by
Etienne Liebetrau
Upgrading to the latest version of Sophos UTM is always a worthwhile exercise, however you may want to first perform this upgrade in a sandboxed lab environment. There is the Up2Date feature, where updates can be downloaded and installed automatically, but this requires an active Internet connection. What if your Sophos UTM is offline?
If your test environment is virtualized (recommended), there is a relatively simple process to upgrade your Sophos UTM offline. The same process can also be used to recover a device should you lose the Sophos UTM's configuration for whatever reason.
In this article I will upgrade a virtualized Sophos UTM running on Hyper-V, but you can apply the same concepts for VMWare. See my article on deploying Sophos UTM on Hyper-V for a detailed guide on getting started on Hyper-V.
The Sophos UTM ISO images are often updated. At the time of writing this, the latest available version was asg-9.205-12.1.iso The newest version of the UTM is always available from https://download.astaro.com/UTM/v9/software_appliance/iso/
You can check to see what the currently installed firmware version is from the dashboard.
It is a good idea to have your management interface configuration documented before you proceed. Take note of the adapter hardware and the IP configuration. To do this:
Next, you will create the configuration backup file, and shut down the Sophos UTM ready for upgrade.
Note: This backup process does not back up any of your log data. If you rebuild the VM at this point, it will not retain the logs. If however you are using Sophos Reporter, you already have your logs exported to a powerful reporting tool, because of this the need to retain logs on the device during an upgrade is mitigated.
The upgrade process is as simple as building the newer version of the UTM and restoring the backup to it.
Since we are using a virtual machine, we have the advantage of simply creating a new virtual hard drive while keeping the old one. This makes it easy for us to roll-back if needed, and it allows us to keep the hardware configuration, especially the NICs, unaltered.
First, from the Hyper-V Management Console go to the properties of your UTM virtual machine, and create a new blank virtual disk:
Next, attach the ISO:
You can now connect to the VM through the Hyper-V Console and start the build process. For detailed information on this, please refer to my previous post: How to deploy Sophos UTM on Hyper-V in 7 simple steps.
During the build process, you will need to specify the management interface and IP. This should be the same as when you did the backup as noted in step 1 above.
Let the build process complete, reboot and then log into the management interface.
Now the initial build process has completed, you will need to complete the basic system setup, then restore from your backup:
Once this is done you will be logged out. Give the process a minute to apply all the setting from the backup and then log back in again.
If you look at the dashboard now you should see updated Firmware version and the UTM should be configured with all of your previous settings.
I hope this helps anyone looking to upgrade or restore their Sophos UTM virtual appliance. If you have any questions, let me know in the comments!
Download our FREE 14-day trial, or schedule a demo and we'll show you how it works.
How to Configure Multiple Site-to-Site SSL VPNs with Sophos UTM
Easy WAN Emulation for Application Testing