Reverting firmware through SSH on SFOS v18+

A few days ago I got into a difficult situation where an XG 135 was unreachable through VPN after updating to SFOS 19.0.0 GA-Build317.

This wasn't the first time I was having issues with SFOS v19.0.0 GA-317 update, but it was the first time while working remotely.

I was not on site, and since I couldn't establish a VPN connection with the device after the fw update, for whatever reason, I tried to find a workaround to regain remote access.

Luckily, I had terminal access from a device on that LAN (Synology NAS, Docker ssh client); my first thought was to try to revert the firmware back, and I tried using the methods discussed here:

Unfortunately, the methods on the previous link didn't work for me. I'm unsure why (maybe FW version?), rebootfw command didn't return any errors but it also didn't return anything, after a reboot it clearly wasn't working as intended or suggested.

I eventually used another command which apparently is issued by the system during firmware updates: loadfw

This worked for me:

1. SSH into the firewall
2. Choose option 5 (Device Management)
3. Choose option 3 (Advanced Shell)
4. Execute: showfw

The command above returns a list of existing firmwares on the device:

We already know which version is in use from the terminal prompt alone, for example:
XG135_XN03_SFOS 19.0.0 GA-Build317#

If Firmware 1 (FW1) is in use, we probably want to switch to Firmware 2 (FW2) - and vice-versa.

5. To switch to FW2, execute: loadfw -d -f 2
-d: Sets the firmware # passed by -f as the default FW to use
-f #: Tells which firmware to use for this command

6. Reboot the device now by issuing: reboot

It took around 5-10 min. for me to regain access to the device, hope this helps someone else.

Edited TAGs
[edited by: emmosophos at 6:00 PM (GMT -7) on 23 May 2022]