Skip to content

Backup and firmware

You can manage the firmware versions, hotfixes, and pattern updates. You can also perform backup and restore, and import-export of configurations.

Secure installation and updates

Sophos Firewall performs integrity checks to ensure the security of the firmware, patterns, and configurations.

Firmware and pattern security

Sophos Firewall uses standard internal security utilities to sign and verify firmware versions and patterns.

  • SFOS firmware and patterns: SFOS firmware and pattern integrity is validated before installation and updates. The firmware and patterns are digitally signed using RSA keys with SHA 512 algorithm to validate the source and ensure security.

    Integrity checks are performed during firmware installation and changes, including upgrades and downgrades, and apply to airgap installations too.

    Sophos Firewall uses an MD5 checksum to verify the integrity of new firmware versions and patterns before installing them.

  • Secure updates: Firmware downloads are available on a secure portal and as direct downloads to the firewall through a secure update server over SSL/TLS.

  • Administrator rights: The firewall allows you to create specific administrator profiles with rights to make firmware and pattern updates, take backups and restore configurations, and make specific configuration changes.

Configuration security

All configurations are secured using the Secure storage master key (SSMK). You can't restore or import a configuration without the SSMK.


Firmware version and pattern updates

  • Firmware

    Update the firmware version, automatically apply hotfixes, and change the default language for the web admin console.

    Change firmware version

  • Pattern updates

    Specify manual or automatic updates for some modules, such as antivirus, IPS, application signatures, and WAF.

    Pattern updates

Configuration changes