This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SUM-Manager EoL December 2022 - How to migrate XGS to Central with XGS

Announcement: https://support.sophos.com/support/s/article/KB-000043103?language=en_US

Eol overview: https://support.sophos.com/support/s/article/KB-000035279?language=en_US#sgseriesappliances

Does anyone have any experience to migrate a global UTM infrastructure with centralized UTM-Manager on-premise to XGS and Sophos Central ?

I know there is a UTM-Firewall migration Tool - But i found nothing for UTM-Manager - Here now the collected options to move forward to XGS:

Migration path to Central and XGS

Sophos SG Appliances to Sophos XGS Appliance

  • clear way for the hardware
  • UTM is standalone - clear : use migrator
  • UTM is UTM managed - unclear
  • SUM-Manager -> Sophos Central - clear target, but unclear how ?!

SUM Download still possible here:

UTM Downloads are here: 

Some ideas will be great :-)



This thread was automatically locked due to age.
  • Essentially there are two different kind of customers/partners using SUM. The first persona use it for monitoring / alerting, the second persona use it for configuration. (And maybe the third use both). 

    As SFOS (the OS of Sophos Firewall) is differently in the concept like UTM (More firewall rule centered), most likely you will have to look into the conversion of your UTM configuration per appliance. 

    If you have your firewall setup (SFOS) you can look into Central Management for firewalls. Central Management have two different approaches. You can use it for overview and reporting/alerting. Or you can use it for configuration. In Central, you can import the current configuration of your firewall to reuse it, or you can use a blank template to redo some configuration objects. This is up to you. 

    There is no migration tool to migrate the SUM, as the SUM does not offer any kind of "interesting" data of the firewall, which we could convert. Essentially the firewall will be configured and joined the Central Account of the customer. Partner can manage this central instance in there partner dashboard. The interaction is completely different. 

    __________________________________________________________________________________________________________________

  • Thanks fir quick reply  LuCar Toni, as we use SUM for global configuration of Web Proxy, VPN and Monitoring it looks like we really have to plan a complete resetup ! Problem will be that traveling is still not easy and it looks not to be easier next year ! But that´s how Sophos play with us ! So we have to take the nut :-) I personally hope the do not come next month with EoL of UTM and also just give us 12 month ! - We will see !

    Expert-Zone.Net IT Consulting
    Neuenhofer Weg 23 • D-52074 Aachen

  • So VPN configuration is included in much broader scale in Central with Central Orchestration. https://partnernews.sophos.com/en-us/2021/07/products/sophos-central-sd-wan-vpn-orchestration-early-access/

    Web Proxy configurations can be create on one firewall, imported to Central in a group and published to all other firewalls. 

    Monitoring is included in Central as a base platform. It will generate alerts, notifications and the CFR (Central firewall reporting) component shows a overview of the state of all firewalls. 

    BTW: Most of this is currently available for Customer views. So if you use SUM as a partner, there could be certain limitations, which currently are looked at. So if you are a Partner, looking to integrate, feel free to look at the capabilities. 

    __________________________________________________________________________________________________________________