Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Reimage Sophos Firewall

You can reimage hardware, virtual, and software appliances.

Introduction

You use a bootable USB flash drive to reimage the firewall. You can reimage Sophos Firewall with any firmware version.

Warning

Reimaging deletes all the data on Sophos Firewall. Save a recent configuration backup.

Restrictions

  • When you reimage the firewall, it removes the secure storage master key.
  • After you reimage the firewall, enter the master key to restore or import the configurations.
  • If you create a new secure storage master key and roll back to the previous version, the firewall runs with the previous configuration. Configuration changes made before the rollback are lost.

Create a bootable USB flash drive

To create a bootable USB flash drive to reimage the firewall, do the following:

  1. Go to Firewall Installers and download the firmware for your product and platform.
  2. Download balenaEtcher, a free tool to create a bootable USB flash drive.
  3. Run balenaEtcher and accept the license agreement.

    Accept the balenaEtcher agreement to use its tool to create a flash drive.

  4. Insert a USB flash drive in your endpoint device. Select the firmware image you downloaded.

    Note

    The USB flash drive will be formatted. You'll lose all data on it.

    Select the firmware image.

  5. Click Flash and wait for the tool to create a flash drive that can restart the firewall, and wait for validation.

    The balenaEtcher tool creates and validates a flash drive that can restart the firewall.

    Process continues for creating the flash drive.

    Validation process continues.

    Created a flash drive that can restart the firewall.

Reimage Sophos Firewall

To reimage Sophos Firewall, do the following:

  1. Power off Sophos Firewall.
  2. Optional: Connect a monitor to the SVGA or HDMI port of Sophos Firewall to monitor the installation.

    Note

    Sophos XGS Series appliances don't have a monitor port. You can use the on-device LCD screen or status LED to monitor the reimaging process.

  3. Insert the bootable USB flash drive you created in Sophos Firewall.

  4. Power on Sophos Firewall.
  5. To enter the BIOS, press the Delete key when Sophos Firewall is starting. Make sure USB Key is the first boot option in the BIOS.

    BIOS screen with USB key option.

  6. Save and exit the BIOS.

    The firewall restarts.

    Save and then exit BIOS.

  7. Sophos Firmware Installer starts reimaging Sophos Firewall.

    Reimaging Sophos Firewall.

  8. Monitor the installation. You can use the following methods:

    • A connected monitor:

      Monitor the installation.

    • On-device LCD screen (XGS Series rack-mounted hardware):

      Monitor the installation.

    • Status LED on the front of the device (XGS Series desktop hardware):

      Monitor the installation.

      Status LED Meaning
      Blinking red Reimaging in progress
      Solid green Reimaging is successful
      Solid red Reimaging has failed
  9. After the firmware is installed, remove the USB flash disk and type y to restart Sophos Firewall.

    Enter y on the command line to restart Sophos Firewall.

  10. Sophos Firewall restarts with the default configuration.

    Enter the password after Sophos Firewall restarts.

  11. Sign in and restore the configuration you want.