It's been a while since this, but for people looking into having Sophos on a PCEngines APU board, I can tell you this really got MUCH easier with XG firewall.
I just received my APU2C4 board with 4Gb of RAM and I must say I'm quite impressed. I have a 300Mb down 30Mb up WAN and this little thing really manages it great. In fact, if I download at full speed the CPU is at about 30%. I havent enabled anything but firewall (obviously) and web proxy (with antivirus) for now but I don't feel any lag whatsoever. I still have to do more testing though.
To install XG in a new PCEngines APU2 board, just follow these steps:
- Install SSD of your choice and burn the XG ISO in a CD
- Connect the serial cable to your serial port
- Connect to the serial console using Putty and choose 38400 as speed
- Boot it up and run from the CD. Follow the instructions to install it, but basically this means you just have to press "y" once and it will install everything, really.
If you wanted to do a blind installation (without serial) you could just hook up the USB CD reader, connect the power, wait about 1-2 minutes to give it time to ask for confirmation and then press "y". Wait another 5-10 minutes to allow it time to install.
After the installation has finished you wont hear 5 beeps. Instead you will hear a music tune through the inbult speaker!! That's when you can remove the CD, disconnect the power from the APU and put it back on.
Lastly, just connect your computer to port 1 and you will get an IP automatically (otherwise just put yourself at 172.16.16.17) and you can access https://172.16.16.16:4444 and start configuring it!
Thanks Sophos for making XG a console-friendly install!!
Is there any chance to install XG from a USB Stick? I've been trying this for some time and I can see the system coming up, asking me to press F10 to enter the boot menu (which I can get into) and than I can choose from four options. It doesn't matter though if I choose to boot from USB tick, the systems starts from the built-in msata hard disk.
Thanks!
Edit: I just tried the same procedure as before (all hardware was exactly the same) but I used the UTM image. Now it works. So it has to something with the XG image...
Hi all,
I've been using an APU for my UTM 9.x in the past, always had hard times with no serial console but I've read this is now solved, GREAT!
Tough, I've now moved my UTM setup on a ESXi host and i'm not really looking backwards, snapshots, easy migration with fallback etc..
Did you guys ever made some performances testings? i'd wonder how an APU compares to the lower SG HW appliances from Sophos.
Cheers,
Long life to UTM, tried XG for 10 mins and gave up.
M.
My installation experiences with Sophos UTM and Sophos XG on the APU2C4 board:
Tim
My installation experiences with Sophos UTM and Sophos XG on the APU2C4 board:
Tim
Forgive my newbie-ness but I am trying to do the blind install of Sophos UTM9 on a PC that only has HDMI/DVI-D connections (install doesnt work on the machine with only those connections) and read through this post and cant find (need instructions) on how to do the serial install. Can someone please post their instructions to do this on the hardware I want to use below?
I7-6700K
Gigabyte GA-Z170N Gaming 5 mobo
16GB DDR4-2400
256GB Intel 6 m.2 SSD (yes I know it is NVMe)
Intel Pro1000 PT Dual port server NIC
Thank you.
You need:
- PC with serial connector
- putty (google that, you'll find it)
- serial cable (looks a bit like VGA cable, but connectors have 2 rows of pins instead of 3)
- connect the APU and your computer
- go to hardware manager and look for the COM Port the APU got assigned
- start putty and connect to this COM Port using the baud rates mentioned in this thread.
Tim,
Thanks for that. Questions though..
The machine I want to install sophos on (mentioned in my post) has no serial ports. I can use a laptop that has a serial port and I have a serial to serial cable as well as a serial to USB cable.
So I am assuming I start on the laptop and then power up the 'destination' machine. Connect to the destination machine's COM port through the laptop (using putty) at the recommended baud rate......then what?
Hi Tim
What throughput are you getting on UTM on the APU? When last I used UTM on my 200/20 connection it was unable cope, so I moved to pfSense on an APU2C4 which has been great, but I really like UTM and much prefer it to pfSense so if over the last 2 years it's improved to the point that it'll handle 200Mbit I'd love to go back but don't want to waste my time.
Thanks.