Best practice UTM update process


We have been running a (out of date) Sophos UTM. 9.413-4 as a Hyper-V appliance for a few years now. Due to legacy software/hardware combinations giving us compatibility issues we have not upgraded it to the latest version. Please could you advise the best approach.

Keeping in mind we have limited timeframes to carry out the process  (Possibly 2-3 hour window) - I currently see 2 paths:

1. Create a new Hyper-V guest from an ISO using the latest version of the software. (9.715?) Then apply my backup config. Will my backup configuration file work as it is from a much earlier version?  This gives us time to prepare and a cutover approach with the roll back option of the existing machine should we encounter problems. (Will this cause a licence issue as we would have 2 appliances licenced at the same time during the migration?)

2.  I proceed to use the up2Date interface to apply the 50+ patches. Am I correct in the fact I have to install ALL patches incrementally until I get to the latest version? This would be time consuming but feasible in stages as we cannot have major downtime from this firewall. 

I would like to go with option 2, taking a checkpoint of the appliance ahead of  each patch process. 

Any thoughts/further advice or guidance ahead of the process would be greatly appreciated.  


Many thanks,

Kind regards,