Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
______________________________________________________________________________________________________________________________________
Table of Contents
- Overview
- Configuration
- Step 1: Take a backup
- Step 2: Turn off the Sophos Firewall VM Instance
- Step 3: Delete the Sophos Firewall VM
- Step 4: Go to Deployment Option
- Step 5: Redeploy
- Step 6: Change Image SKU
- Step 7: Validation
- Step 8: Register your Sophos Firewall
- Step 9: Check the device registration details
- Step 10: Backup & Restore
- Related Documentation:
Overview
The following Recommended Read goes over the Steps to convert Sophos Firewall from PAYG to BYOL on Azure
Configuration
Step 1: Take a backup
Take a backup of your PAYG Sophos Firewall VM instance
Step 2: Turn off the Sophos Firewall VM Instance
In Azure, turn off the Sophos Firewall VM Instance
Step 3: Delete the Sophos Firewall VM
Now go to the resource group in which Sophos Sophos Firewall has been deployed and select the Sophos Firewall Virtual Machine, Data disk and OS disk, and click on Delete to completely delete it. (In the case of HA deployment select both the Sophos Firewall Virtual Machine Instances and respective Data disk and OS Disk, so there would be 2 VM Instance and 4 disks to be selected).
Step 4: Go to Deployment Option
Once the selected resources have been deleted go to same resource group, go to the Deployment option on the left-hand side pane under Settings.
Step 5: Redeploy
Select the option of SettingUpVM and click on the option of Redeploy. (In the case of HA select the option of SettingUpVm0 and SettingUpVm1, they need to be deployed one after another)
Step 6: Change Image SKU
It will prepopulate details of the previously deployed Sophos Firewall. In here you must change Image Sku from payg-new to byol and click on review and create (For HA deployment perform this step for both the Sophos Firewall VM instances).
Step 7: Validation
If the details for the selected VM are correct, it will pass the validation and then click on create option
After the deployment is successful, you can see a new Sophos Firewall VM instance deployed with the same Public IP address and Plan showing as byol
Step 8: Register your Sophos Firewall
Access the Web GUI of the firewall, it will be having a factory reset configuration without any registration details. Enter your received Serial Number on the registration page and it will automatically synchronize with the licensing server to show the correct details. If you don’t have a Serial Number yet you can choose to start a trial from the registration page. (For HA deployment perform this step for both the Sophos Firewall Virtual Machines)
Step 9: Check the device registration details
Once you are logged in, you can see on the Dashboard that it will display the Serial key. And you can also go to System>Administration>Licensing to check the device registration details.
Step 10: Backup & Restore
After that navigate to System>Backup&Restore and restore the backup you took in Step 1. (For HA deployment, the backup needs to be restored on both the devices)
Note: After the redeployment, make sure the firmware version of the new VM is the same as the old VM for the backup restore to work.
Related Documentation:
Sophos Firewall on Azure: How to Deploy
Recovery steps of the Sophos Firewall VM in Azure
Sophos Firewall: How to implement a full HA (inbound/outbound) on Azure
Sophos Firewall: Deploying standalone firewalls in Microsoft Azure
______________________________________________________________________________________________________________________________________
Added horizontal line below disclaimer and end of rr, change XG->SF, Added Overview, Edited Table of Contents.
[edited by: Raphael Alganes at 11:27 AM (GMT -8) on 4 Dec 2023]