Skip to content

Upgrade your firewalls

You must upgrade your firewalls firmware from Amazon Web Services (AWS), not directly from your firewalls or from Sophos Central.

To upgrade your firewalls from AWS, you must update the Amazon Machine Image (AMI) in the CloudFormation Template (CFT), then do an instance refresh to update the instances in your Auto Scaling group.

To upgrade, do as follows:

  1. Sign in to your AWS account.
  2. Go to Cloudformation > Stacks.
  3. Click Update.
  4. Under Update stack, select Use current template.

    This takes you to the Specify stack details page. Under AMI ID you'll see the latest AMI.

  5. Click Update stack.

  6. On your stack page, click the Events tab to monitor the update status.

    When the update is completed, the status shows as "UPDATE_COMPLETE".

  7. Go to EC2 management Console.

  8. Select the new Auto Scaling group created by the CFT.
  9. Select the Instance refresh tab.

    You'll see the default Refresh settings.

  10. Click Start instance refresh.

    The instance refresh should take around 3 hours for 4 instances.

    For more information about instance refreshes, see Replace Auto Scaling instances based on an instance refresh.

  11. Go to Cloudformation > Stacks and click on your stack name. Check that the old SFOS instances have been terminated and have been replaced by new instances.

  12. Sign in to Sophos Central and go to My Products > Firewall Management.

  13. Check the list of firewalls in your Auto Scaling group to make sure the new instances appear.

    The newly launched instances should successfully register to Sophos Central, and your firewall policies should be applied. The firewalls should show as "Synchronized".