Skip to content

Load firmware using SFLoader

If your current firmware version is corrupt, and you can't access the web admin console, use SFLoader to upload a firmware image.



The option to load firmware using SFLoader isn't available for XGS devices. To update corrupt firmware for XGS devices, see Reimage Sophos Firewall.

Prerequisites: Firmware file (.gpg) to upload.

Load firmware using SFLoader

You can access SFLoader and upload firmware to Sophos Firewall.

  1. Download a firmware image if you don't have one. See Download firmware.
  2. To start Sophos Firewall in terminal mode, connect its serial port to your endpoint device using the console cable. Restart Sophos Firewall and press Enter to go to SFLoader (bootloader). Press Enter in SFLoader.
  3. Select 0 for SFLoader.

    Use this to upload the firmware image you want.

    Select SFLoader.

  4. Select 1 Load New Firmware.

    Select one for load new firmware.

  5. Specify the network configuration as follows:

    1. Select 1 Network Device to configure the link for accessing the device.

      Select network device.

    2. Select 1 Port1 to specify the port over which you access the device.

      Select the port.

    3. Select 1 Enable DHCP to lease an IP address.

      You can also select 2 Manual IP settings and assign a static IP address.

      Select the method of assigning IP address.

  6. Select Upload firmware using your desktop browser.

    Select the option to get the new firmware version.

    Click Choose file, select the file, and click Open. Click Send to upload the firmware to Sophos Firewall.

  7. Open a browser in the endpoint device. Enter the IP address of Port1 as follows:

    http://<SFOS device IP address>

    Click Choose file, select the file, and click Open. Click Send to upload the firmware to Sophos Firewall.

    Select the firmware image.

  8. After the file is downloaded, go to SFLoader. Select the firmware you want to overwrite and click Overwrite.

    Select the firmware to overwrite.

  9. Select Migrate. It loads the configuration of the firmware that's not being overwritten (example: Select OK and then press Enter.

    Alternatively, select Factory to use the factory configuration.

    Select the configuration.

  10. Press Enter.

    Message saying configuration will be migrated from the previous firmware to the new one.

  11. Press Enter.

    Message that firmware's loaded and the firewall will restart.

  12. Enter the password of the migrated configuration.

    If you restored Sophos Firewall using the factory configuration, use the default password admin.

    Enter the password on the command-line console.

    CLI menu.