed on older models – those systems remain on their existing firmware level and feature set.

Compatibility tables

Sophos XG appliances

Sophos SG appliances with SFOS

Buying new hardware?

The compatibility tables are primarily intended to show how upcoming firmware versions can affect existing hardware. On their own, they do not necessarily mean you need to replace appliances immediately. Existing hardware will continue to run and receive security updates but will no longer get new features. New functions can increase security, but each organisation must decide for itself how important that is – even if we are generally of the opinion that “new is usually better”.

If you do want to move to current hardware, you can obtain a new firewall at half price when renewing a 1‑, 2‑ or 3‑year licence (FullGuard, FullGuard Plus, EnterpriseGuard or EnterpriseGuard Plus). Owners of an XG 85 or XG 105 must purchase at least a 2‑year licence to qualify. The promotion applies only in the DACH region and can be used until 30/09/2020.

Incidentally, the Sophos financial year also ends at the end of March. Already in September, new hardware was hinted at. This new hardware is very unlikely to appear before the end of March. The promotion helps to reduce stock levels and boosts revenue. Unlike two years ago, it is rather improbable that new hardware will be available as early as April, but over the course of 2020 we should – and will – see some movement in this area.

FAQ