Knowledge Base

Bitte , um Beiträge und Themen zu erstellen.

Sophos Firewall: Requirements and resolution to upgrade to SFOS 22.0 and later

mpachmann
#1 · 10. Dezember 2025, 15:52

https://support.sophos.com/support/s/article/KBA-000010091?language=en_US

Contents

Meeting the requirements to upgrade to SFOS 22.0 and later

 

Overview

Sophos Firewall OS (SFOS) 22.0 and later firmware versions require additional disk space to accommodate upcoming new features and enhanced functionality.

 

Most appliances already meet these requirements; however, a subset of desktop, virtual, and software deployments may require manual intervention before they can upgrade.

 

Note: This is advanced information, so you can be ready for the upgrade when it is released.

 

If you see a Control center alert or firmware page notification about disk space requirements, follow the steps outlined in this article. This requirement does not impact the firewall’s current operations in any way.

 

If you do not see an alert, you do not need to take any action.

How to identify the requirement on your firewall

On the firewall

The alerts will appear on the following pages:

 

  • Alert on the Control center. Email notifications will also be sent.
  • Pop-up notification under Backup & firmware > Firmware.

The alerts and pop-up notifications show the following reference codes to identify the issue and the necessary action:

 

Reference code Issue/Requirement
FWDS501 Insufficient disk space.
FWDS502 Insufficient space in the /var partition.
FWDS503 Insufficient space in the /content partition.
FWDS504 SSD firmware is running an earlier version. This is an existing requirement.

 

You must be on the latest SSD firmware before you can upgrade to SFOS 22.0 and later.
FWDS505 Verify the SSD health. Contact Sophos Support.

 

The firewall will remove the alert once the requirements are verified. Verification is synced every 30 minutes.

 

HA cluster: Each HA device may have a different error or none at all. Check each device individually for alerts. If required, you must free up the firmware space on each device individually.

 

Firewalls managed in Sophos Central

When SFOS 22.0 GA is released, Sophos Central enables you to identify firewalls that require resolution. Go to the Firewall Management page and look for the Download icon with Caution next to the firewalls that require your action.

 

How to ensure your firewall meets the requirements

FWDS501: Insufficient disk space

This applies only to virtual and software firewalls.

 

Issue: Virtual and software firewalls cannot upgrade to SFOS 21.5 GA or later if they have insufficient disk or root partition space.

 

Note:

  • To upgrade to 21.5 GA, you must redeploy the firewall using the recommended disk size specified in this section. You must use the latest SFOS 21.5 installer.
  • To upgrade to 22.0 GA and later, follow the steps below.

Virtual firewalls

 

When the alert appears, the firewall shows a disk space alert if either of the following conditions exists:

 

  • The primary disk size is too low
  • The root partition is equal to or less than 600 MB

 

Action: Follow these steps to check the sizes and resolve the issue:

 

  1. Check the primary disk size:
    1. Access the firewall console. See Accessing Command Line Console.
    2. Go to Device Management > Advanced Shell.
    3. Run: df -kh | grep content

      Requirement: The total size of the content partition must be greater than 18 GB.

      Example:

      SFVUNL_VM01_SFOS 21.0.2 MR-2-Build349# df -kh | grep content
/dev/content	 	  1.7G 	  838.6M    918.6M   48% /content
  2. Check the root partition size: showfw -g | grep ROOT_SZ

    Requirement: The root partition must be greater than 600 MB (629145600).

  3. Resolution:

    If one or both requirements are not met, you have the following options to fix the issue:

    Resize the disk

    Resize the disk using a script, then upgrade to SFOS 22.0 and later. See Resize the primary disk partition in virtual deployments for SFOS 22.0 upgrade.

    Reinstall SFOS

    The firewall loses the configuration. After increasing the disk size, you must reinstall the SFOS installer and restore the backup. The steps are as follows:

    1. Take a backup of the firewall configuration.
    2. Go to Administration > Licensing, and copy the license serial key.
    3. Increase the virtual machine disk size based on the following values:
      Requirement Disk size
      Recommended 64 GB
      Minimum 32 GB
    4. Download the installer for SFOS 21.5 GA or later. See SFOS Installers.
    5. Deploy a new virtual machine.
    6. Activate your licences using the serial key.
    7. Restore the backup.

      Note:

      • On-box reports are not restored
      • Central Firewall Reporting (CFR) continues to function

 

Software firewalls (SW installers)

 

When the alert appears, the firewall shows a disk space alert if either of the following conditions exists:

 

  • The primary disk size is too low
  • The root partition is equal to or less than 600 MB

Action: Follow these steps to check the sizes and resolve the issue:

 

  1. Check the disk size:
    1. Access the firewall console. See Accessing Command Line Console.
    2. Go to Device Management > Advanced Shell.
    3. Run: fdisk -I

      Requirement: The disk size must be greater than 32 GB.

