Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 40 subscribers
  • Views 1527 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firmware Confusion

Brian Christensen

While I am an IT technician with over a couple decades of experience,  I am brand new to Sophos routers.  I am over 99% sure that a new XG-106 router that I am pre-configuring for a client of mine, shipped from the factory with firmware version "17.5 11 MR11" installed on it.  While pre-configuring this router, I discovered that I needed to upgrade the firmware to version 18, to get some needed functionality (a second DHCP IP-range/server for a VLAN....apparently that's not supported on any XG firmware version lower that v18....at least according to the following forum post:  https://community.sophos.com/products/xg-firewall/f/network-and-routing/92710/dhcp-for-vlans).

Therefore, I backed up my XG's settings (thank goodness!), and I then upgraded to v18.0 GA-Build354.  That firmware upgrade was successful, but then, when I went to restore the XG's settings (via that backups file), I get the error message of:  "Backup cannot be restored on this firmware."

So I do a little more research, and I find that an even newer version of the v18 firmware had actually, recently been released (v18 MR1), but then had to be pulled back due to significant bugs:  https://community.sophos.com/kb/en-us/135378

However, in that same article, it says: "Customers who have already updated to the latest v17.5 build MR11 [which my XG shipped with from the factory], must wait for the revised v18 MR1 release."

QUESTIONS:

1)  Is that last sentence above, the reason that I am getting that settings restore error I mentioned above, or not?

2)  Why can't I restore my settings in the scenario I've described above?  In other words, if the answer to my question #1 immediately above is "yes," then can some explain how firmware releases of GA's and MR's are incompatible??  I am having a hard time understanding that.

3)  Also based on the scenario above, since I cannot install this router onsite at the client's office until I have a DHCP server with a second range working on a VLAN, then that means that I can't install this router at the client's office until firmware v18 MR1 is released, correct?  If so, is there any ETA on a fixed version of v18 MR1 being released?

 

Thank you in advance for your assistance!



This thread was automatically locked due to age.
Parents
  • +1

    Hi,

    v17.5.11 was released after v18.0.0 354 and as such the new/fixed features in MR-11 we not included int he 354 version. V18.0.1 MR-1 did actually provide a migration function fro V17.5.11.

    At the moment I do not have v18.0.0 MR-1 patched installed, waiting on advice from the Devs before restoring to full operation.

    I will restore it later this morning and test the dual DHCP on a VLAN, not sure why you would want two different IP subnets on a VLAN. From testing I did in v18.0.0. 354 you can have the additional DHCP servers as long as they are subnets of the interface IP address.

    Please expand your use of I am assume two different subnets on the same VLAN eg 192.168.0.0/24 and 10.10.10.0/24

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thank you very much for your reply!

    Let me clarify:  I do not want two subnets on the same single VLAN.....I couldn't even get a single, *different* subnet & DHCP server working on the VLAN (a different subnet from the main LAN).  HOWEVER, shortly after I posted my question below, I realized I was somewhat wrong about that:  I *had* previously got a different subnet via a 2nd DHCP server on the XG working on the *wired* only VLAN.  Indeed, what I went to test this morning was iwhether that same, second DHCP server & subnet would work via a 3rd party wireless access point (whose traffic was tagged with the same VLAN tag as the Sophos).  That did not work (for some reason.....can the Sophos tell that traffic originated via WiFi, & could that be the cause somehow?).  Regardless, me forgetting that I had gotten the wired VLAN working correctly on the v17.x firmware, led me down this "firmware rabbit hole" today :(

    Now, can I downgrade back to that v17 firmware that is sti on my XG?.....Any downsides to doing that?  If I can downgrade, I can restore my settings.

    You explanation makes sense for why I can't restore settings, because I now know (thanks to you) that I was trying to restore settings from a newer version firmware to an older version firmware.  However, how was I supposed to know that?  Certainly *not* from the firmware version numbers (lol).  Is there a website somewhere for future reference, of XG firmware release history?

    If need be, I'll start a different thread on why correctly tagged (for VLAN) WiFi traffic (from a 3rd party WAP) doesn't get *any* IP address assigned to it, where the wired VLAN traffic does.

    Thanks again!!!

Reply
  • 0 in reply to rfcat_vk

    Thank you very much for your reply!

    Let me clarify:  I do not want two subnets on the same single VLAN.....I couldn't even get a single, *different* subnet & DHCP server working on the VLAN (a different subnet from the main LAN).  HOWEVER, shortly after I posted my question below, I realized I was somewhat wrong about that:  I *had* previously got a different subnet via a 2nd DHCP server on the XG working on the *wired* only VLAN.  Indeed, what I went to test this morning was iwhether that same, second DHCP server & subnet would work via a 3rd party wireless access point (whose traffic was tagged with the same VLAN tag as the Sophos).  That did not work (for some reason.....can the Sophos tell that traffic originated via WiFi, & could that be the cause somehow?).  Regardless, me forgetting that I had gotten the wired VLAN working correctly on the v17.x firmware, led me down this "firmware rabbit hole" today :(

    Now, can I downgrade back to that v17 firmware that is sti on my XG?.....Any downsides to doing that?  If I can downgrade, I can restore my settings.

    You explanation makes sense for why I can't restore settings, because I now know (thanks to you) that I was trying to restore settings from a newer version firmware to an older version firmware.  However, how was I supposed to know that?  Certainly *not* from the firmware version numbers (lol).  Is there a website somewhere for future reference, of XG firmware release history?

    If need be, I'll start a different thread on why correctly tagged (for VLAN) WiFi traffic (from a 3rd party WAP) doesn't get *any* IP address assigned to it, where the wired VLAN traffic does.

    Thanks again!!!

Children
  • 0 in reply to Brian Christensen

    Hi,

    there were notes in the release information at the top of the forums before they were replaced/pulled.

    If you have v17.5.11 still on your XG you can click on the install button and it will install that version. I am bit confused with what configuration is installed with a rollback, in theory the continuation should be restored when you roll back, though the two times I have rolled back I got different configuration  hence my confusion. If you have taken a copy you will be able to restore MR-11.

    The XG only allows Sophos APs to be managed and no it cannot tell where the DHCP request originated from. Is your WAP enabled for VLAN and is the port it is connected to tagged? If your WAP is not VLAN aware and not connected to a tagged port then it should forward DHCP requests to the DHCP server.

    If after this little explanation you cannot get it to work, please start a new thread and post your network setting eg a screenshot.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML