Up2Date to latest package only

Question

I just took over support of a SG230 running firmware 9.308-16. It's been up and running for a couple of years and when I had Up2Date set to auto WebAdmin showed 29 updates ready to install; however, the Up2Date log indicated that there was not enough space to proceed. The device has also been dismally slow with generating and sending out reports. I see that the downloaded GPG packages are downloaded to /var/upd2date/sys but unfortunately that is within the root partition of only 5GB. There will never be enough free space to download all 29 updates. I did delete all those packages and got back to 48% free on the root partition. 
 My question is ... Do I have to download each one of those updates in succession and install them one at a time, manually, or can I jump to the end of each major version. For example: can I just grab the latest 9.3xx and install that then jump to the latest 9.4xx and installed that. 
 I only have a 2 hour window for doing the maintenance on this device so downloading each manually, installing, and rebooting 29 times seems like a lot of effort. 
 Up2Date failed: Not enough free space for '/var/up2date/sys'. Required space: 362737 KB Available space: 283548 KB; inodes: 309683

Alexander Busch · Accepted Answer

Yes unfortunate you had to do this manually. HA would be nice in that case ;-) 
 The steps should be 
 1. Shell into the firewall and navigate to /var/up2date/sys -> cd /var/up2date/sys 
 2. wget the patch file (.tgz.gpg extension) -> wget 
 Or SCP the batch of 10 updates 
 3. Invoke auisys.plx with the –showdesc paramater -> auisys.plx --showdesc 
 4. Install the update. -> cc system_up2date system_update 
 Alternatively you can go into the web interface and schedule the install from there. 
 More info: 
 Best regards 
 Alex

Kipland Iles · Answer

Ok - just did a small dry run on this and used wget to download to /var/up2date/sys. I then ran auisys.plx --showdesc. 
 I see that I must be very careful with which patch I download. If I download u2d-sys-9.308016-309003.tgz.gpg then I assume that means 9.308-16 to 9.309-3? I bring this up because I first mistakenly downloaded u2d-sys-9.309003-310011.tgz.gpg thinking I was getting 9.309-3 but when I refreshed the GUI it said 9.310-11. The live Up2Date log said "unpacking up2date package version: 9.310011". Looks like I would have missed 9.309.3 and that might have been bad. 
 What is still not clear is the reboot. From the GUI after downloading the "correct" next patch and running auisys.plx --showdesc I see ... 
 
 Should I click Update to latest version now or Install . Would either option NOT require a reboot. Would a reboot be required before installing another? I don't do this often but I seem to remember when there are a number of patches to install and I go through the GUI either manually or using Schedule it installs all of the patches and reboots at the end.

DouglasFoster · Answer

You revived an old post. Fortunately, the original problem was solved despite the bad advice given. 
 Configuration files are upward compatible. Save your configuration. Make sure that you will be able to connect to UTM using a laptop using the factory default IP address. Rebuild your UTM from the latest CD to an initial factory load. Restore your configuration file. You are done, and you do not have the baggage of all of those incremental updates. 
 Learned this from Sophos Support, by necessity, when my upgrade from 9.408 to 9.506 had a fatal error during installation of one of the intermediate kits. I was terrified, but the process was much quicker than applying each update one at a time. 
 Of course, your options for doing this are limited by the ISO image versions offered by the Sophos website or that you have previously downloaded from them.