Upgrading to SFOS 18.0.1

SFOS 18.0.1 MR1 Build 396

You can upgrade from SFOS 17.5 (MR6 to MR12) to 18.0.1 MR1 (build 396).

The security hotfixes released until now are part of SFOS 18.0.1 MR1 (build 396). So, the hotfixes referred to in KBA135412, HF051220.1, and HF052220.1 are NOT required for this release.

SFOS 18.0 MR2 is an interim release limited to offering early access to IPS engine version upgrade and related changes. We’ll make a broader release with new features and resolved issues shortly.

Note the following upgrade information for SFOS 18.0 and later:

  • 18.0 and later versions require a minimum of 4 GB RAM. So, you can't upgrade the following models to 18.0 and later:
    • XG 85, XG 85w, XG 105, and XG 105w
    • SG 105, SG 105w

    These models must remain on a 17.x version. See XG Firewall Lifecycle Policy and XG Firewall retirement calendar.

  • Support for RED devices:
    • Doesn't support RED 10 devices.
    • Supports SD-RED 20 and 60 devices.
  • Cyberoam models don't support 18.0 and later firmware versions. However, you can restore Cyberoam firewall backups on XG Firewall operating on 18.0 and later.
  • Firmware:
    • Rollback (firmware switch) is supported. You can roll back to 17.5 MRx if you experience any issues with 18.0 and later. For example, the active firmware on the firewall is 18.0 and the other firmware version is 17.5. You can switch between these two versions. This doesn't change the configuration on either.
    • You can't downgrade from 18.0 and later to an older firmware using 17.5 or an earlier firmware file. The web admin console will show an alert.

      18.0 and later use Grub boot loader. The changed bootloader can't recognize 17.x firmware. You can still use the hardware ISO of 17.5 or earlier to have the firewall on an older firmware version and restore the downgraded firmware's backup.

    • In 18.0, we moved to a more secure firmware signing method. The firmware update files now use the .sig extension and not the earlier .gpg extension.

    • The web admin console shows the specific reasons for firmware upload failure.
  • Backup and restore are supported. You can restore the following on 18.0 and later versions:
    • SG firewalls running SFOS
    • Cyberoam firewalls
    • XG Firewall backups
  • HA: SFOS 18.0 moved to SSH tunnel-based secure communication for the HA cluster. If you're upgrading the HA cluster to 18.0 or later, both the devices in the cluster will reboot simultaneously once. You'll receive an alert on the UI before you can proceed.
  • Quarantined emails: You can only release quarantined emails from the user portal. For details, see KBA135515.

What's new