by
Etienne Liebetrau
When you are deploying physical Sophos UTM appliances, you can run into a scenario where the Up2Date process fails due to a disk space shortage. This typically happens if you have a large number of updates that are outstanding.
Perhaps you have a hardware appliance that has been turned on for the first time after being shipped with an old build. Or perhaps you only have a single Sophos UTM as your firewall and you don’t have a maintenance slot for patching and updating.
Whatever the reason, Sophos UTM's UI will not show you that anything is wrong. It just shows that there are a number of updates available for download.
When you go to perform the update, you are met with a screen that contradicts the dashboard view. Clicking the two Update buttons also does not seem to do anything.
The first step is to check the Up2Date log for clues as to what the problem could be.
To resolve the issue we will have to perform some tasks from the shell.
Note: This should only be done if you know what you are doing in the shell as it is possible to make changes to the UTM that may lead to it being unusable and requiring a rebuild. Before you start, make sure you have a backup and that you have downloaded it from the Sophos UTM and stored on another device.
If not already done, enable shell access on your Sophos UTM, then:
Now that you have cleared some space by removing the previous firmware downloads, trigger a new Up2Date firmware check and download with audld.plx --trigger--verbose
You will see the packages being downloaded and depending on the connection speed, this may take a few minutes.
Let a few of the updates download completely, then interrupt the process wit Ctrl + C or you will run out of disk space again.
Now that you have a few updates available you can attempt the installation again. Manually trigger an update and prevent a reboot using auisys.plx --no-reboot --verbose
Once the process finishes you would have installed all the updates you manually downloaded in the previous Up2Date trigger.
To install the rest of the available updates you repeat the process from the shell or since you should have more free space available you can try and run the process from the web UI again.
Once you have installed all of the updates, reboot the system with the reboot command.
The shell does provide feedback when using the --verbose switch for the commands, but it is also possible to track the process in the UI. As the shell triggers the commands, the UI would reflect what is happening in the live log viewer and also through the various Up2Date screens.
Once you have installed all of the updates, you should change the Up2Date download schedule back to an automatic setting. To do this:
With this setting, pattern or virus definitions and IPS signature will be updated periodically and automatically. Sophos UTM will automatically download firmware updates but it will not install them for you.
If you want to automate this process for a large number of Sophos UTM devices, you would use a SUM Scheduled Operation such as indicated with the image below.
Ideally, Sophos UTM should never be more than 2 or three firmware version behind, and even this n-2 implementation should only be done if there are compelling reasons to do so.
Making sure that your firewall is routinely updated will prevent the Up2Date process failing due to a disk space shortage.
This workaround can negate the need to rebuild device from scratch, but since it requires shell commands it should be done cautiously and only as a last resort.
Download our FREE 30-day trial, or schedule a demo and we'll show you how it works.
How to Enable Dark Mode in Fortinet FortiGate (FortiOS 7.0)
Sophos XG - How to Block Searches and URLs with Specific Keywords