Upgrading XG115 from SFOS 18.0.6 MR-6 to SFOS 18.5.1 MR-1: Backup restore not working?

I have the same issue.  Went from 17.5.11 to 18.0.6 build655 and now I can't go to 18.5.1 build 326 unless I want to boot factory default.

Well, at least I'm not the only one then :-)

Man, I miss the good, old UTM days....back when men were men, women were women and firmware upgrades were simple firmwareupgrades that went through without a hitch :-)

No. 

Let me rephrase it: 

The is and will always be a upgrade path from A to B. 

Sometimes a release is a "blocked" scenario. Means a release like V18.0 MR6 is released after V18.5 MR1. So V18.5 MR1 does not support the version V18.0 MR6, as it "does not know, MR6 exists in the first place". 

So to workaround this, Sophos will release the next release (V18.5 MR2), which will be the official supported upgrade path: V18.5 MR2 supports all currently released firmware versions. 

But V18.5 MR2 is currently not being pushed out to every customers via Up2Date (check new firmware). This will be done in stage phases. But you can download the MR2 via MySophos. 

Sophos releases 18.0 MR5 (Apr 2021)

You upgrade to 18.0 MR5.

Sophos releases 18.5 GA (Jun 2021)

"Check for updates" offered you 18.5 GA, which you did not do.

Sophos releases 18.5 MR1 (Aug 2021)

"Check for updates" offered you 18.5 MR1, which you did not do.

Sophos releases 18.0 MR6 (Sept 2021)

"Check for updates" offered you 18.0 MR6  which you upgraded to.

Sophos releases 18.5 MR2 (Nov 2021)


Now you want  to upgrade from 18.0 MR6 (released in September) to 18.5 MR1 (Released in August).  But you can't because even though the version number gets bigger you are actually going to an earlier dated release.

You can however go to 18.5 MR2 released in November because that is a later dated release.

As far as I know (and I am not 100% sure) both 18.5 GA and 18.5 MR1 appeared in the "Check for updates".  It is a few weeks after the official release dates before they are put in the automatic updates.  As far as I know you would have had to ignore both of those and then choose the 18.0 MR6 update.  Again, I am not 100% sure but I *think* the way it works the XG firmware update page would have shown both 18.5 MR1 and 18.0 MR6 at the same time, and you chose 18.0 MR6.

So, if you follow the official upgrade path and install as they are offered, you would be fine.  If you skip releases then you can get into a situation where you cannot upgrade to a larger version number that was released at an earlier date.



Note: There is a similar issue with 19.0 EAP1.  You can only upgrade from 18.5 MR1 to 19.0 EAP1.  If you go to 18.5 MR2 you cannot upgrade to EAP1.

Hello, thanks for your response. I have v18.5 MR2 downloaded, how/where do I manually upload it in Sophos XG?

Hi,

you go to the GUI -> backup and firmware -> firmware -> in the firmware field you click on the version with the arrow and follow the instructions.

Ian

I agree with rfcat_vk - it is NOT intuitive, you are basically using the Upload arrow for the version of firmware that you are NOT currently running.  In my case the upload arrow was to the right of my older 17.5.11, so when I uploaded 18.5.2, it replaced the 17.5.11 and then I was able to boot to 18.5.2 and I received the message that since I was moving up in firmware versions, it would be a migrate boot.  I understand that the firewall can only hold one current running and one offline firmware, but it's still poor GUI layout if you ask me.

Thank you, any reason why this firmware would not upload? It errors out any says the firmware not compatible. I will come back in a bit with the event ID info. 

Please show us the file name and what appliance you are using. 

File name - SW-18.5.2_MR-2.SFW-380.sig
Appliance - XG 210

Event ID - 17512: Firmware installation failed. Firmware is invalid for this appliance model.

Yes - Its the wrong file. You have the Software Update File. Please go to the mySophos Portal and look for your Appliance under Devices. There is a Download Link to the HW Image. 

How are you all. I was looking to get solution. Can I expect a complete answer in this forum?

How are you all. I was looking to get solution. Can I expect a complete answer in this forum?