Upgrading XG115 from SFOS 18.0.6 MR-6 to SFOS 18.5.1 MR-1: Backup restore not working?

I have the same issue.  Went from 17.5.11 to 18.0.6 build655 and now I can't go to 18.5.1 build 326 unless I want to boot factory default.

Well, at least I'm not the only one then :-)

Man, I miss the good, old UTM days....back when men were men, women were women and firmware upgrades were simple firmwareupgrades that went through without a hitch :-)

My update journey yesterday started out with release 17.5, I couldn't directly upgrade to 18.5 because I was only offered release 18.0 using the builtin update mechanism.

You're certainly right that this whole thing would have gone a lot smoother if firmware upgrades would have been applied in a timely fashion.

I'll try the above posted solution and manually upload the 18.5.2 package, we'll see if this does the trick.

Yes, because V18.5 MR2 is not officially released via Up2Date. It is still on the soft release. It will come to your appliance via up2date in the upcoming Days. 

BTW: Why are you still on V17.5? Most attacks occurs due lack of patching. 

It was one of those "could you take a look at this" situations, I don't have any jurisdition over the appliance in question and from the looks of it, the regular service provider didn't really do a stellar job with keeping everything up to date. :-)

LuCar Toni said:

Just to be sure: You never will run in such issues, if you stay on the "officially released path". You will go from V17.5 to V18.0 to V18.5 without any issue. Simply because you tried to update something, which is not officially released for your current situation, it will not be supported (by the time). But as a customer, you had the option. By the time, you installed MR6, there was V18.5 MR1 also supported. You do not have to go to V18.0 first. 

Hi. I don´t unterstand. I have a XG106, running on SFOS 18.0.6 MR-6-Build655. All FW Updates i´ve made was via "Check for new Update". So I´ve updated to SFOS 18.5.1 MR-1-Build326 via "Latest available firmware" on XG. Reboot, facrory settings. Why? I have done the official upgrade path, haven´t i?

I was under the impression that the move to 18.5 would always lead to factory default settings?

No. 

Let me rephrase it: 

The is and will always be a upgrade path from A to B. 

Sometimes a release is a "blocked" scenario. Means a release like V18.0 MR6 is released after V18.5 MR1. So V18.5 MR1 does not support the version V18.0 MR6, as it "does not know, MR6 exists in the first place". 

So to workaround this, Sophos will release the next release (V18.5 MR2), which will be the official supported upgrade path: V18.5 MR2 supports all currently released firmware versions. 

But V18.5 MR2 is currently not being pushed out to every customers via Up2Date (check new firmware). This will be done in stage phases. But you can download the MR2 via MySophos. 

Sophos releases 18.0 MR5 (Apr 2021)

You upgrade to 18.0 MR5.

Sophos releases 18.5 GA (Jun 2021)

"Check for updates" offered you 18.5 GA, which you did not do.

Sophos releases 18.5 MR1 (Aug 2021)

"Check for updates" offered you 18.5 MR1, which you did not do.

Sophos releases 18.0 MR6 (Sept 2021)

"Check for updates" offered you 18.0 MR6  which you upgraded to.

Sophos releases 18.5 MR2 (Nov 2021)


Now you want  to upgrade from 18.0 MR6 (released in September) to 18.5 MR1 (Released in August).  But you can't because even though the version number gets bigger you are actually going to an earlier dated release.

You can however go to 18.5 MR2 released in November because that is a later dated release.

As far as I know (and I am not 100% sure) both 18.5 GA and 18.5 MR1 appeared in the "Check for updates".  It is a few weeks after the official release dates before they are put in the automatic updates.  As far as I know you would have had to ignore both of those and then choose the 18.0 MR6 update.  Again, I am not 100% sure but I *think* the way it works the XG firmware update page would have shown both 18.5 MR1 and 18.0 MR6 at the same time, and you chose 18.0 MR6.

So, if you follow the official upgrade path and install as they are offered, you would be fine.  If you skip releases then you can get into a situation where you cannot upgrade to a larger version number that was released at an earlier date.



Note: There is a similar issue with 19.0 EAP1.  You can only upgrade from 18.5 MR1 to 19.0 EAP1.  If you go to 18.5 MR2 you cannot upgrade to EAP1.

Hello, thanks for your response. I have v18.5 MR2 downloaded, how/where do I manually upload it in Sophos XG?

Hi,

you go to the GUI -> backup and firmware -> firmware -> in the firmware field you click on the version with the arrow and follow the instructions.

Ian

I agree with rfcat_vk - it is NOT intuitive, you are basically using the Upload arrow for the version of firmware that you are NOT currently running.  In my case the upload arrow was to the right of my older 17.5.11, so when I uploaded 18.5.2, it replaced the 17.5.11 and then I was able to boot to 18.5.2 and I received the message that since I was moving up in firmware versions, it would be a migrate boot.  I understand that the firewall can only hold one current running and one offline firmware, but it's still poor GUI layout if you ask me.

I agree with rfcat_vk - it is NOT intuitive, you are basically using the Upload arrow for the version of firmware that you are NOT currently running.  In my case the upload arrow was to the right of my older 17.5.11, so when I uploaded 18.5.2, it replaced the 17.5.11 and then I was able to boot to 18.5.2 and I received the message that since I was moving up in firmware versions, it would be a migrate boot.  I understand that the firewall can only hold one current running and one offline firmware, but it's still poor GUI layout if you ask me.