Migrating from Sophos UTM/SG appliance to Sophos Firewall / XGS appliances.

Sophos has announced that as of Jan. 4, 2023, the UTM/SG Series will be removed as a Core Product. This will affect all Sophos UTM products (software/virtual/cloud) and the SG Series hardware appliances. In short: changing the product status from Core to non-Core product means that the final chapter has finally begun.

To be clear:
Sophos customers still using an SG firewall can still buy renewals and even new firewalls until the EOS (End of Sales) is announced. The products will work until the end of 2025 (current date +3 years) or even longer. And offering and selling UTM/SG products will continue until the transition date. But existing customers noticed for some time that UTM firmware was no longer being developed, only maintained. On the other hand, Sophos Firewall/ XGS firewall has undergone significant development and feature enhancements in recent years and has become the firewall of choice for the majority of our reseller partners and their end customers.

XGS Series as a successor to the SG Series product line?

Customers and resellers who are still using an SG Firewall and have not yet migrated to an XGS Firewall: the time is NOW! Sophos Firewall OS (SF-OS) and the XGS Series hardware are the next-gen successors to the SG Series product line. For customers interested in switching to Sophos Firewall OS, there are 2 options:

1. Install Sophos Firewall OS on an SG Appliance (not recommended)
2. Migrate to a new XGS appliance (recommended)

1. Installing Sophos Firewall OS on an SG Appliance.

Customers currently using an SG Firewall with the UTM 9.x operating system may want to consider migrating to SF-OS. The hardware on the SG and XG series are similar in terms of CPU, RAM, memory and ports. The main difference is that SG Series appliances are pre-installed with UTM 9 firmware while XG firewalls are pre-installed with XG firewall firmware. And with the launch of the XGS appliances, the XG firewall firmware has changed its name to Sophos Firewall (SF-OS).

But before you migrate you Sophos SG, please check your SG appliance is eligible for an upgrade to Sophos Firewall. More and more SG UTM customers are taking advantage of this free license migration to upgrade from UTM operating system to SFOS operating system. This presents a great opportunity for Sophos Partners to provide assistance in the form of value-added services as well as ensure customers have the right hardware for their current network demands.

The Sophos Migration Desk is available to assist in the migration process. And is available for Silver tier partners and above. It provides help when migrating a firewall to Sophos Firewall and the XGS series appliances.  Partners can log in to the Sophos Partner Portal and pick “Presales Help Desks” from the Tech Tools menu. Important Note: Sophos Support cannot help customers during the migration process, please contact instead the migration desk should you need any assistance.

License migration for SG UTM customers is free and easy for the move to XG(S). Sophos aim is to provide a license that is similar in features and expiry date.

The process for importing and migrating an SG UTM license as part of the update to SFOS is covered here. Once the license is migrated to SFOS, make sure any further license purchases they make are for XG(S) Firewall subscriptions and not SG UTM subscriptions!

Want to have more information? This PDF on how do I upgrade Sophos SG to XG provides an overview of the tools available to you to make upgrading SG to XG a great experience for your customers.

2. Migration to a new XGS appliance

An upgrade to SF-OS Firewall is the perfect time for customers to consider an upgrade to an XGS Series appliance. Not only will it offer optimal performance – it will make the upgrade a lot easier, as they can run the new XGS Firewall inline or in parallel with their existing SG Series appliance to make the transition easier. If your current appliance does not support an upgrade, go to XGS Series to learn more about the latest appliances.

The XGS Series is a completely new range of firewall appliances which may look similar to the XG models from the outside, but on the inside, they bear little resemblance. This is not just a refresh it’s a completely new hardware platform, which has been reengineered from the core.

The new XGS hardware is launched April 2021. XGS Firewalls have a 5-year warranty with the appropriate license bundle. The XGS series offers better performance, processes traffic intelligently and efficiently and offload certain tasks such as TLS inspection to the hardware. The new dual-processor architecture with a multi-core 64-bit CPU and a separate Xstream flow processor, also known as a Network Processing Unit (NPU) enables better hardware acceleration.

We suggest that the installation of an XGS Firewall is done from scratch as it presents the perfect opportunity to revisit firewall rule and security policies to ensure optimal protection and performance. To make aspects of this easier, Sophos has developed a configuration migration assistant that provides a wizard-like workflow to assist with the configuration migration process for many objects and settings that may be tedious to re-configure.

SG hardware refresh promotion

Sophos has an exclusive hardware refresh offer for SG Series customers with up to 99% discount on an XGS Series appliance plus other benefits when ordering a minimum 3-year term of Xstream Protection. This Promotion is a limited time offer only available through participating Partners.

Need help migrating to XGS? Feel free to give us a call.