Schedule pattern updates at a specific time

It is ridiculous isn't it and it still hasn't been sorted. I got this escalated to a senior tech support engineer and he agreed it was ridiculous. He had to close the case because the behavior was 'as expected' but his manager was going to take it up with product development to try and get it resolved as a high priority. That was 3 months ago so we shall see.

You can vote for this feature but quire frankly I don't think Sophos take much notice. It is the second highest requested feature and was first requested 5 years ago...still nothing - https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/13066116-scheduled-installation-of-the-av-updates-and-firmw

This feature request is more likely come up because of the Firmware schedule, not the Pattern update. Firmware update is possible via Central. 

Most customers, i know facing such issues, have limited RAM. This should not happen on a XG210, as i would expect. Can you check your current RAM Consumption? 

Firmware updates happen every few months and (at least for smaller estates) are easy to manage manually out of hours. IPS and ATP updates happen a few times a week. On a 100 series router, connectivity is lost for 3 minutes. How is that acceptable in a router? How do you explain to a customer, "yeah I know it drops all your phone calls a couple of times a week, it's designed that way!".

I've said this before but it clearly needs repeating. Sophos desperately needs someone with some business sense in their product development team because their design decisions and priorities often make no sense to people actually having to deploy and support the product.

I can not believe that implementing a scheduling system for updates is a major programming effort so why have we not got it after 5 years?

RAM consumption isn't a problem, it's around 35%. As I said, they are XG210s. I think JasP has it right, Sophos needs to come up with a solution to this connection drop issue, or at the very least implement proper scheduling for pattern updates so we can actually work around the problem in a reasonable way. 

A appliance with 35% consumption should be able to add and reload the engine without interruption.

See: https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/tasks/IPSCustomSignatureAdd.html

Would suggest to open a case. 

A appliance with 35% consumption should be able to add and reload the engine without interruption.

See: https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/tasks/IPSCustomSignatureAdd.html

Would suggest to open a case. 

I showed that article to all our Sophos XG devices and they just shrugged!

We manage 3 100 series devices that all run with a memory utilisation of 60-70%. They all drop traffic for 2-3 minutes when there is a IPS/ATP update. Whatever the reason, this is unacceptable. This is not just my opinion, it is the opinion of Sophos's own technical support. You may say that that isn't enough memory free but these are all new XGs so Sophos should supply hardware with more memory or at least provide a workaround by allowing us to schedule those updates.

I appreciate this isn't necessarily relevant to the OP as they have a 210. I need to check this on our own 230. I know on my home XG (a rev1 430) it drops traffic for 4 seconds (it's running home edition but is only running at 35% memory utilisation), so the claim "IPS engine is reconfigured without any interruption" is still not true (this was tested on MR3 or 4, it's a few months ago and I can't remember what was current at the time).

I have tested this extensively with a program called Pingplotter that constantly monitors connectivity. I can then check the timing of service interruption against the update times. I have had a support case escalated to a senior level but the answer from the development team is just "that's the way it works". I wasn't aware of this article at the time but I'm sure if I pointed it out to them they would just change the article!