Published 2025-10-05 by TechNet New England
If your organization uses a Sophos SG series firewall (SG 105, SG 115, SG 125, SG 135, SG 210, SG 230, SG 310, SG 330, SG 430, SG 450, SG 550, or SG 650), it has reached or is approaching end-of-life status. Sophos has transitioned its firewall line to the XGS series. The SG series no longer receives firmware updates, security patches, or new features. When a firewall stops receiving security patches, it becomes a growing vulnerability at the edge of your network. This guide explains what end-of-life means, what risks it creates, and how to plan the replacement. ## What End of Life Means End of life (EOL) means Sophos has stopped developing, updating, and supporting the SG series. Specifically: No new firmware updates. If a vulnerability is discovered in the SG firmware, Sophos will not release a patch. No new security signatures. Intrusion prevention and threat intelligence feeds may stop updating or become less effective. No technical support. Sophos support will not troubleshoot issues on EOL hardware. No compliance. Running unsupported network equipment may put your organization out of compliance with security frameworks and regulatory requirements. ## Why This Matters A firewall is the first line of defense between your network and the internet. It controls what traffic enters and leaves your network, blocks known threats, enforces access policies, and logs activity for security monitoring. When that device stops receiving updates, it becomes a known target. Attackers actively scan for organizations running outdated firmware because the vulnerabilities are documented and the fixes will never come. For organizations that handle sensitive data (student records, health information, financial data, client information), running an unsupported firewall creates unacceptable risk. ## Planning the Replacement Replacing a firewall is not just a hardware swap. It involves planning, configuration, testing, and coordination to avoid disrupting network access. ### Step 1: Assess your current configuration Document your current firewall rules, VPN configurations, port forwarding rules, content filtering policies, DHCP settings, and any other custom configuration. This becomes the blueprint for the new device. ### Step 2: Choose the replacement Sophos XGS is the natural successor if you want to stay in the Sophos ecosystem. The XGS series offers better performance, updated threat intelligence, and continued support. Other options include Fortinet FortiGate, SonicWall, Meraki MX, or pfSense, depending on your environment size, budget, management model, and feature requirements. Your IT provider should recommend the best fit based on your specific needs, not vendor loyalty. ### Step 3: Plan the cutover The firewall replacement should be scheduled during a low-impact period (evening, weekend, or school break for education organizations). The old firewall is removed, the new one is installed and configured, and connectivity is tested before the next business day. If your organization has multiple locations, replacements can be phased site by site. ### Step 4: E-Rate eligibility For schools and education organizations, firewall replacements may be eligible for E-Rate Category 2 funding. This can cover 20 to 85 percent of the cost depending on your discount level. Coordinate with your E-Rate consultant to determine eligibility and timing relative to the funding cycle. ### Step 5: Verify and monitor After the new firewall is in place, verify that all services are working, VPN tunnels are connected, content filtering is active, and monitoring is configured. The firewall should be integrated into your overall network monitoring so issues are detected immediately. ## Do Not Wait Every month an unsupported firewall stays in production is a month of accumulated risk. The replacement does not have to happen overnight, but planning should start now. Get a quote for the hardware. Coordinate with your IT provider on the configuration. Check E-Rate eligibility if applicable. Schedule the cutover for the next available low-impact window. The cost of a new firewall is a fraction of the cost of a breach that entered through an unpatched one. --- *TechNet New England helps organizations plan and execute firewall replacements with minimal disruption. [Contact us](/contact) to discuss your upgrade path.*