Scheduling firmware update through CFM

Hello All,

I have spun up an instance of SFM and I am trying to update the firmware on a remote firewall.

I have added the firewall to the SFM and it shows up as connected and registered. 

When I go to the firmware tab, it shows the device and the firmware upgrade. I click apply, schedule for immediate, and then nothing happens. The logs on the SFM look like the job happened, but nothing happens on the remote firewall.

What am I missing?

Thanks,

Brent

 

 

  • Hi Brent,

    Please answer following queries to help you further.

    • Are you using SFM or Central Firewall Manager (CFM) ?
    • Is firewall is sync in SFM/CFM?
    • Are you upgrading XG firewall firmware from which version to which new version?
    • Please provide event viewer screenshot with firmware upgrade activity push. 

    Ravi

  • In reply to RaviPatel:

    Hello,

    Sorry, typo in subject line, I am using SFM, not CFM.

    I have 5 firewalls in SFM, all are showing green, synced, and registered.

    Current firmware is SFOS 16.05.5 MR-5, going to SFOS 16.05.6-26  (looks like current SFM may not support MR7?)

    If I try again, I will get the same results. Process initiates, but never happens.

     

    I am not using the 'admin' account to connect, but the account I am using is an admin. Does the process require the built in admin account?

    I am allowing 6514 and 8443 thru the FW to the SFM and using an outbound source NAT to set traffic from the SFM to match the SFM DNS ip.

    The target firewall logs do not show anything from the SFM. 

     

    Thoughts?

     

    Thanks,
    Brent

     

  • In reply to BrentMagnant:

    Hi Brent,

    Have you enabled the Content Distribution on Central Management page of XG?

    Does 8443 port traffic is allowed between XG and SFM?

    Ravi

  • In reply to RaviPatel:

    Enabling Content Distribution appears to have fixed it.

    I thought I could kick off the firmware update and have the fw download it directly from the Sophos mothership.

    I see MR8 came out, any idea how long the delay is in getting new firmware into SFM support? Right now it only does up to MR6.

     

    Thanks!

     

  • In reply to BrentMagnant:

    Hi Brent,

    I will update you once, SFOS 16.5 MR-7 or SFOS 16.5 MR-8 firmware UP2date entry is enabled for SFM/CFM.

    As of now, SFOS 16.5 MR-7 and SFOS 16.5 MR-8 has been released for SFOS 16.5 versions only. Once they are released as GA for all SFOS (v16 and v16.5) version, UP2date entry will be enabled.

    You can upgrade SFOS firmware to SFOS 16.5 MR-7 or SFOS 16.5 MR-8 manually from SFOS GUI.

    Ravi.