Sophos on pcengines APU?

Hi guys!

First of all - my big bow to all of you making it possible for home users to use sophos utm! There are many different things out there and among all of them - you remain streamlined, organized and offer a professional product at no cost for home users. KUDOS!

I have been using sophos for couple of years and i always had one tripping point: size of HW. I mean, there are mini itx solutions and thin itx standard, but it always turns out looking like a pc and not like a small nice firewall/router.

PcEngines has made a new board that is only 6" x 6", fits in their super small case, has 3 Giga lan ports and mini pci slots for wifi card. The box uses 6-12w under full load and is completely passive!

So - now the big question - will sophos run on this board?

Here is the board:

PC Engines apu1c product file

I hope this will/can work so that i can buid the fw that performs well and that my wife finds it acceptable to stay under the TV set Smile


  • In reply to guillerone:

    I tested it with a blind install, is the same shit I press y enter and the system reboots. Nice work Sophos you are number one in Scrap software Angry

  • In reply to ReneeH:

    I would say that if it works for others it may not be Sophos fault necesarily. It could be though. If I were you I would try using a different SSD. It could be a matter of the OS not detecting the SSD or something similar. Give it a try. If trying a blind install didn't work I would stick to the normal console install. I used Putty by the way.

  • In reply to guillerone:

    Im using it on APU on few sites, my home, my parrents, friends...Everywhere it works just fine, installation since 9.4 is not blind, console on serial port is enabled, so installation procedure is thru putty or whatever serial client easy...

    APU with 64GB SSD, at home running all services and filtering, connected AP55C, AP15C and one AP15.

  • In reply to guillerone:

    Is there any chance to install XG from a USB Stick? I've been trying this for some time and I can see the system coming up, asking me to press F10 to enter the boot menu (which I can get into) and than I can choose from four options. It doesn't matter though if I choose to boot from USB tick, the systems starts from the built-in msata hard disk.



    Edit: I just tried the same procedure as before (all hardware was exactly the same) but I used the UTM image. Now it works. So it has to something with the XG image...

  • In reply to TimBenkert:

    XG on APU works fine, without any issue, you need to change terminal baud speed for installation, APU runs 115200 and i think XG at 38400...

  • In reply to vikino:

    Hi all,

    I've been using an APU for my UTM 9.x in the past, always had hard times with no serial console but I've read this is now solved, GREAT!
    Tough, I've now moved my UTM setup on a ESXi host and i'm not really looking backwards, snapshots, easy migration with fallback etc..

    Did you guys ever made some performances testings? i'd wonder how an APU compares to the lower SG HW appliances from Sophos.

    Long life to UTM, tried XG for 10 mins and gave up.

  • In reply to vikino:

    My installation experiences with Sophos UTM and Sophos XG on the APU2C4 board:

    • Both did not work with the iso on a USB stick. The UTM installation stopped and the XG installation did not start. I borrowed an external CD-ROM drive and the APU board automatically booted therefrom. --> I recommend not wasting any time with the USB stick and getting an external CD-ROM drive instead.
    • Baud rate: Sophos uses 38400 as baud rate while the APU board uses 115200. I tried changing the baud rate in the iso of Sophos but it turned out to be rather complicated to get the iso to work again afterwards. So I started the installation with a baud rate of 115200 to see what the APU board is doing right after booting up. It does not do much and directly starts the installation from the CD. I turned the APU board off, changed the baud rate of my putty session to 38400 and powered the board again. After a short time of watching hieroglyphs the installation started and the baud rate changed to my chosen one. From then on, I could see and read everything. As this is really easy, I would recommend not wasting time with changing anything in iso-files and just enjoy the hieroglyphs.
    • I was able to get XG and UTM up and running on the APU board. Finally I chose to use UTM. The reason is easy. As I want to use the APU as WLAN AP as well, I plugged the Compex WLE600VX 802.11ac/a/b/g/n Mini-PCIe-Karte into it. The XG does not recognize it, the UTM does.


