Updating the firmware on the Sophos Firewall (Firmware Update)

In this guide, we will show you how to update your Sophos Firewall firmware to the latest version.

Info: In these instructions, we assume that you have a Sophos Firewall with valid Enhanced Support or that the appliance is new and you can still perform a free update, but more on this later. Before you follow these instructions and install an update on your firewall, create a backup first. You should never assume that everything will always work properly after an update. The update is installed on the second partition and there is an option to roll back, but better safe than sorry.

Download SFOS firmware manually

Before the new firmware can be installed on the firewall, it must first be downloaded via Sophos Central (if the firewall is registered in your account) or via the firmware download page.

• SFOS firmware image for hardware appliances (XG and XGS)
  • SF300 = XG series
  • SF310 = XGS series
• SFOS firmware images for software appliances (virtual machines)
• SFOS firmware for cloud appliances

Note: If you have Sophos Enhanced Support (automatically included with every license bundle), you can also download the latest firmware automatically via the GUI of your Sophos Firewall. Jump to the following section: Install SFOS firmware automatically .

Install SFOS firmware manually

The downloaded firmware can now be installed on the Sophos Firewall.

1. Log in to your Sophos Firewall.
2. Click on Backup & Firmware in the navigation.
3. Under the heading Firmware you will find a list of available versions. Click on the upload icon.
4. The “Firmware Upgrade/Downgrade” pop-up window will then appear. Select the firmware from your computer and click Upload Firmware or Upload & Boot.

The above steps are explained here again step by step with screenshots:

Note: Think carefully about which variant you choose. With Upload Firmware only the file is transferred from your computer to the firewall, while with Upload & Boot the firewall is started with the latest firmware afterwards.

HA Cluster Info: If you have set up an HA Cluster, we recommend that you always select the Upload & Boot variant. As a result, the two firewalls are updated one after the other and there is “no” interruption in the network. First the passive firewall is updated and as soon as it is online again, the firmware update is installed on the primary firewall. The only interruption is the switch from the active to the passive firewall, where you normally lose 2-6 pings.

If you have chosen Upload Firmware, you can determine the time of the update yourself. Click on the icon with the two arrows under the Firmware section as soon as the time is right for the installation.

Install SFOS firmware automatically

If you have a valid Sophos Enhanced Support license, you can save yourself all the effort of the above steps. The Enhanced Support offers you automatic updates with one click directly in the GUI of your firewall.

Note: If you can’t wait for a new firmware version to be automatically displayed on your firewall after it is released, you can of course always update using the manual variant.

1. Log in to your Sophos Firewall.
2. Click on Backup & Firmware in the navigation.
3. Under the Latest Available Firmware section, click Download for the listed update.
4. Once the download is complete, you can start the installation by clicking Install.

Rollback to old version

After an update, it can happen that something does not work as desired. In this case, you have the option of switching back to the old version. All you need to do is click on the icon marked in the screenshot next to the current version. In an HA cluster, both appliances are also started with the selected version.

FAQ