Firmware

You can manage firmware versions and install hotfixes on XG Firewall.

Note This feature is not available in Sophos Firewall Manager.

You can also choose the default language.

The Firmware section displays the list of firmware versions that have been downloaded. A maximum of two firmware versions are available simultaneously and one of the versions is active.

Note If you're upgrading the firmware to SFOS 18.0 then a minimum of 4 GB of RAM is required. If the minimum requirements aren’t met, XG Firewall goes into fail-safe mode.

Secure storage master key

The secure storage master key provides extra protection for the account details stored on XG Firewall. The key encrypts sensitive information, such as passwords, secrets, and keys, preventing unauthorized access.

The accounts have access to services, such as directory services, email servers, FTP servers, and proxies. They also include user accounts stored on XG Firewall.

XG Firewall removes the secure storage master key in the following instances:

  • Reset to factory configuration.
  • Reimage the firewall.

After resetting or reimaging the firewall, you can enter the master key to restore or import the configurations.

Rollback: After you set the master key, if you roll back to the previous version, you continue to have the previous configuration. You'll only lose the configuration changes you made prior to the rollback.

How to manage firmware versions

Upload firmware
Click to upload new firmware. Click Browse in the pop-up window. Click Upload firmware to upload the firmware image file. The uploaded firmware becomes active after the next reboot.
Click Upload & boot to upload the firmware image file and boot the device. The action upgrades the device to the new version, closes all sessions, restarts the device, and displays the sign-in page. The process may take a few minutes since it involves migrating the entire configuration.
At the time of uploading new firmware, the error New firmware could not be uploaded might occur due to one of the following reasons:
  1. Wrong upgrade file - You are trying to upload wrong upgrade file for example, a previous version firmware.
  2. Incorrect firmware image - You are trying to upload incorrect firmware image for your appliance model. All the firmwares are model specific and are not interchangeable. Hence, firmware of one model is not applicable on another model. For example, an error is displayed, if appliance model XG125 is upgraded with firmware for model XG750.
  3. Incompatible firmware - You are trying to upload incompatible firmware.
  4. Changes in appliances hardware - Your appliance hardware configuration is not the standard hardware configuration. Contact support for assistance.
  5. Corrupt firmware - The firmware you downloaded is corrupt.
Boot firmware image
Click to upgrade the device to the uploaded firmware image. The action upgrades the device to the new version, closes all sessions, restarts the device and displays the sign-in page.
Boot with factory default configuration
Click to reboot the device and to activate the default configuration.
Note If you boot with factory default configuration, the current configuration will be lost. Make a backup before you click this option.
Active
The Active icon against a firmware version indicates that the device currently uses this firmware.

Latest available firmware

(not available in Sophos Firewall Manager)

Check for new firmware
Click to view the new firmware, if available.
Firmware version
Displays the list of firmware versions available for download.
Type
Displays the type of each firmware.
Available options:Beta GA
Actions
Click Download to download the firmware. Once the download is complete, click Install.

Sophos XG Firewall hotfix

Allow automatic installation of hotfixes
Select the check box to install hotfixes automatically when they become available and click Apply.
Default: Enabled
After you select the option, XG Firewall looks for hotfixes every 30 minutes. For details of the installed hotfix, go to How to check if you are running the latest hotfix.
Note The installed hotfixes remain when the firmware is upgraded.

Factory reset with default configuration language

Default configuration language
Select a default language for configuration. When you choose a different language, the device reboots and goes back to the factory default settings. It removes all customizations.

The web admin console language can differ from the default configuration language. Choosing a different the web admin console language displays menus and labels in the selected language while choosing a different default configuration language displays menus, labels as well as default policies and their description in the selected language.

Default: English
Available options:
  • English
  • Hindi
  • Chinese - traditional
  • Chinese - simplified
  • French
  • Japanese
Note Make a backup before you choose a different language since the entire configuration will be lost. The device restores the backup in the language that was operational at the time of taking the backup.