Ben Stienstra

This how-to was made using the following items:

• PCEngines APU2 board.
• 16GB SSD (64GB would be better).
• USB Drive (USB2 installation media).
• USB Keyboard (only for installation).
• Sophos UTM 9 (asg-9.506-2.1) ISO.
• Network connected to first interface (next to serial port).

Lessons learned:

• Install is a bit difficult.
• Snort takes a lot of CPU (>90% on a single thread), during a speedtest download speed is now around 50mbit instead of 120. Intrusion Prevention active with 1718 of 31918 patterns.

Prepare

• Register and download ISO https://www.sophos.com/en-us/support/utm-downloads.aspx.
• Log in and download license file.
• Check MD5 sum.
• Modify downloaded ISO:

  isohybrid asg-9.506-2.1.iso

• Copy ISO to USB drive:

  sudo dd if=asg-9.506-2.1.iso of=/dev/sda bs=1M status=progress && sync

Install

• Boot APU2, press F10 and select USB drive.
• At the welcome screen (Welcome to Sophos UTM 9!), press F3
• Enter:

  default console=ttyS0,115200

• <Start>
• <Ok>
• Keyboard settings
• Timezone
• Date / Time
• Network
• 64 bit kernel
• All capabilities

• Press alt-f2 and type the following, in the blind and before partitioning the hard drive:

  beep                         # To confirm you are typing in a shell
  ifconfig eth0 up             # Up the first interface
  ifconfig eth0 1.2.3.4/24     # Use free IP-address in your subnet
                               # Test ping from other machine.
  passwd root                  # Then enter new root password twice
  /etc/init.d/dropbear start   # Start SSHd 

• Log in, using SSH, from another machine.
• Mount USB to /install:

  mount -t iso9660 -o loop /dev/sdb1 /install

• Press alt-f1 and continue with the installation. It will take around 15 minutes to install.
• After boot you will hear a few beeps.
• Open the webgui to continue configuration.