Sophos UTM Essential Firewall is a free version of the Sophos Universal Threat Management (UTM) software. The home page is at https://www.sophos.com/en-us/products/free-tools/sophos-utm-essential-firewall.aspx. Sophos UTM Essential Firewall was successfully installed to the FW4A and FW6 series of the vault. To install it on the Vault, there is a relatively straight forward process that is very similar to installing any operating system onto any computer.
- Obtain the installation image
- Download software to transfer the installation image to a USB drive
- Install the new image
Obtain the Installation Image
The installation image can be downloaded https://www.sophos.com/en-us/products/free-tools/sophos-utm-essential-firewall.aspx.
- Fill out the forms at the prompts
- Verify that an email is received with the download information
- Click on the link in the download email
- Download the “software appliance” image. This example uses version 9.506-2.1
- Accept the EULA
- Fill out forms when prompted
Your download should begin immediately and when it is completed you should have an iso image with a name such as “as-9.506-2.1.iso” downloaded that is ~1GB in size. You will also receive an attachment in the email with a license txt file. This will be needed when configuring the system via the web admin.
Transfer the installation image to a USB drive
The easiest way to transfer the installation image to a USB drive is by using software called “Rufus” on Windows or “Etcher” on Apple OSX. See this link for detailed instructions on how to create a bootable USB drive using Rufus or Etcher. The Sophos USB drive for this example was created using Rufus. For Sophos, select a “dd” image, rather than an “ISO” image in Rufus.
The Sophos USB drive for this installation was a USB 3.0 drive. On the FW4A, the USB 3.0 drive must be inserted into the USB 3.0 port on the Vault, otherwise the installation will hang at about 16% with the message “Detecting storage devices”.
Install the new image
Once the installation image is properly copied to the USB drive, it is ready to be installed on the Vault. There is a good manual including detailed installation instructions for Sophos UTM Essential at https://www.sophos.com/en-us/medialibrary/PDFs/documentation/utm9506_manual_eng.pdf?la=en. Follow the instructions in the guide to install the software, then log in to the web admin page in order to configure the system. There are a few caveats to note during the installation.
When booting from a USB drive, you will get the error message “Install.tar wasn’t found on the installation media”. This occurs when booting from a USB drive, not a CD-ROM. To fix this:
- Start the installation
- At the Start prompt, enter console mode <Alt-F2>
- At the bash prompt, type “mount /dev/sdb1 /install”
- Exit the bash shell <Alt-F1>
- Continue the installation <Start>
More details including screenshots of this fix can be found at https://networkguy.de/?p=728.
- Verify the installation continues and follow the prompts
- When prompted for “64 bit” – Select “Yes”
- When prompted for “Install all capabilities” – Select “Yes”
- Verify the system reboots and you can browse to the web admin page at https://192.168.1.1:4444 (our example) or the Sophos default of https://192.168.2.100:4444
For this example, we configured the LAN port on the Vault (eth1) as the internal port and set the IP address to 192.168.1.1/24. After the installation completed, we connected a PC directly to the LAN port with a static address of 192.168.1.100 in order to browse to the web admin page and do the initial configuration.
Follow the prompts for the initial configuration.
At this point Sophos UTM is installed and can be further configured via the Web User Interface. A screenshot of the Sophos UTM dashboard is shown below.
Sophos Web Admin Dashboard
The table below shows the latest tested release of Sophos on each of the Vaults.
|Vault||Latest Version Tested|
|FW1||Sophos UTM 9.506-2|
|FW2||Sophos UTM 9.506-2|
|FW2B||Sophos UTM 9.506-2|
|FW4A||Sophos UTM 9.506-2|
|FW4B||Sophos UTM 9.506-2|
|FW6A||Sophos UTM 9.506-2|
|FW6B||Sophos UTM 9.506-2|
|FW6C||Sophos UTM 9.506-2|
If you experience any issues, please feel free to reach out: firstname.lastname@example.org.