Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • Replies 0 replies
  • Subscribers 29 subscribers
  • Views 3058 views
  • Users 0 members are here
Options
Suggested

Sophos Firewall: Steps to convert Sophos Firewall from PAYG to BYOL on Azure

Priyanka Yadav

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

______________________________________________________________________________________________________________________________________

Table of Contents

Overview

The following Recommended Read goes over the Steps to convert Sophos Firewall from PAYG to BYOL on Azure

Configuration

Step 1: Take a backup

Take a backup of your PAYG Sophos Firewall VM instance

Step 2: Turn off the Sophos Firewall VM Instance

In Azure, turn off the Sophos Firewall VM Instance

Step 3: Delete the Sophos Firewall VM

Now go to the resource group in which Sophos Sophos Firewall has been deployed and select the Sophos Firewall Virtual Machine, Data disk and OS disk, and click on Delete to completely delete it. (In the case of HA deployment select both the Sophos Firewall Virtual Machine Instances and respective Data disk and OS Disk, so there would be 2 VM Instance and 4 disks to be selected).

Step 4: Go to Deployment Option

Once the selected resources have been deleted go to same resource group, go to the Deployment option on the left-hand side pane under Settings.

Step 5: Redeploy

Select the option of SettingUpVM and click on the option of Redeploy. (In the case of HA select the option of SettingUpVm0 and SettingUpVm1, they need to be deployed one after another)

Step 6: Change Image SKU

It will prepopulate details of the previously deployed Sophos Firewall. In here you must change Image Sku from payg-new to byol and click on review and create (For HA deployment perform this step for both the Sophos Firewall VM instances).

Step 7: Validation

If the details for the selected VM are correct, it will pass the validation and then click on create option

After the deployment is successful, you can see a new Sophos Firewall VM instance deployed with the same Public IP address and Plan showing as byol

Step 8: Register your Sophos Firewall

Access the Web GUI of the firewall, it will be having a factory reset configuration without any registration details. Enter your received Serial Number on the registration page and it will automatically synchronize with the licensing server to show the correct details. If you don’t have a Serial Number yet you can choose to start a trial from the registration page. (For HA deployment perform this step for both the Sophos Firewall Virtual Machines)

Step 9: Check the device registration details

Once you are logged in, you can see on the Dashboard that it will display the Serial key. And you can also go to System>Administration>Licensing to check the device registration details.

Step 10: Backup & Restore

After that navigate to System>Backup&Restore and restore the backup you took in Step 1. (For HA deployment, the backup needs to be restored on both the devices)
Note: After the redeployment, make sure the firmware version of the new VM is the same as the old VM for the backup restore to work.

Related Documentation:

Sophos Firewall on Azure: How to Deploy

Recovery steps of the Sophos Firewall VM in Azure

Sophos Firewall: How to implement a full HA (inbound/outbound) on Azure

Sophos Firewall: Deploying standalone firewalls in Microsoft Azure

______________________________________________________________________________________________________________________________________



Added horizontal line below disclaimer and end of rr, change XG->SF, Added Overview, Edited Table of Contents.
[edited by: Raphael Alganes at 11:27 AM (GMT -8) on 4 Dec 2023]
Unfiltered HTML