May 8th, 2019 Admin
NOTE: This description is NOT for Sophos XG firewall. That is a completely different product.
Easiest way to manually update / upgrade the firmware in Sophos UTM (aka ASTARO aka Sophos SG firewall) is via the ssh command line interface.
- Log into the SSH with Putty or from another ssh server and become root / su.
cd /var/up2date/sys
- wget all the needed updates from http://download.astaro.com/UTM/v9/up2date/ :
wget http://download.astaro.com/UTM/v9/up2date/u2d-sys-9.601005-602003.tgz.gpg
etc….
- Make updates visible and available in the GUI with:
auisys.plx -showdesc --verbose
- Run updates from the GUI or run this command to execute the updates / upgrades in the CLI:
auisys.plx --verbose
- The system will automatically reboot when the updates / upgrades are done.
Read the rest of this entry »
Posted in Sophos | Comments Off on SOPHOS UTM 9 (Sophos SG Firewall) update firmware
December 14th, 2015 Admin
In order to restore a Sophos UTM configuration backup on a machine with similar specs, but a different IP address once the backup is installed the IP address of the old machine is on the new machine, which will not work.
NOTE:
I noticed when I was doing this on a Sophos UTM Manager, that somehow this resets itself every 10-30 seconds and I had trouble logging in and making the changes in the GUI. So I ping’d the new IP address and every time the ping stopped responding I repeated the steps below before I clicked anything on the GUI. I had to attempt it a couple of times, but got it done eventually. And once you have saved the IP address change in the GUI it is permanent.
So log in from the console of the new machine and as root do this:
hostname -v ***
ip addr add dev eth0 X.x.x.x
ip link set up dev eth0
route add -net x.x.x.x netmask 255.255.255.0 dev eth0
route add default gw x.x.x.x dev eth0
this is only temporary until the next reboot. However you can now log in via the correct IP address to the admin interface of the new machine and make the necessary changes in the network settings and whatever else relevant.
Posted in Sophos | Comments Off on Sophos UTM restore config backup on machine with different IP address
September 8th, 2014 Admin
Gather the uninstall commands
On an endpoint computer open the registry editor (Start | Run | Type: regedit.exe | Press return).
Expand the left hand tree to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Note: On a 64-bit computer you will need to check both the key above and the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
Click through the list and locate the first Sophos component you need to uninstall.
In the list of values find the ‘UninstallString’, right-click it and select ‘Modify’.
Copy the string into a text editor.
Repeat steps three to five for all other component you need to remove.
Windows installer parameters
The uninstall strings copied from the registry may contain MSIEXEC.exe parameters or you may want to add your own parameters to control what the end user sees on screen and how the computer behaves. For example the uninstall string for Sophos Anti-Virus v10 is:
MsiExec.exe /X {9ACB414D-9347-40B6-A453-5EFB2DB59DFA}
But can be modified so that the uninstall is silent:
MsiExec.exe /X {9ACB414D-9347-40B6-A453-5EFB2DB59DFA} /qn
Or to suppress a reboot (A restart is normally required for Sophos Client Firewall and Sophos Anti-Virus) so that you may perform it at a later time:
MsiExec.exe /X{9ACB414D-9347-40B6-A453-5EFB2DB59DFA} /qn REBOOT=SUPPRESS
It is advisable to create a log file (a separate file is needed for each component) as part of this process for each component being removed to help facilitate troubleshooting should an issue arise:
MsiExec.exe /X{9ACB414D-9347-40B6-A453-5EFB2DB59DFA} /qn REBOOT=SUPPRESS /L*v %windir%\Temp\Uninstall_SAV9-10_Log.txt
If you need further information on Windows Installer (MSIEXEC.exe) and associated parameters we recommend you consult up to date Microsoft documentation.
Prior to uninstalling the endpoint components, you should stop the Sophos AutoUpdate Service to prevent a potential update of the endpoint software during the removal. A command line such as the following can be used.
net stop "Sophos AutoUpdate Service"
The order in which the endpoint components are removed is important. Therefore reorder your uninstall strings (that you extracted from the registry editor) as shown below.
- Sophos Patch Agent
- Sophos Compliance Agent
- Sophos Remote Management System
- Sophos Client Firewall
- Sophos Anti-Virus
- Sophos AutoUpdate
Posted in Sophos | Comments Off on Sophos uninstall with command line access