Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 18 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 1112 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firmware Upgrade from 17.5.12 to 18.5.2 not possible -> urgend

StefanS

Hi there,
I have a defective Sophos XG 230 v19.01 here and a backup of v18.5.2 (before the upgrade to v19.01).
Have here a replacement firewall from Sophos on which is v17.5.12 installed, now wanted to install here offline the v18.5.2 but we rejected with an error message.

I have seen the old v17.x was *.pgp and the v18.x *.sig, ev that is the problem ?

How can i solve the problem ASAP ?!?

Case ID: 06389319 

thanks for any help here

Stefan



This thread was automatically locked due to age.
  • 0

    Hello  ,

    Thank you for reaching out to the community, the appliance which has v17 MR-12 > upgrade to v17 MR-17 following with v18.0.6 MR-6 and then to v18.5 MR4/5 and then to v19.01 MR-1 for a smoother transition, you can find all the firmware here - https://download.sophos.com/firmware/HW/index.html

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

     OK,
    Thanks for the info.
    But from v18 to v18.5.x same error, i have not set the storage master password yet.
    Does that have to do with it ?

  • 0 in reply to StefanS

    SSMK was introduced in v17.5 MR-16 and later so you can set the SSMK while you upgrade from v17.5 MR-12 to v17.5 MR-17   To reset here is the doc - https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/CommandLineHelp/SystemSettings/ResetSSMK/index.html

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

     
    I am back to v17.5.17. rollbach from v18
    Here i am now asked if i want to set the SSKM key. Can i enter and use the previous one ?

  • 0 in reply to StefanS

    Enter and ensure to store it at a secure place because if you forget you'll not be able to recover or restore !

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

     
    I have not lost the key.
    Currently i fail the firmware upgrade from v18 to v18.5.x with the same error message as from v17.5.12 to v18.5.
    I wanted to enter the SSKM only when restoring the config.
    Although I have entered the correct SSKM in v18, a firmware upgrade to v18.5.x is not possible. Why ?

  • 0 in reply to StefanS

    Hi  ,

    This is the migration path table from v17.5 to v18


    And this is the migration path from v18 to v18.5

    Upgrading firmware

    The upgrade details are as follows:

    • Form factors:
      • 18.5 MR5 to MR1 (excluding MR1-1): All form factors can upgrade to these versions.
      • 18.5 MR1-1: Only some XGS Series firewalls can upgrade to this version.
      • 18.5 GA: XG Series firewalls can't upgrade to this version.
    • FIPS: Versions 18.5 MR2 to MR5 are FIPS-compliant.

    Warning We strongly recommend that you migrate only to the approved versions listed in the following table. If you try to migrate to other versions, Sophos Firewall shows an alert asking you to confirm the migration before it restarts. If you confirm the migration, Sophos Firewall restarts with the factory configuration, and you lose your current configuration.

    * You can only migrate some XGS Series firewalls to 18.5 MR1-1. For details of the supported firewalls, see Supported platforms.

     You can downgrade only to compatible versions.

    • Sophos Central: You can schedule firmware upgrades from Sophos Central for firewalls that are already using the following versions:
      • 18.5.x
      • 18.0 MR3 and later
    • Rollback: You can roll back to the previous version if you want. The configuration won't change.
    • Downgrade: You can downgrade from 18.5.x to 18.0.x. However, you can't downgrade from 18.5.x to 17.5 or earlier firmware versions. The web admin console will show an alert. All 18.5.x and 18.0.x versions use the Grub boot loader. The changed bootloader can't recognize 17.x firmware. However, you can install the hardware ISO of 17.5 or earlier if you want and restore the downgraded firmware's backup.

    Security Heartbeat for upgrades to 18.5 MR2 and later

    An upgrade to 18.5 MR2 and later versions refreshes the firewall certificate used by endpoints to send a heartbeat to the firewall. Endpoints must download the refreshed certificate from Sophos Central after the firewall is upgraded to one of these versions.

    Make sure the endpoints have network connectivity. They can then fetch the new certificate from Sophos Central. If the endpoints are blocked from resolving sophos.com through the DNS to download the new certificate, the heartbeat will fail. Example: If you've selected "Block clients with no heartbeat" in the firewall rule, it prevents endpoints from connecting to (internal or external) DNS servers for resolution. For details, see Security Heartbeat connection issue with 18.5 MR2.

    Restoring backups

    To take a backup and restore the configuration between XG Series and XGS Series appliances, see Backup-restore compatibility check.

    You can restore backups as follows:

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

      

    Got it, but.
    Have an XG230 v2 v 18.06. MR6 build655 running here and want to upgrade to 18.5.2 MR2 F310-380,
    according to the list this should work. By the way, Sopohs no longer recognizes my email address to download the firmware.

  • 0 in reply to StefanS

     
    I can't log in to the Sophos support site either. It seems that my account is locked.

  • 0 in reply to StefanS

     In that case I would request you to log a service request with the customer care team, they'll help you in recovering your account !

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML