How to load firmware using SFLoader

If your current firmware version is corrupt, and you can't access the web admin console, use SFLoader to upload a firmware image.


Prerequisites: Firmware file (.gpg) to upload.

Load firmware using SFLoader

You can access SFLoader and upload firmware to XG Firewall.

  1. Optional If you don't have a downloaded firmware image, do the following:
    1. Go to Sophos Licensing Portal and sign in.
    2. Go to Network Protection > Firmware Updates and download the firmware you want.
  2. To start XG Firewall in terminal mode, connect its serial port to your endpoint device using the console cable. Restart XG Firewall and press Enter to go to SFLoader (bootloader). Press Enter in SFLoader.
  3. Select 0 SFLoader.

    Use this to upload the firmware image you want.

    SFLoader options
  4. Select 1 Load New Firmware.

    SFLoader load new firmware
  5. Specify the network configuration as follows:
    1. Select 1 Network Device to configure the link for accessing the device.

      SFLoader device link
    2. Select 1 Port1 to specify the port over which you access the device.

      SFLoader device port
    3. Select 1 Enable DHCP to lease an IP address.

      You can also assign 2 Manual IP settings and assign a static IP address.

      SFLoader DHCP IP address
  6. Select Upload firmware using your desktop browser.

    SFLoader upload firmware

    Click Choose file, select the file, and click Open. Click Send to upload the firmware to the XG Firewall.

  7. Open a browser in the endpoint device. Enter the IP address of Port1 as follows:

    http://<SFOS device IP address>

    Click Choose file, select the file, and click Open. Click Send to upload the firmware to XG Firewall.

    SFLoader choose file
  8. After the file is downloaded, go to SFLoader. Select the firmware you want to overwrite and click Overwrite.

    SFLoader file to overwrite
  9. Select Migrate. It loads the configuration of the firmware that's not being overwritten (example: Select OK and then press Enter.

    Alternatively, select Factory to use the factory configuration.

    SFLoader migrate
  10. Press Enter.

    SFLoader confirm migration
  11. Press Enter.

    SFLoader loaded firmware
  12. Enter the password of the migrated configuration.

    If you restored XG Firewall using the factory configuration, use the default password admin.

    Firmware migrated

    XG Firewall console