Sophos UTM 9
Hardware, Installation, Up2Date…
Sophos on pcengines APU?
UTM 9 Release Notes
This group requires membership for participation - click to join
people also asked this
11 Mar 2014 8:36 AM
Have a cool product idea or improvement?
We'd love to hear about it! Click
to go to the product suggestion community
Sophos on pcengines APU?
First of all - my big bow to all of you making it possible for home users to use sophos utm! There are many different things out there and among all of them - you remain streamlined, organized and offer a professional product at no cost for home users. KUDOS!
I have been using sophos for couple of years and i always had one tripping point: size of HW. I mean, there are mini itx solutions and thin itx standard, but it always turns out looking like a pc and not like a small nice firewall/router.
PcEngines has made a new board that is only 6" x 6", fits in their super small case, has 3 Giga lan ports and mini pci slots for wifi card. The box uses 6-12w under full load and is completely passive!
So - now the big question - will sophos run on this board?
Here is the board:
PC Engines apu1c product file
I hope this will/can work so that i can buid the fw that performs well and that my wife finds it acceptable to stay under the TV set
11 Mar 2014 12:42 PM
maybe the cpu is a bit of low end, ok dualcore, but low GHz-rate.
I you only using paketfilter and "downsized" webfiltering it should work on a low speed line (up to 10MBit?).
If you're using IPS/ATP/ProxyProfiles/SSO/FTP, Portal and so on, this could be very slow, especially for fast connections (Cable/FTTH/VDSL).
Try an Dual-/Quadcore with a much higher Clockrate (IPS).
11 Mar 2014 12:57 PM
I have a 60/6 cable connection and i use html5vpn portal and ssl vpn a lot. Webfiltering is not so much interesting for me. Since i don't have any mail server behind my sophos - that will not be used too.
What worries me is the sophos installation. That little APU in the link from the first post has no video output of any kind, and sophos is a gui based installation. There have been some workarounds with the settings file but now it requires a special usb stick that is pricey - and that on top of the HW cost is a bitt too much for such system. Only thing that i like a lot is that at the end i might end up with a really nice and small passive enclosure that is capable of running sophos.
11 Mar 2014 12:59 PM
And just for the refference, at the moment i'm running sophos on dual core atom 2700D (2x2.18GHz) with 4Gb ram. Cpu usage while doing heavy torrenting with 500+ peers per torrent (with more than 10 torrents) is not exceeding 2-3% ...
That is why i've thought that this little APU could go on my line and still be enjoyable to use it ...
11 Mar 2014 9:07 PM
Hi, it _might_ be as fast as your current Atom, but I wouldn't guarantee it.
Also headless installation will be very tricky.
There's LOTS of fanless / passively cooled hardware available, even for i3 - based systems.
I'm running an i5 in a Fractal Design Node 304 chassis, and it is very quiet even though there are several fans inside (large, slow, quiet ones).
It is not very small though.
Some links for fanless hardware:
Perfect Home Theater
uSVR | CompuLab
Fanless Mini-ITX Haswell Computer | Logic Supply
Order this product
12 Mar 2014 2:07 PM
yes, it can be done. actually, I'm running 9.200-11 on my PC Engines APU.1C in this very moment. installation is a bit tricky though. installed onto an mSATA SSD using an intel NUC computer. after the installation was finished I did a system factory reset (console) and deleted /etc/udev/rules.d/70-persistent-net.rules. afterwards halt the system immediately. then I took out the mSATA SSD and mounted it on another machine running debian. edit/replace the files menu.lst & menu.lst-default in /boot/grub plus inittab & securetty & serial.conf in /etc/ so I'll get a serial console. there are how-tos about enabling the serial console in astaro/sophos elsewhere...
performance-wise, the APU is more than enough for my needs. I also ran Sophos UTM on a soekris net6501-50 and the new PC Engines board is much, much more powerful.
13 Mar 2014 1:05 PM
Hmm ... seems like a lot of work to do. You went for msata because you want to have it original alix2d case? So basically you used NUC necause it had the msata plug so that you can install sophos on a msata disk, and then afterwards you used debian PC to be able to browse the filesystem to edit the files. Am i getting this right?
Thanks for your previous post ... it is good to know that it can be done. If i got you right, i guess just obtaining msata adapter and a live ubuntu/debian would do the trick of prepairing the msata drive for use with APU.
You have the 2Gb version?
13 Mar 2014 3:17 PM
yup! you've got every detail right ;-)
yes, it's the 2 GB version. 4 GB will be available in about a month...
14 Mar 2014 8:09 AM
thanks Mike! I guess i'll order then. I just wonder if i'll be able to edit all the files correctly ...
"edit/replace the files menu.lst & menu.lst-default in /boot/grub plus inittab & securetty & serial.conf in /etc/ so I'll get a serial console"
This is the part i need to investigate a bit more ...
14 Mar 2014 9:43 AM
just drop me an e-mail to mb(at)offworld.ch and I'll be happy to send you the files I edited/created...
14 Mar 2014 10:25 AM
Thanks for the offer! I wait till pcengines has some 16Gb mSATA SSD's on stock because i don't plan on spending 80CHF for 40/60Gb ssd drives from brack, steg and digitec. And once my apu is up and running - you have a beer next time you are around Oerlikon/Kloten
14 Mar 2014 11:16 AM
yeah, about that 16 GB mSATA from PC Engines: over the last few days, while fiddling with the APU and debian/astaro, it happened at least three times that all partitions have disappeared after shutdown/reboot astaro. it never happened with debian wheezy. and it also never happened when using an mSATA SSD from crucial...
14 Mar 2014 6:43 PM
16GB is TOO SMALL, especially for an SSD.
Are these systems really cheap? If not, why not get an Atom or Brazos or something faster?
14 Mar 2014 8:13 PM
In reply to
why's a 16 GB SSD too small? should be enough for the essential edition, no?
yes, these systems are pretty cheap: USD 145.00 for the board ->
PC Engines Order Form
PC Engines apu1c product file
and they're massively more powerful than the Atom-based soekris net6501, too.
14 Mar 2014 8:35 PM
You need space for logs, up2dates, etc.
The minimum requirement used to be 20GB, but I think it's higher now.
With SSDs, you need more space so the drive has room to do wear leveling, etc., otherwise the drive will wear out quickly.
15 Mar 2014 10:20 AM
I definitely would advise against the mSATA SSD from PC Engines, at least for now. there seems to be an issue with them. I was able to reproduce the behavior and again, it has lost all partitions! I ended up ordering a bunch of SanDisk 32 GB SSDs from brack.ch (CHF 43.00 a piece).