Backup and firmware

You can manage the firmware versions and pattern updates. You can also perform backup and restore, and import-export of configurations.

Secure installation and updates

Sophos Firewall performs integrity checks to ensure the security of the firmware, patterns, and configurations.

Sophos Firewall uses standard internal security utilities to sign and verify firmware versions and patterns.

SFOS firmware and patterns: SFOS firmware and pattern integrity is validated before installation and updates. The firmware and patterns are digitally signed using RSA keys with SHA 512 algorithm to validate the source and ensure security.

Integrity checks are performed during firmware installation and changes, including upgrades and downgrades, and apply to airgap installations too.

Sophos Firewall uses an MD5 checksum to verify the integrity of new firmware versions and patterns before installing them.
Secure updates: Firmware downloads are available on a secure portal and as direct downloads to the firewall through a secure update server over SSL/TLS.
Administrator rights: The firewall allows you to create specific administrator profiles with rights to make firmware and pattern updates, take backups and restore configurations, and make specific configuration changes.

All configurations are secured using the Secure storage master key (SSMK). You can't restore or import a configuration without the SSMK.

Firmware

Update the firmware version and change the default language for the web admin console.

Change firmware version
Pattern updates

Specify manual or automatic updates for some modules, such as antivirus, IPS, application signatures, and WAF.

Pattern updates

Backup & restore

Take an encrypted backup of the configuration and restore it.

Backup and restore configurations
Import export

Import and export full or partial configurations.

Import and export configurations
API

Add, update, and delete rules, policies, and objects using the API.

Configuration changes through API