I upgraded a lab kit and a spare appliance to Sophos Firewall v22 and kept notes on what worked and what did not. Health Check and the Sophos XDR Linux Sensor came up most often in the comments I saw. Read the release notes, back up your configuration, check available disk space, and put the upgrade in a maintenance window. Those are the basics.
The same themes kept cropping up in community feedback. Several admins said Health Check caught configuration and disk issues straight away. The XDR Linux Sensor adds remote integrity monitoring, so in some setups it flagged unexpected configuration exports and file tampering. SFOS 22 also wants more disk space than older releases, so low-capacity appliances threw warnings. Practical advice from early adopters was simple: test the XDR sensor in a non-production box first, watch log growth after the upgrade, and check your support entitlements if you want the free upgrade path Sophos documents for Enhanced and Enhanced Plus customers. On my own setup, Health Check flagged older log archives; clearing or moving those files dealt with the space warning.
These are the configuration habits I use and recommend. Lock management interfaces to a small set of management IPs and keep the admin UI on a management VLAN. Turn on two-factor authentication for admin accounts. Install the XDR sensor and tune the rules so the alerts you get are worth reading. Clean up the rule base: remove rules unused for 90 days, rename vague policies so the purpose is clear, and split broad allow rules into tighter source and destination pairs. Turn on logging for denied traffic, and forward logs to a central collector or SIEM if you want longer retention and easier searching. Schedule configuration exports and store them off-box. If you use NAT and stepping policies, keep NAT rules in sensible order so traffic hits the right rule, and avoid Any-to-Any rules unless you really need them.
Troubleshooting and upgrade order need a blunt checklist. Read the upgrade notes for HA advice, and test the process in a lab if you can. Back up configs and check that a restore works. Check disk space before you start; free up archives if needed. If XDR does not auto-install, download the sensor package and install it manually, then check sensor status in the system dashboard. If Health Check shows failing items after upgrade, record the messages, fix the worst ones first, and run the scan again. Watch CPU and memory in the week after the upgrade, since extra monitoring and log forwarding often exposes settings that need tuning. Verify that firewall rules behave as expected, VPN tunnels come up, and user authentication still works. If something breaks, roll back to the pre-upgrade backup and try again in a controlled window.
The main lesson from v22 and the chatter around it is simple: treat the upgrade as operational work. Back up and test restores. Check disk space and log retention. Test XDR in a lab and tune the alerts before you trust them. Keep the rule base tidy and give rules clear names. Use Health Check as an early warning system, not the final answer.