      Example:

      SF01V_S001_SFOS 22.0.0 EAPO-Build1168# fdisk -I
Disk /dev/sda: 40 GB 12949672960 bytes, 83886080 sectors
40960 cylinders, 64 heads, 32 sectors/track
Units: sectors of 1 * 512 = 512 bytes

      If the disk size is less than 32 GB, do as follows:

      1. Take a backup of the firewall configuration.
      2. Go to Administration > Licensing, and copy the license serial key.
      3. Increase the disk size based on the following values:
        Requirement Disk size
        Recommended 64 GB
        Minimum 32 GB
      4. Download the installer for SFOS 21.5 GA or later. See SFOS Installers.
      5. Deploy a new installation.
      6. Activate the firewall using the serial key.
      7. Restore the configuration backup.

        Note:

        • On-box reports are not restored
        • Central Firewall Reporting (CFR) continues to function
  2. Check the root partition size: showfw -g | grep ROOT_SZ

    Note: You can only fix the root partition size if the disk size meets the requirement above.

    Requirement: The root partition must be greater than 600 MB (629145600).

  3. Resolution:
    1. Upgrade to SFOS 21.0 MR2. This version automatically expands the root partition.
    2. Upgrade to SFOS 22.0 or later once it is released.

      Note:

      • You cannot migrate from SFOS 21.0 MR2 to SFOS 21.5 GA.
      • This path is only possible if the overall disk size requirement has been met.

FWDS502: Insufficient space in the /var partition

Issue: The firewall needs more disk space to upgrade to SFOS 22.0 or later.

 

 

Action: To check the available space and clear up enough space, do as follows:

 

  1. Check the required space:
    1. Sign in to the firewall CLI and go to Device Console.
    2. Run the command: system firmware check-disk-space

      Example output: Reference code: FWDS502

      To upgrade to SFOS 22.0 and later, you must free up at least 7207 MB in the /var partition. See Sophos Firewall: Firmware upgrade failure due to insufficient storage space.

      Module			Usage (MB)
-------------------------------------
Reports			       108
Event logs		       0
Troubleshooting logs	       278
Email quarantine	       54
  2. To meet the firmware's space requirements, clean up the space taken by each module as follows:

    Reports: Go to Reports > Show Reports settings:

    • To reduce the retention period, click Data management and select a shorter timeframe.
    • To clean up reports, click Manual purge and specify the settings.

      Note: Alternatively, you can use Central Firewall reporting.

    Troubleshooting logs: To clean up the troubleshooting logs, run: system diagnostics purge-all-logs

    Event logs: To clean up the event logs, run: system diagnostics purge-event-logs

Report storage in the /var partition

The firewall already monitors /var space for report storage across all firmware versions. This relates to your network usage requirements and is separate from the firmware's space requirement.

 

However, when you upgrade to SFOS 22.0 and later, the firewall may use some of the /var space to store the new firmware, causing the /var partition to reach its threshold and generate the following alert.

 

For more information, see Sophos Firewall: Report summarization stops.

HA cluster: Each HA device may have a different error or none at all. Check each device individually for alerts. If required, you must free up the firmware space on each device individually.

 

FWDS503: Insufficient space in the /content partition

Issue: The firewall needs more disk space to upgrade to SFOS 22.0 or later.

 

 

Action: Factory reset the firewall using the serial console.

 

  1. Take a backup of the firewall configuration.
  2. Connect to the firewall using the serial console. See Reset to factory settings.
  3. Enter RESET in uppercase letters after the appearance of the firewall's serial console.
  4. Enter 2 to delete the custom configurations and reset the signatures to the firmware version's default signatures.
  5. Restore the backup and upgrade the firewall.

    On-box reports are not restored. Central Firewall Reporting (CFR) continues to function.

HA cluster: Each HA device may have a different error or none at all. Check each device individually for alerts. If required, you must free up the firmware space on each device individually.

 

FWDS504: Outdated SSD firmware

Issue: Cannot upgrade the firewall to SFOS 22.0 or later. You must install the new SSD firmware.

 

 

As this is an existing issue, the banner will not show a reference code. However, the Control center alert will show a code.

 

Action: To upgrade the SSD firmware, see Sophos Firewall: Strongly recommended SSD firmware upgrade for a subset of XGS firewall models.

 

FWDS505: Sophos Support needs to verify the SSD health

You will not be able to resolve this error yourself and must contact Sophos Support. Sophos Support will provide you with further guidance.

 

Related information

Sophos Firewall: Disk space for logs and reports

 

Sign up for the Sophos Support Notification Service to receive proactive alerts for Sophos products and Sophos Central services.

x