Creating Your Own Sophos UTM Bootable USB Installation Drive

Installing Sophos UTM from a boot CD is straightforward and works well. The only problem with this old school method is that Sophos UTM appliances do not ship with optic drives, and this is true for most modern hardware.

Most current operating systems can be installed from USB (Windows, OSX, Linux, etc) and it is often the preferred method because these OS installers are aware that they are installing from USB.

Sophos provide a USB installation option called the Smart Installer for UTM hardware appliances, but this is a special USB drive that emulates a CD, essentially working around the issue.

This article steps you through the process of preparing and creating your own Sophos UTM bootable USB installation drive. Please note that since this is a workaround it is not a supported method by Sophos. It is handy for building and rebuilding your home and test equipment but for your serious production hardware please follow the official Sophos recommended method of attaching an external optical drive.

Step 1. Download the Sophos UTM ISO

Download the latest version of the Sophos UTM images from https://www.sophos.com/en-us/support/utm-downloads.aspx

There are two options when downloading the ISOs. One for hardware appliances and another for software appliances. If you have a physical Sophos appliance use the first option, if you are building your own on a virtual machine or PC, use the second option.

Step 2. Download and run Rufus

Rufus is a USB utility that allows you to create bootable USB drives from ISO images, and it is available from http://rufus.akeo.ie. There are a number of similar utilities available which you should be able to use if you prefer.

The executable does not need to be installed. Simply run the exe as an administrator on your system.
In the Format Option section set the Create a bootable disk using to ISO and select the Sophos UTM ISO downloaded in step 1.
Click Start and accept the warning that the USB drive will be erased

The process take a few minutes and will notify you when it has completed.

Creating Your Own Sophos UTM Bootable USB Installation Drive

Step 3. Boot and Build from USB

Here is the theory of what happens next. When the system boots from the USB drive it will be running an installation subset version of Linux. This version runs completely in RAM. For it to make use of files on the USB drive, the drive needs to be mounted. To do this we are going to switch between the installer and a console session. We will use the console the mount the USB drive, making the files available, and then switch back to the installer and continue from there.

Insert your USB drive into your device, in my case a Dell PC, power it on and invoke the boot selector by pressing F12 and then selecting the USB drive option. Depending on the hardware, you may find it automatically boots from USB or you might have to access the BIOS and set it as the preferred boot device. This can normally be accessed by pressing the Del or F2 key during POST.

The Sophos UTM installer should start and display the black Welcome screen. Press Enter to start the installation.

At the blue Introduction Screen press Alt + F2. This will switch you to a console screen.

Mount your USB drive with the following command:

mount /dev/sdb1 /install

Press Alt + F1 to switch back to the installer and carry on with the installation. If you run into an installation error, see the troubleshooting section below.

That’s all there is to it! Once the installation finishes you can remove the USB drive and reboot.

Conclusion

You don’t have to run around trying to find writable CD’s or USB optical drives to build a physical Sophos UTM device. You also don’t have use the Sophos UTM Smart Installer USB drive. Although, if you are routinely building Sophos UTMs from scratch, it might be worth the convenience. For more details on the Smart Installer check out http://www.sophos.com/en-us/support/utm-downloads/utm-smart-installer.aspx

Troubleshooting

If you are reading this it means you probably ran into an installation error. If you do not explicitly mount the USB drive as described, you may receive this error during the ‘formatting’ stage:

install.tar wasn’t found on the installation media

The installation expects the install.tar file to be located in:

/install/install/install.tar

You can check this by switching back to the console with Alt + F2 and using

cd /install/install

ls

It should list the following items:

build; install.md5; install.tar; rpm

If this error occurs, it is most likely that your USB device was not detected as /dev/sdb1. To verify this you can use the following command

dmesg | grep sd

Look for your usb device in the list, it should show the device name and size. Change the mount command to reference the correct sdx1 device id. For example, instead of

mount /dev/sdb1 /install

use something like:

mount /dev/deviceid install

By Etienne Liebetrau|2019-05-23T21:06:37+00:00February 26th, 2015|Sophos Reporter|8 Comments

About the Author: Etienne Liebetrau

Based in Cape Town, South Africa, Etienne is an IT Professional working in various environments building, testing and maintaining systems for a large national retail chain. An IT professional since 1996, Etienne has worked in various environments and is certified by (ISC)2, Comptia, Dell and Microsoft. Etienne is the technical blogger and primary technical consultant for FixMyITsystem.com a solutions provider company based in Cape Town with a global client base.

8 Comments

SG125W UTM shows incorrect SSD Size after re-imaged - Sophos User Bulletin Board July 24, 2015 at 4:33 am - Reply
[…] sophos website. Installed the image from boot-able USB following instructions from link below. Fastvue Sophos Reporter Creating Your Own Sophos UTM Bootable USB Installation Drive lsblk shows the output below. NAME MAJ:MIN RM SIZE RO MOUNTPOINT sda 8:0 0 59.6G 0 […]
Magnus September 13, 2015 at 3:37 am - Reply
Quick correction for people following this that may not be used to bash commands:
The command is “mount”, followed by a space and then two arguments [/dev/sdb1] and [/install]
You have it written, all three times, without a space between the command and the first argument.
- Scott Glew September 21, 2015 at 3:25 am - Reply
  Thanks for alerting us to that! The post has now been corrected.
  Cheers!
[Sammelthread] Sophos UTM-Sammelthread - Seite 56 December 22, 2015 at 11:34 am - Reply
[…] Band Wireless AC8260. Ich versuche UTM 9.317 per USB-Stick mit folgendem Tutorial zu installieren: Fastvue Sophos Reporter Creating Your Own Sophos UTM Bootable USB Installation Drive Beim Setup kommt erst die Meldung das nur ein NIC erkannt wurde (der Intel 219-V wird nicht […]
dune July 18, 2016 at 2:01 pm - Reply
Hello,
I have problem at blue screen introduction. when I press ALT+F2, it doesn’t show anything. The terminal is just stuck and gives me out put like “.]//” and if I press another key, or maybe F1 or delete, it just shows symbol like “][//;” could you help me, why this is happened
nar November 29, 2016 at 5:54 am - Reply
Another weird problem I had after the missing install.rpm was corrected by mounting the /install directory was other missing rpms, starting with plymouth-script-git20130903….rb1.i686.rpm. Turns out LinuxLive USB Key creator I used truncated the filenames to 63 characters. They were missing the “.rpm” at the end in varying degrees. I reformatted the USB stick and used Rufus and the UTM install completed successfully.
Tim April 21, 2017 at 4:59 am - Reply
Hello,
Thanks for the guide, it was very helpful. It was actually Sophos support that directed me here to help with imaging an XG Hardware device.
If anyone is following these steps and gets stuck with an error saying ‘Failed Getting ISO Disk’ when booting off the USB disk created with Rufus. Try creating the disk again and select ‘DD’ mode instead of ‘ISO (Recommended)’ for creating the bootable USB
Tim
Wouter Keizer May 8, 2017 at 11:53 am - Reply
Thnx.
Works like a charm on ASG 9.4