  • In reply to TimBenkert:

    Forgive my newbie-ness but I am trying to do the blind install of Sophos UTM9 on a PC that only has HDMI/DVI-D connections (install doesnt work on the machine with only those connections) and read through this post and cant find (need instructions) on how to do the serial install.  Can someone please post their instructions to do this on the hardware I want to use below?


    Gigabyte GA-Z170N Gaming 5 mobo
    16GB DDR4-2400
    256GB Intel 6 m.2 SSD (yes I know it is NVMe)
    Intel Pro1000 PT Dual port server NIC


    Thank you.

  • In reply to Jeff Siegel:

    You need:

    - PC with serial connector

    - putty (google that, you'll find it)

    - serial cable (looks a bit like VGA cable, but connectors have 2 rows of pins instead of 3)

    - connect the APU and your computer

    - go to hardware manager and look for the COM Port the APU got assigned

    - start putty and connect to this COM Port using the baud rates mentioned in this thread.

  • In reply to TimBenkert:



    Thanks for that.  Questions though..

    The machine I want to install sophos on (mentioned in my post) has no serial ports.  I can use a laptop that has a serial port and I have a serial to serial cable as well as a serial to USB cable.


    So I am assuming I start on the laptop and then power up the 'destination' machine.  Connect to the destination machine's COM port through the laptop (using putty) at the recommended baud rate......then what?

  • Hi Tomba,

    the Sophos UTM work fine on the APU2D4.

    How you can install the system on the APU, I have described in a post.


    Greetings Marcel

  • In reply to Mokaz:

    Hi Mokaz,

    i havent done precision testing, but

    APU 2C4 is little faster then 2D4, gives me higher througput.

    In compare to Sophos SG115 is APU much more faster. With same services enabled and same config SG115 gives me about 95Mbit from WAN to LAN routing and APU about 160Mbit, so almost twice more, boot time is also better on APU as in APU im using mSATA SSD drives.

    Btw. virtualized UTM on QNAP TVS-1282T3 with i7 CPU is much faster then SG210 :-))) And not talking about boot time which is on QNAP 5 times faster...

  • In reply to TimBenkert:

    Hi Tim

    What throughput are you getting on UTM on the APU? When last I used UTM on my 200/20 connection it was unable cope, so I moved to pfSense on an APU2C4 which has been great, but I really like UTM and much prefer it to pfSense so if over the last 2 years it's improved to the point that it'll handle 200Mbit I'd love to go back but don't want to waste my time.


  • In reply to guillerone:

    OK, so I did much of what was mentioned here except did the silent install with a USB stick and no serial cable.  One thing that was not said anywhere in these threads is how to get the iso file on to a flash drive.

    I used Rufus image burning software (use the DD writing version) to write the image file to a flash drive.  You only need a 1 gig or larger USB drive (512 mb might work).

    So, I took the latest image, loaded it into Rufus, specified the DD writing version and waited for it to complete (1 minute).  If you do not use the DD method (not the default) the stick will NOT work.  The system will make a loud racket and you will have to burn the image again..

    Then, stick the USB drive in the APU2c4 on one port and a keyboard on the other port.  Give it some power..  Make sure you have at least a 128gb mSata drive in the computer or Sophos could complain.  Give it a minute..  Press y..  Then enter key..  Wait a few minutes and when complete the unit will play a song!


    You're golden then!!  Pull the power cable, keyboard, USB stick..  Count to 10..  Power back on then connect a network cable to port 1 and use the address:  and begin configuring!  No need for a serial cable, external cd-rom drive or anything else!!


    Good luck everyone.  I'm kind of new to the forum but wanted to share my experiences.

  • In reply to Alonzo Eubank:

    Is there a more easy and working way to install a bricked (lost admin password with no access to telnet) APU device? I have a working NULL modem cable and tried every single solution without success. I want to install the latest version Sophos UTM and have below hardware config:

    PC Engines APU BIOS build date: Jul 8 2014
    Total memory 4096 MB
    AMD G-T40E Processor

    The last post is from 2017 so I hope there is an easy solution now in 2018  ;-)


    Thanks for your help!