Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 29 subscribers
  • Views 2652 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Upgrading XG to V18 via Sophos Central using "backup & firrmware" manual update

Chris Grupe

Hello Sophos Group,

I'm a novice with the XG platform and most of my experience was with Check Point & Cisco ASA.

 

Right / Wrong, I have inherited some small 115's which are behind a NAT gateway, meaning the WAN interface is using private RFC 1918 space (i.e. 10.x.x.x)..

This limits my direct access to the firewall externally and I do not have access to the directly attached upstream gateway / FW.

Both XG's are remotely located and 2000+ miles away.

 

I've tried to push v18 to both XG115's via Sophos Central FW Manager and it times out after 3-5 minutes.

Maybe I was not looking thoroughly through support docs, etc. Can Manual Uploads for v18 code be done through Sophos Central to the XG's?

 

If not, are there any other options without involving personnel on site?

I'm a unix admin and thought about console access through Sophos Central FW and try to pull the code up via SCP, not sure that is an option..

 

Thanks for your feedback,
Chris



This thread was automatically locked due to age.
Parents
  • 0

    Hi Chris,

    what is the current version of XG on those devices and which version of v18 are you trying to install?

    Ian

  • 0 in reply to rfcat_vk

    Hi Ian,

    Thanks for your question. I'm currently running v. SFOS 17.5.8 MR-8 on both and if I want, I could roll back to 17.5.5 MR-5..

    Best,

    Chris

  • 0 in reply to Chris Grupe

    Hi Chris,

    I don't use SFM, just CM. Now if you want to upgrade to v18.0.354 the minimum v17 you will need to be on will be v17.5.9 MR-9.

    At the moment there is no automatic upgrade path to v18, you would need to download the upgrade file from your mysophos portal.

    Ian

  • 0 in reply to rfcat_vk

    I'm sorry, my subject line was misleading.

    I use Sophos Central Firewall Manager (CFM) to manage the firewalls.

    While using CFM and doing a manual code upgrade, the code upgrade times out, it won't allow for a lengthy firmware file upload.

    I realize you need to hop to 17.5.9 to get to v18.. When I try to upload 17.5.9, I can't get it to upload. I can't remember the name of the spinning wheel which shows the upload is in process, but after 5min it disappears. I've also tried Chrome, Firefox, and Safari and this is consistent across all 3 browsers.

    Does Sophos CFM allow for manual uploads?

     

    Even if I try to upgrade the FW's to the min 17.5.9 through Central Firewall Manager, it times out when directly uploading firmware from my laptop.

     

    I hope that makes sense..

     

    Thanks,
    Chris

  • 0 in reply to Chris Grupe

    Hi Chris,

    I suspect that issue has something to do with SFM, there have been other complaints about the performance and also I suspect your link speed and the download speed to the XGs.

    Ian

  • 0 in reply to rfcat_vk

    Actually the upgrade via upload a Firmware is not kinda supported via SSO Login. In rare cases, this works, but the usual way would be to simply push it via Central by clicking upgrade.

    But i get your point, having a XG with a Firmware running, that is currently not on the system itself, is hard to maintain. 

    Maybe you have to wait until V18 will be released to all firewalls or you build up a IPsec Connection to those firewalls. 

Reply
  • 0 in reply to rfcat_vk

    Actually the upgrade via upload a Firmware is not kinda supported via SSO Login. In rare cases, this works, but the usual way would be to simply push it via Central by clicking upgrade.

    But i get your point, having a XG with a Firmware running, that is currently not on the system itself, is hard to maintain. 

    Maybe you have to wait until V18 will be released to all firewalls or you build up a IPsec Connection to those firewalls. 

Children
No Data