This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM9 updates

I have two SOPHOS UTM9 that are connected together via IP sec tunnel and those two Firewall are running on 9.710-1 version and latest firmware version  is 9.714-4, so there are 4 versions to the last one as show below,

My question is what is the safe method to update my two firewall without any issues ? Thank you.



This thread was automatically locked due to age.
Parents
  • Install them in order.  The Release Notes from Sophos on at least two of these versions said to install them one after another.  I wouldn't jump just to the end.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • thank you for your feedback, i have worries to lose my configuration especially ipsec tunnel because the other site is far from me and i want to start update remotely

  • You should only lose connectivity upon rebooting it as the Up2Date files are applied.  It should automatically reconnect as normal.  I have a Site-to-Site IPSec connection set up at home, and either side updates fine and reconnects.

    The only time I believe you would have any issues like that, would be if the IP changes.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Reply
  • You should only lose connectivity upon rebooting it as the Up2Date files are applied.  It should automatically reconnect as normal.  I have a Site-to-Site IPSec connection set up at home, and either side updates fine and reconnects.

    The only time I believe you would have any issues like that, would be if the IP changes.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Children
  • can you please explain me what you mean about IP changes, thank you

  • I mean if you don't have a static IP assignment, some ISP providers may change your external IP.  That's really kind of gone, but some still do this when you reboot your modem/router and the first hop (firewall) could get a new IP.  Now I only see that when you change a NIC because of the MAC address changing, so it's not all that common anymore.

    Most site-to-site connections rely on that information, so if that changes, it breaks the connection until you update your IP information in the tunnel.

    I've only seen that one time with my own site connection on the other end, but that was because hardware was completely changed out, thus a new IP.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Thank you Amodin for your Feedback, i really appreciate