Sophos XG Firewall: End of Life is Near – Upgrade Today!
Upgrade to the XGS Series to stay ahead with enhanced performance, advanced security features, and long-term support.
Sophos XG Firewall End-of-Life (EOL)
Information for customers using XG Series hardware appliances, detailing product functionality and behavior after the hardware reaches End of Life (EOL) on March 31, 2025.
Impacted Products | XG 86, XG 86w, XG 106, XG 106w, XG 115, XG 115w, XG 125, XG 125w, XG 135, XG 135w, XG 210, XG 230, XG 310, XG 330, XG 430, XG 450, XG 550, XG 650, XG 750 Note: XG 85 and XG 105 had an earlier EOL date and are no longer supported. |
End-of-Life Date | March 31, 2025 |
Final Renewal | Considerations before opting to do a final renewal:
If you do opt to do a final renewal, subscriptions must not extend beyond the EOL date. |
Frequently Asked Questions
The majority of XG customers move to the equivalent XGS model, e.g., XG 210 -> XGS 2100.
We recommend that you ask your Sophos partner to go through your current requirements to ensure the new firewall is sized correctly for your network. This is also a good opportunity to ask about current offers for your hardware refresh.
Our systems currently allow for a 30-day grace period on the XG subscriptions from the start of the new license for XGS. The license on the XG shows as expired, but the licensed functionality will continue to work for 30 days, providing an overlap for both appliances and giving you time to complete the migration.
An extension to the grace period is planned for implementation in the coming months and this information will be updated once that is available.
Using the Backup/Restore process, you can migrate your XG configuration to the equivalent XGS model without any behavior change (as it is the same OS). Some restrictions do exist if the model you are migrating to has fewer ports than your current model. Please check with your local Sophos Partner if you are unsure about using this functionality.
In an upcoming release v20.0 MR2, we will be enhancing the Backup/Restore process to support an any-to-any Backup/Restore assistant with port mapping options. Once that is available, it will be possible to restore your backup on any XGS device, irrespective of the number of interfaces. We will update this information as soon as the release is available (expected Q3 CY2024).
All XG Series hardware appliances will be end-life and end-support after March 31, 2025, irrespective of how they are deployed and licensed. This includes XG hardware appliances deployed with MSP Flex licensing.
Sophos Firewall OS (SFOS) v20 will be the last major release to support the XG Series hardware. V20 maintenance releases will also include support.
SFOS v21, which is expected to be released in Q4 2024, will not support XG hardware. Customers who want to upgrade to v21, once available, must upgrade to XGS Series hardware.
The functionality included with the Base License (Firewall/ VPN/ Wi-Fi) will still be available, however, as the software will not receive further updates, this component will age, and any issues or security vulnerabilities will NOT be fixed after the EOL.
We strongly advise against the continued use of any EOL product and have several attractive offers to make the transition as easy as possible.
Sophos Firewall XG series deployments that still have a valid license and subscriptions will continue to run after the end-of-life date but over time, functionality and security will be degraded.
Features that depend on pattern updates or live lookup services could be impacted.
The pattern updates and cloud scanning can stop shortly after March 31, 2025:
- Anti-virus signature and engine updates, for both the Sophos and Avira engines
- IPS signature and engine updates
- Anti-spam (SASI) signature and engine updates
- URL classification lookups
- Sophos X-Ops Threat Feeds
You will no longer be protected against new threats or the latest changes to website categorization.
As these pattern upgrades stop for XG hardware and the installed data and engines age, the behavior of the features that depend on those components may become unreliable. Web Filtering and Email Filtering in particular may fail and cause traffic disruption beyond the failure to detect new threats.
Base License and other features that do not depend on data services or updates, such as routing, VPN, high availability, and reporting should not be directly impacted.
Please note: The management of any connected SD-REDs is part of the Network Protection subscription and therefore, that functionality would be impacted once the subscription expires.
After the end-of-life date:
- There will be no further updates to the Sophos Firewall OS system and software for the XG Series.
- If vulnerabilities are discovered in any components, Sophos will not provide patches or fixes.
This may result in the product, your data, and networks protected by the XG series firewall becoming increasingly vulnerable to attack. We strongly advise against using any EOL product. As a business, this could seriously impact your compliance status.
Example:
An XG Series customer has a subscription that is valid until June 30, 2025
- On June 25, 2025 (subscription is active), the IPS engine will offer protection based on the last pattern installed before the EOL. No new patterns will be available after the EOL date.
- On July 1, 2025 (subscription has expired), the IPS engine will no longer scan the traffic = no protection.
Once the subscription expires, all functionality associated with that subscription will stop working.
- Firewall/ VPN/ Wi-Fi, that are included in the Base License, will continue to function in most cases (see above) but will deteriorate over time.
- Note: SD-RED management is part of the Network Protection subscription, not the Base License.
- Any issues or security vulnerabilities will NOT be fixed.
- Software support, RMA, and hardware support will not be available.
We strongly advise against the continued use of any EOL product and have several attractive offers to make the transition as easy as possible.
We recommend that you discuss the potential risks of using an unsupported or EOL product with a qualified legal or insurance advisor.
- Potential impact on your compliance status, particularly in the case of a data breach.
- Potential impact on your ability to obtain or renew cyber insurance
- A customer’s EOS/EOL replacement process may be considered when applying for cyber insurance and using EOL products could potentially impact a claim.