This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos on pcengines APU?

Hi guys!

First of all - my big bow to all of you making it possible for home users to use sophos utm! There are many different things out there and among all of them - you remain streamlined, organized and offer a professional product at no cost for home users. KUDOS!

I have been using sophos for couple of years and i always had one tripping point: size of HW. I mean, there are mini itx solutions and thin itx standard, but it always turns out looking like a pc and not like a small nice firewall/router.

PcEngines has made a new board that is only 6" x 6", fits in their super small case, has 3 Giga lan ports and mini pci slots for wifi card. The box uses 6-12w under full load and is completely passive!

So - now the big question - will sophos run on this board?

Here is the board:

PC Engines apu1c product file

I hope this will/can work so that i can buid the fw that performs well and that my wife finds it acceptable to stay under the TV set [:)]

cheers

Tomba


This thread was automatically locked due to age.
Parents
  • It's been a while since this, but for people looking into having Sophos on a PCEngines APU board, I can tell you this really got MUCH easier with XG firewall.

    I just received my APU2C4 board with 4Gb of RAM and I must say I'm quite impressed. I have a 300Mb down 30Mb up WAN and this little thing really manages it great. In fact, if I download at full speed the CPU is at about 30%. I havent enabled anything but firewall (obviously) and web proxy (with antivirus) for now but I don't feel any lag whatsoever. I still have to do more testing though.

    To install XG in a new PCEngines APU2 board, just follow these steps:

    - Install SSD of your choice and burn the XG ISO in a CD

    - Connect the serial cable to your serial port

    - Connect to the serial console using Putty and choose 38400 as speed

    - Boot it up and run from the CD. Follow the instructions to install it, but basically this means you just have to press "y" once and it will install everything, really.

    If you wanted to do a blind installation (without serial) you could just hook up the USB CD reader, connect the power, wait about 1-2 minutes to give it time to ask for confirmation and then press "y". Wait another 5-10 minutes to allow it time to install.

    After the installation has finished you wont hear 5 beeps. Instead you will hear a music tune through the inbult speaker!! That's when you can remove the CD, disconnect the power from the APU and put it back on.

    Lastly, just connect your computer to port 1 and you will get an IP automatically (otherwise just put yourself at 172.16.16.17) and you can access https://172.16.16.16:4444 and start configuring it!

    Thanks Sophos for making XG a console-friendly install!!

Reply
  • It's been a while since this, but for people looking into having Sophos on a PCEngines APU board, I can tell you this really got MUCH easier with XG firewall.

    I just received my APU2C4 board with 4Gb of RAM and I must say I'm quite impressed. I have a 300Mb down 30Mb up WAN and this little thing really manages it great. In fact, if I download at full speed the CPU is at about 30%. I havent enabled anything but firewall (obviously) and web proxy (with antivirus) for now but I don't feel any lag whatsoever. I still have to do more testing though.

    To install XG in a new PCEngines APU2 board, just follow these steps:

    - Install SSD of your choice and burn the XG ISO in a CD

    - Connect the serial cable to your serial port

    - Connect to the serial console using Putty and choose 38400 as speed

    - Boot it up and run from the CD. Follow the instructions to install it, but basically this means you just have to press "y" once and it will install everything, really.

    If you wanted to do a blind installation (without serial) you could just hook up the USB CD reader, connect the power, wait about 1-2 minutes to give it time to ask for confirmation and then press "y". Wait another 5-10 minutes to allow it time to install.

    After the installation has finished you wont hear 5 beeps. Instead you will hear a music tune through the inbult speaker!! That's when you can remove the CD, disconnect the power from the APU and put it back on.

    Lastly, just connect your computer to port 1 and you will get an IP automatically (otherwise just put yourself at 172.16.16.17) and you can access https://172.16.16.16:4444 and start configuring it!

    Thanks Sophos for making XG a console-friendly install!!

Children
  • What version bzw. image file of Xg firewall use you? I tested it with the two 16.xx Versions both have the same problem when I type y + enter to start the installation the Installer go to reboot and install nothing.

  • Is there any chance to install XG from a USB Stick? I've been trying this for some time and I can see the system coming up, asking me to press F10 to enter the boot menu (which I can get into) and than I can choose from four options. It doesn't matter though if I choose to boot from USB tick, the systems starts from the built-in msata hard disk.

