Sophos Firewall Manager - SFMOS v16 RC-1 Released

Hi XG Community!

We've released SFMOS v16.01.1 RC-1. This release is available to SFM users via our update servers in a staged approach. 

For list of features and changes , Please refer the attached Release Notes : Sophos Firewall Manager SFM v16 RC-1 Release Notes.pdf



Device will be rebooted after upgrade.


Applicable SFMOS versions

Following SFMOS versions can upgrade to this SFMOS release:

  • SFMOS 15.01.0 (GA release - Build 301)
  • SFMOS 15.01.0 MR-1 (Build 425)
  • SFMOS 15.01.0 MR-2 (Build 465)
  • SFMOS 15.01.0 MR-3 (Build 471)
  • SFMOS 15.01.0 MR-4 (Build 486)
  • SFMOS 16.01.0 Beta-1 (Build 999)
  • SFMOS 16.01.1 Beta-2 (Build 020)


Compatible Sophos Firewall OS (SFOS) versions

SFM Release - SFMOS v16.01.1 RC-1 (Build 294) supports Firewalls running on the following Sophos Firewall OS (SFOS) versions:

  • SFOS 15.01.0 (GA release - Build 376)
  • SFOS 15.01.0 MR-1.1 (Build 407)
  • SFOS 15.01.0 MR-2 (Build 418)
  • SFOS 15.01.0 MR-3 (Build 447)
  • SFOS 16.01.1 (Build 202)
  • SFOS 16.01.2 MR-1 (Build 222)
  • SFOS 16.05.0 RC-1 (Build 098)
  • SFOS 16.05.0 GA (Build 117)
  • SFOS 16.05.1 MR-1 (Build 139)
  • SFOS 16.01.3 MR-2 (Build 265)



These release notes provide information about Sophos Firewall Manager v16 RC-1.


What's new in SFMOS v16

  • Improvements in UX / UI
    • Improved layout and navigation that aligns with SFOS v16 and provides a more user friendly approach.
    • Full screen view to monitor more devices in single view on Device Monitor.
    • Better user experience on selecting custom group.
  • Manage SFOS v16 features
    • Comprehensive management that allows to manage new features and workflow updates in SFOS v16 for Web Protection, Email Protection and more.
  • RED S2S wizard
    • Configure a RED Site-to-Site tunnel between a Server and Client in single workflow.
  • Device Hostname
    • Option to configure Device hostname while adding devices in SFM via Device Discovery, and from list of managed devices.
    • Notify via alert when hostname is changed.
  • Device monitor & Alerts now cover endpoints with Missing Heartbeat.



Display the same list of IPS signatures in SFM at device level as visible on the individual Firewall Web Admin UI for given model.


Languages Supported  

  • Brazilian-Portuguese
  • Chinese-Simplified
  • Chinese-Traditional
  • English
  • French
  • German
  • Italian
  • Japanese
  • Korean
  • Russian
  • Spanish


Known Behavior

  • OTP Management
    • Configuring OTP for Administrator access of SFOS device breaks the communication between SFOS and SFM. It is recommended to keep the OTP feature for administrator access of SFOS device turned off.
    • One cannot configure OTP functionality for all users via SFM at group level
  • Managing Firewalls with SFOS v15.x
    • SFMOS v16 allows to manage only SFOSv16 devices at group level. Manage Firewall having SFOSv15.x on a per device basis (device level view)


Bug fixes

  • NCCC-4468 – Cannot apply configuration on a firewall after renaming a Firewall hostname from SFM at device level.
  • NCCC-4409 - Gateway status is displayed as disconnected (red) on SFM Device Monitor even if the Firewall Gateway is Up.
  • NCCC-4391 - Route precedence applied from SFM template does not get updated on the Firewall CLI settings.
  • NCCC-4360 - SFM gives error message ‘Operation unsuccessful. Please check network connectivity’ even if the Internet connectivity is available.
  • NCCC-4355 - High Memory utilization in SFM even when just one Firewall is added for management.
  • NCCC-4242 - SFM Device Monitor displays 0 devices when SFOS devices are deployed in HA and one of the HA device is in fault or incorrect state.
  • NCCC-4159 – Template in SFM cannot be deleted.
  • NCCC-2217 – Junk character displayed on SFM Device level policy page instead of Japanese font.
  • NCCC-4067 – Unable to access Device level view of SF devices in SFM 15.01.0 MR-2


Supported Platforms

  • Physical Appliances: All SFM series appliances
  • Virtual Appliance: All major VM hypervisors are supported including VMware, Microsoft HyperV, Xen, and KVM
  • Software Appliance: Any supported x86 hardware server can be converted into SFM appliance with an ISO image



Firmware updates are available for manual download, via MySophos: Download from MySophos.

Updating your firmware

Sophos Up2Date technology makes it easy to upgrade your Sophos Firewall Manager to the latest version.

There are two ways to apply an available Up2Date package to the device:

Method 1

  • Log in to your SFM web interface.
  • Go to System & Monitor > System Settings > Maintenance > Firmware.
  • Click “Check for new Firmware” to download the latest firmware.
  • Once it is downloaded, click “Install” to begin the installation. The system will reboot and the new firmware will be installed.
  • You can roll back to the previous firmware version by clicking “Boot Firmware” for the previous firmware version. Any configuration changes made between the upgrade and roll back will be lost.

Method 2

  • Download the Up2Date package from MySophos.
  • Go to System & Monitor > System Settings > Maintenance > Firmware.
  • Select “Upload firmware” against the non-active firmware to upload the new firmware file and click “Upload & Boot”. The system will reboot and the new firmware will be installed.
  • You can roll back to the previous firmware version by clicking “Boot Firmware” for the previous firmware version. Any configuration changes made between the upgrade and roll back will be lost.



  • To provide feedback or for a discussion related to SFM features, please visit our community boards. Please indicate the version at the time.
  • To provide documentation-related feedback, please write to us at
  • For more information related to this release, please visit our online forums.