Sophos Central Firewall Manager (CFM) maintenance scheduled for Wednesday, July 8th starting at 06:30 GMT. Expected time to complete is 5 hours. Partners will be unable to access CFM during this period.

XG firewall migration to 18 : probably a BUG

Here, the results of my trials:

I have at home an XG HOME firewall running the version 17.5.10-MR 10; I created and downloaded a backup file

When I tried to upgrade to the firmware version 18, the firewall restarted with the default configuration (Ver.18.0.0.GA running, but just the administrator password set, all other settings have been deleted -no users, no interfaces, no zones, no rules, etc.)

I have also a new XG115 to be prepared/configured for a customer of mine; I registered it, configured it for basic functions and I updated it to the latest firmware version shown (17.5.10-MR10); I also downloaded, from the Sophos site, the related new firmware version 17.5.11-MR11 and 18.0.0 GA Build 354-SF300); after, I configured it for customer environment (LAN IP address, WAN configuration, rules, hosts, etc.); at the end, I created and downloaded the configuration backup.

I tried to RESTORE, successfully, my Sophos XG Home configuration on customer’s XG

I tried to upgrade the firmware to version 18 and it started with the DEFAULT FACTORY configuration (Administrator password remained set)

I also tried to RESTORE the XG HOME configuration backup on version 18, but it didn’t work (I was able to restore, but, at the restart, it was still with the default factory configuration)

So I rollback the firewall, loading the other firmware image directly via GUI, and the configuration was back (and running, but on firmware 17.5.10-MR10)

Then I RESTORED the customer configuration, just created, on version/image 17.5.10-MR10 and it was OK; I updated the firmware version to the 18 and it was OK

I rolled back (boot) again to the version 17.5.10 using the second image on firewall, I RESTORED the XG HOME configuration and I tried to upgrade the firmware version to 17.5.11-MR11 just downloaded on the Sophos site, and IT WORKED WELL; it restarted with the firmware version 17.5.11-MR11 with the correct configuration.

So, I tried to UPGRADE (and boot) to the firmware version 18 and the firewall/GUI showed a message saying “It will restart with the default configuration, do you want to proceed?”



The configuration of XG HOME firewall runs perfectly on version 17.5.10 and 17.5.11 (both on XG HOME device and on XG115 device), but cannot be migrated to the version18; I think there is something in these settings which the UPGRADE of firmware version 18 is NOT ABLE to RUN; in other words, the firmware 18 is NOT ABLE to migrate all parameters set and so it starts on factory default settings; migrating from the version 17.5.11-MR11, the issue persists, but is shown a message.


Is there a way to debug/understand why (or which part of configurtion)?


Many thanks in advance and best Regards  


  • In reply to LuCar Toni:

    All right. The post for Active Sync is coming, but not today ;)
    First, i will reinstall my Sophos with the same Version of Image. Maybe in a few days ...

  • In reply to LuCar Toni:

    you don't believe it. Just reinstalled the Sophos firewall (with this ISO File: SW-17.5.12_MR-12-664.iso), all settings are deleted, only the following are not: Point Protect/ Web Server/ Protection Policies.During the reinstallation process, the following message appeared: Formatting ... This is complete curd, otherwise EVERYTHING on the hard disk would have been deleted or not?

    I suspect, as often mentioned in the post, that my firewall was hacked. Thus, the settings have probably been moved to another partition, which apparently is not captured by the reinstallation! I now have to remove my hard drive and manually connect it to my PC and delete it in this way, but completely!

    That is my explanation, incredible :-(

  • In reply to AndréAegerter:

    I think that the migration from 17.5.12 to v.18 is not yet ready. If you try to migrate, the configuration is lost and reset to the factory default (remember that the admin password is not reset, remains the current set before the migration).

    It happens also if you set a new configuration (on new applicance) on V17.5.12 and you migrate to v.18; so I don't think your appliace has been hacked.

    I decided to await to migrate our customers' firewall on version 18 as far as the new firewall firmware will appear automatically on the proposed firmware upgrade.