    Thanks!

     

    Edit: I just tried the same procedure as before (all hardware was exactly the same) but I used the UTM image. Now it works. So it has to something with the XG image...

  • XG on APU works fine, without any issue, you need to change terminal baud speed for installation, APU runs 115200 and i think XG at 38400...

  • Hi all,

    I've been using an APU for my UTM 9.x in the past, always had hard times with no serial console but I've read this is now solved, GREAT!
    Tough, I've now moved my UTM setup on a ESXi host and i'm not really looking backwards, snapshots, easy migration with fallback etc..

    Did you guys ever made some performances testings? i'd wonder how an APU compares to the lower SG HW appliances from Sophos.

    Cheers,
    Long life to UTM, tried XG for 10 mins and gave up.
    M.

  • My installation experiences with Sophos UTM and Sophos XG on the APU2C4 board:

    • Both did not work with the iso on a USB stick. The UTM installation stopped and the XG installation did not start. I borrowed an external CD-ROM drive and the APU board automatically booted therefrom. --> I recommend not wasting any time with the USB stick and getting an external CD-ROM drive instead.
    • Baud rate: Sophos uses 38400 as baud rate while the APU board uses 115200. I tried changing the baud rate in the iso of Sophos but it turned out to be rather complicated to get the iso to work again afterwards. So I started the installation with a baud rate of 115200 to see what the APU board is doing right after booting up. It does not do much and directly starts the installation from the CD. I turned the APU board off, changed the baud rate of my putty session to 38400 and powered the board again. After a short time of watching hieroglyphs the installation started and the baud rate changed to my chosen one. From then on, I could see and read everything. As this is really easy, I would recommend not wasting time with changing anything in iso-files and just enjoy the hieroglyphs.
    • I was able to get XG and UTM up and running on the APU board. Finally I chose to use UTM. The reason is easy. As I want to use the APU as WLAN AP as well, I plugged the Compex WLE600VX 802.11ac/a/b/g/n Mini-PCIe-Karte into it. The XG does not recognize it, the UTM does.

    Tim

  • Forgive my newbie-ness but I am trying to do the blind install of Sophos UTM9 on a PC that only has HDMI/DVI-D connections (install doesnt work on the machine with only those connections) and read through this post and cant find (need instructions) on how to do the serial install.  Can someone please post their instructions to do this on the hardware I want to use below?

     

    I7-6700K
    Gigabyte GA-Z170N Gaming 5 mobo
    16GB DDR4-2400
    256GB Intel 6 m.2 SSD (yes I know it is NVMe)
    Intel Pro1000 PT Dual port server NIC

     

    Thank you.

  • You need:

    - PC with serial connector

    - putty (google that, you'll find it)

    - serial cable (looks a bit like VGA cable, but connectors have 2 rows of pins instead of 3)

    - connect the APU and your computer

    - go to hardware manager and look for the COM Port the APU got assigned

    - start putty and connect to this COM Port using the baud rates mentioned in this thread.

  • Tim,

     

    Thanks for that.  Questions though..

    The machine I want to install sophos on (mentioned in my post) has no serial ports.  I can use a laptop that has a serial port and I have a serial to serial cable as well as a serial to USB cable.

     

    So I am assuming I start on the laptop and then power up the 'destination' machine.  Connect to the destination machine's COM port through the laptop (using putty) at the recommended baud rate......then what?

  • Hi Mokaz,

    i havent done precision testing, but

    APU 2C4 is little faster then 2D4, gives me higher througput.

    In compare to Sophos SG115 is APU much more faster. With same services enabled and same config SG115 gives me about 95Mbit from WAN to LAN routing and APU about 160Mbit, so almost twice more, boot time is also better on APU as in APU im using mSATA SSD drives.

    Btw. virtualized UTM on QNAP TVS-1282T3 with i7 CPU is much faster then SG210 :-))) And not talking about boot time which is on QNAP 5 times faster...

  • Hi Tim

    What throughput are you getting on UTM on the APU? When last I used UTM on my 200/20 connection it was unable cope, so I moved to pfSense on an APU2C4 which has been great, but I really like UTM and much prefer it to pfSense so if over the last 2 years it's improved to the point that it'll handle 200Mbit I'd love to go back but don't want to waste my time.

    Thanks.