When you are deploying physical Sophos UTM appliances, you can run into a scenario where the Up2Date process fails due to a disk space shortage. This typically happens if you have a large number of updates that are outstanding.

Perhaps you have a hardware appliance that has been turned on for the first time after being shipped with an old build. Or perhaps you only have a single Sophos UTM as your firewall and you don’t have a maintenance slot for patching and updating.

Whatever the reason, Sophos UTM’s UI will not show you that anything is wrong. It just shows that there are a number of updates available for download.

When you go to perform the update, you are met with a screen that contradicts the dashboard view. Clicking the two Update buttons also does not seem to do anything.

Check the Up2Date Log

The first step is to check the Up2Date log for clues as to what the problem could be.

  1. Navigate to Management | Up2Date | Configuration
  2. Change the Firmware download option to Manual and click Apply
  3. Change the Pattern Download to Manual and click Apply
  1. Navigate to Management | Up2Date | Overview
  2. Open the livelog on this page or select Up2Date Messages
  3. Click the Check for Up2Date Packages Now button and watch the log
  4. Seeing the message below confirms the problem
    Up2Date failed: Not enough free space for ‘/var/up2date/sys’

Clearing Up2Date Disk Space on Sophos UTM

To resolve the issue we will have to perform some tasks from the shell.

Note: This should only be done if you know what you are doing in the shell as it is possible to make changes to the UTM that may lead to it being unusable and requiring a rebuild. Before you start, make sure you have a backup and that you have downloaded it from the Sophos UTM and stored on another device.

If not already done, enable shell access on your Sophos UTM, then:

  1. Terminal to the Sophos UTM using a terminal tool such as Putty and log in as loginuser
  2. Elevate to root using su –
  3. Select the correct directory using cd /var/up2date/sys
  4. Use the following to check free space df –h . (include the .)
  5. Check for the presence of updates by using ls
  6. Delete all the updates using rm *
  7. Confirm all the updates are deleted using ls
  8. Use the following to check free space df –h . (include the .)

Trigger Up2Date Firmware Check

Now that you have cleared some space by removing the previous firmware downloads, trigger a new Up2Date firmware check and download with audld.plx –trigger–verbose

You will see the packages being downloaded and depending on the connection speed, this may take a few minutes.

Let a few of the updates download completely, then interrupt the process wit Ctrl + C or you will run out of disk space again.

Now that you have a few updates available you can attempt the installation again. Manually trigger an update and prevent a reboot using auisys.plx –no-reboot –verbose

Once the process finishes you would have installed all the updates you manually downloaded in the previous Up2Date trigger.

To install the rest of the available updates you repeat the process from the shell or since you should have more free space available you can try and run the process from the web UI again.

Once you have installed all of the updates, reboot the system with the reboot command.

The shell does provide feedback when using the –verbose switch for the commands, but it is also possible to track the process in the UI. As the shell triggers the commands, the UI would reflect what is happening in the live log viewer and also through the various Up2Date screens.

Change the Up2Date Schedule

Once you have installed all of the updates, you should change the Up2Date download schedule back to an automatic setting. To do this:

  1. Navigate to Management | Up2Date | Configuration
  2. Change the Firmware download option to Daily and click Apply
  3. Change the Pattern Download to Every hour and click Apply

With this setting, pattern or virus definitions and IPS signature will be updated periodically and automatically. Sophos UTM will automatically download firmware updates but it will not install them for you.

If you want to automate this process for a large number of Sophos UTM devices, you would use a SUM Scheduled Operation such as indicated with the image below.

Conclusion

Ideally, Sophos UTM should never be more than 2 or three firmware version behind, and even this n-2 implementation should only be done if there are compelling reasons to do so.

Making sure that your firewall is routinely updated will prevent the Up2Date process failing due to a disk space shortage.

This workaround can negate the need to rebuild device from scratch, but since it requires shell commands it should be done cautiously and only as a last resort.