Sophos on pcengines APU?

Hi guys!

First of all - my big bow to all of you making it possible for home users to use sophos utm! There are many different things out there and among all of them - you remain streamlined, organized and offer a professional product at no cost for home users. KUDOS!

I have been using sophos for couple of years and i always had one tripping point: size of HW. I mean, there are mini itx solutions and thin itx standard, but it always turns out looking like a pc and not like a small nice firewall/router.

PcEngines has made a new board that is only 6" x 6", fits in their super small case, has 3 Giga lan ports and mini pci slots for wifi card. The box uses 6-12w under full load and is completely passive!

So - now the big question - will sophos run on this board?

Here is the board:

PC Engines apu1c product file

I hope this will/can work so that i can buid the fw that performs well and that my wife finds it acceptable to stay under the TV set Smile


  • In reply to Mokaz:

    i'm totally with you on this !!! ttyS0 is the future...
    William is right let's all vote for a serial console enabled installer!! CLICK DOWN HERE AND VOTE !!
    Sophos UTM software installer with serial console enabled by default

    Pass the word and let's see =)

    Thx for creating such a request. You've got my vote, offcourse.
  • Hi, today i bought APU.1D but as i dont have any Intel NUC i'd need blind installation, therefore im asking if is somebody able to create disk image (for ex. with some Acronis, etc...) with sophos allready installed?

    Thanks, Vitek
  • Hi here is the Example from "gca" "" thank you!

    i used apu1d4 with mSSD 128GB
    Installation for blind installation:

    Oracle VM VirtualBox:
    Linux X64, 15GB HDD, 2 or 3 Active NIC!!
    ISO from: UTM Support Downloads (UTM v9 software appliance)

    Start the VM and the apu1d4 with USB keyboard + USB slim CD/DVD Rom with UTM v9 software appliance

    Now the blind installation can be started! Attention: the apu1d4 is slower then your VM!

    Plz Vote for better installation:
    Sophos UTM software installer with serial console enabled by default
  • In reply to KnusperKekz:

    Hi all,

    Find an updated package with the needed moded files in order to have a fully ttyS0 interactive APU1C/D boot console on your serial port.

    Please watch out, in /boot/grub you need to use the correct menu.lst file. Either for the 64bit kernel or the 32bit. I have provided both menu.lst is for 64bit and menu.lst.32bit is for well, 32bit.
    As well, the serial port is initialized with 115200 bps.

    My process in order to apply the changes:
    1. WinSCP / loginuser on ssh
    2. copy folder on APU1 in /tmp
    3. from putty or such while in su mode copy the files around on your APU
    4. renaming the original files before overwriting is never a bad idea (***.***-ORG whatever)

  • Hi 

    I just got pcengines APU4d1, followed the steps for the blind install but it seems that it stops right after formatting the msata. 

    The led blinks for few seconds and then stops.

    I had pfsense installed before i was trying sophos, not quite sure if this makes a difference or not.

    i would appreciate any help.
  • In reply to gerootech:


    I just got pcengines APU4d1, followed the steps for the blind install but it seems that it stops right after formatting the msata. 

    The led blinks for few seconds and then stops.

    I had pfsense installed before i was trying sophos, not quite sure if this makes a difference or not.

    i would appreciate any help.

    I already got it working by using a CD rom instead of the usb. Just wondering i only have 1.9 GB of Log Disk, and 1.4 GB of Data Disk. Where is the rest of my 16 GB ?
  • df -h 
    will tell you

  • In reply to gerootech:

    I already got it working by using a CD rom instead of the usb. Just wondering i only have 1.9 GB of Log Disk, and 1.4 GB of Data Disk. Where is the rest of my 16 GB ?

    To be honest 16 gb is just unusable with UTM. It's almost always full.. 32 gb is okay though... As for the blind install maybe vote for the serial console install feature request here: Sophos UTM software installer with serial console enabled by default
  • In reply to gerootech:


    I just got pcengines APU4d1, followed the steps for the blind install but it seems that it stops right after formatting the msata. 

    I had the same issue. Make sure you follow the process in this post by exzR - this solved the same issue for me and I was able to successfully blind install.
  • The Weird thing is, there seems to be some kind of an 'official' appliance for home use: NFA Home Rev2 - UTM Hardware

    That is definitely the same layout as an APU1C or APU1D.....

    Does someone know where the image for (re)installing this device can be found?
  • It's been a while since this, but for people looking into having Sophos on a PCEngines APU board, I can tell you this really got MUCH easier with XG firewall.

    I just received my APU2C4 board with 4Gb of RAM and I must say I'm quite impressed. I have a 300Mb down 30Mb up WAN and this little thing really manages it great. In fact, if I download at full speed the CPU is at about 30%. I havent enabled anything but firewall (obviously) and web proxy (with antivirus) for now but I don't feel any lag whatsoever. I still have to do more testing though.

    To install XG in a new PCEngines APU2 board, just follow these steps:

    - Install SSD of your choice and burn the XG ISO in a CD

    - Connect the serial cable to your serial port

    - Connect to the serial console using Putty and choose 38400 as speed

    - Boot it up and run from the CD. Follow the instructions to install it, but basically this means you just have to press "y" once and it will install everything, really.

    If you wanted to do a blind installation (without serial) you could just hook up the USB CD reader, connect the power, wait about 1-2 minutes to give it time to ask for confirmation and then press "y". Wait another 5-10 minutes to allow it time to install.

    After the installation has finished you wont hear 5 beeps. Instead you will hear a music tune through the inbult speaker!! That's when you can remove the CD, disconnect the power from the APU and put it back on.

    Lastly, just connect your computer to port 1 and you will get an IP automatically (otherwise just put yourself at and you can access and start configuring it!

    Thanks Sophos for making XG a console-friendly install!!

  • In reply to guillerone:

    What version bzw. image file of Xg firewall use you? I tested it with the two 16.xx Versions both have the same problem when I type y + enter to start the installation the Installer go to reboot and install nothing.

  • In reply to Johan@NetStream:

    ReneeH : I used 16.05.1, it did not give me any problems. Try doing a blind install instead (without console) and see if that helps anything.

    Sorry for taking so long to answer, I do not read this normally.

  • In reply to guillerone:

    By the way, after a few weeks of using the APU with the XG software, I must say the performance of this thing is amazing. Normally the load is about 2%, and when I use my 300Mb connection at full load it goes up to 20-30% max, with firewall, web protection, web server protection, APT and antivirus activated (no IPS or email, I don't need them). Also, a 30Gb SSD is more than enough space for everything.