The Management > Up2Date menu allows the configuration of the update service of Sophos UTM. Regularly installed updates keep your Sophos UTM up-to-date with the latest bug fixes, product improvements, and virus patterns. Each update is digitally signed by Sophos—any unsigned or forged update will be rejected. By default new update packages are automatically downloaded to Sophos UTM. This option can be configured in the Management > Up2Date > Configuration menu.
There are two types of updates available:
- Firmware updates: A firmware update contains bug-fixes and feature enhancements for Sophos UTM Software.
- Pattern updates: A pattern update keeps the antivirus, antispam, intrusion prevention definitions as well as the online help up-to-date.
In order to download Up2Date packages, Sophos UTM opens a TCP Transmission Control Protocol connection to the update servers on port 443—allowing this connection without any adjustment to be made by you. However, if there is another firewall in between, you must explicitly allow the communication via the port 443 TCP to the update servers.
Updates in High Availability and Cluster Mode
In a high availability system there is an active and a passive node. When a new update is available, the passive node installs the most recent update and takes over the role of the active node. After that, the new passive node also starts the update process.
In a cluster you have several nodes: Master, Slave and Worker. If an update is available, the slave node and half of the worker nodes install the recent update. When the installation is finished, the slave node gets the role of the master. Then the other nodes start the update process. Therefore you have no service disruption. If one or more nodes are in SYNCING state, you cannot update Sophos UTM.