Update SFOS firmware on Sophos Firewall

In this tutorial we will show you how to update the firmware of your XG Firewall to the latest version.

Info: In this guide, we assume that you are using a Sophos Firewall with the SFOS and that it is associated with a valid Sophos ID. Before you follow this guide and install an update to your firewall, be sure to create a backup first. You should never assume that everything will always work properly after an update.

Download SFOS firmware manually

Before you can install the new firmware on the firewall, you must first download it from the Sophos Licensing Portal.

Note: If you have Sophos Premium Support (included automatically with every bundle), you can also download the latest firmware automatically from the GUI of your Sophos Firewall. Jump to the following section: Install SFOS firmware automatically .

1. Log in to https://id.sophos.com with your Sophos ID.
2. Select MySophos from the list under the menu item Meine Anwendungen.
3. Click Network Protection.
4. Click Geräte anzeigen.
5. Choose your device from the list which you want to update to the latest version and then click Download.
6. A pop-up window shows you the latest firmware versions. Choose the one that suits you and click Download.
7. Finally, accept the EULA (End User License Agreement) and the file will be downloaded.

The above steps are explained here again step by step with screenshots:

Install SFOS firmware manually

The downloaded firmware can now be installed on the Sophos Firewall.

1. Log in to your XG Firewall.
2. Click on Backup & Firmware in the navigation.
3. Under the heading Firmware you will find a list of available versions. Click on the upload icon.
4. The “Firmware Upgrade/Downgrade” pop-up window will then appear. Select the firmware from your computer and click Upload Firmware or Upload & Boot.

The above steps are explained here again step by step with screenshots:

Note: Think carefully about which variant you choose. With Upload Firmware only the file is transferred from your computer to the firewall, while with Upload & Boot the firewall is started with the latest firmware afterwards.

Info: If you have set up an HA cluster, we always recommend choosing the Upload & Boot variant. This will update the two firewalls one after the other and there will be no interruption in the network.

If you have chosen Upload Firmware, you can determine the time of the update yourself. Click on the icon with the two arrows under the Firmware section as soon as the time is right for the installation.

Install SFOS firmware automatically

If you have a valid Sophos Enhanced Support license, you can save yourself all the effort of the above steps. The Enhanced Support offers you automatic updates with one click directly in the GUI of your firewall.

Note: If you can’t wait for a new firmware version to be automatically displayed on your firewall after it is released, you can of course always update using the manual variant.

1. Log in to your XG Firewall.
2. Click on Backup & Firmware in the navigation.
3. Under the Latest Available Firmware section, click Download for the listed update.
4. Once the download is complete, you can start the installation by clicking Install.