Installing Sophos UTM from a boot CD is straightforward and works well. The only problem with this old school method is that Sophos UTM appliances do not ship with optic drives, and this is true for most modern hardware.
Most current operating systems can be installed from USB (Windows, OSX, Linux, etc) and it is often the preferred method because these OS installers are aware that they are installing from USB.
Sophos provide a USB installation option called the Smart Installer for UTM hardware appliances, but this is a special USB drive that emulates a CD, essentially working around the issue.
This article steps you through the process of preparing and creating your own Sophos UTM bootable USB installation drive. Please note that since this is a workaround it is not a supported method by Sophos. It is handy for building and rebuilding your home and test equipment but for your serious production hardware please follow the official Sophos recommended method of attaching an external optical drive.
Step 1. Download the Sophos UTM ISO
Download the latest version of the Sophos UTM images from https://www.sophos.com/en-us/support/utm-downloads.aspx
There are two options when downloading the ISOs. One for hardware appliances and another for software appliances. If you have a physical Sophos appliance use the first option, if you are building your own on a virtual machine or PC, use the second option.
Step 2. Download and run Rufus
Rufus is a USB utility that allows you to create bootable USB drives from ISO images, and it is available from http://rufus.akeo.ie. There are a number of similar utilities available which you should be able to use if you prefer.
- The executable does not need to be installed. Simply run the exe as an administrator on your system.
- In the Format Option section set the Create a bootable disk using to ISO and select the Sophos UTM ISO downloaded in step 1.
- Click Start and accept the warning that the USB drive will be erased
The process take a few minutes and will notify you when it has completed.
Step 3. Boot and Build from USB
Here is the theory of what happens next. When the system boots from the USB drive it will be running an installation subset version of Linux. This version runs completely in RAM. For it to make use of files on the USB drive, the drive needs to be mounted. To do this we are going to switch between the installer and a console session. We will use the console the mount the USB drive, making the files available, and then switch back to the installer and continue from there.
Insert your USB drive into your device, in my case a Dell PC, power it on and invoke the boot selector by pressing F12 and then selecting the USB drive option. Depending on the hardware, you may find it automatically boots from USB or you might have to access the BIOS and set it as the preferred boot device. This can normally be accessed by pressing the Del or F2 key during POST.
The Sophos UTM installer should start and display the black Welcome screen. Press Enter to start the installation.
At the blue Introduction Screen press Alt + F2. This will switch you to a console screen.
Mount your USB drive with the following command:
mount /dev/sdb1 /install
Press Alt + F1 to switch back to the installer and carry on with the installation. If you run into an installation error, see the troubleshooting section below.
That’s all there is to it! Once the installation finishes you can remove the USB drive and reboot.
Conclusion
You don’t have to run around trying to find writable CD’s or USB optical drives to build a physical Sophos UTM device. You also don’t have use the Sophos UTM Smart Installer USB drive. Although, if you are routinely building Sophos UTMs from scratch, it might be worth the convenience. For more details on the Smart Installer check out http://www.sophos.com/en-us/support/utm-downloads/utm-smart-installer.aspx
Troubleshooting
If you are reading this it means you probably ran into an installation error. If you do not explicitly mount the USB drive as described, you may receive this error during the ‘formatting’ stage:
install.tar wasn’t found on the installation media
The installation expects the install.tar file to be located in:
/install/install/install.tar
You can check this by switching back to the console with Alt + F2 and using
cd /install/install
ls
It should list the following items:
build; install.md5; install.tar; rpm
If this error occurs, it is most likely that your USB device was not detected as /dev/sdb1. To verify this you can use the following command
dmesg | grep sd
Look for your usb device in the list, it should show the device name and size. Change the mount command to reference the correct sdx1 device id. For example, instead of
mount /dev/sdb1 /install
use something like:
mount /dev/deviceid install
[…] sophos website. Installed the image from boot-able USB following instructions from link below. Fastvue Sophos Reporter Creating Your Own Sophos UTM Bootable USB Installation Drive lsblk shows the output below. NAME MAJ:MIN RM SIZE RO MOUNTPOINT sda 8:0 0 59.6G 0 […]
Quick correction for people following this that may not be used to bash commands:
The command is “mount”, followed by a space and then two arguments [/dev/sdb1] and [/install]
You have it written, all three times, without a space between the command and the first argument.
Thanks for alerting us to that! The post has now been corrected.
Cheers!
[…] Band Wireless AC8260. Ich versuche UTM 9.317 per USB-Stick mit folgendem Tutorial zu installieren: Fastvue Sophos Reporter Creating Your Own Sophos UTM Bootable USB Installation Drive Beim Setup kommt erst die Meldung das nur ein NIC erkannt wurde (der Intel 219-V wird nicht […]
Hello,
I have problem at blue screen introduction. when I press ALT+F2, it doesn’t show anything. The terminal is just stuck and gives me out put like “.]//” and if I press another key, or maybe F1 or delete, it just shows symbol like “][//;” could you help me, why this is happened
Another weird problem I had after the missing install.rpm was corrected by mounting the /install directory was other missing rpms, starting with plymouth-script-git20130903….rb1.i686.rpm. Turns out LinuxLive USB Key creator I used truncated the filenames to 63 characters. They were missing the “.rpm” at the end in varying degrees. I reformatted the USB stick and used Rufus and the UTM install completed successfully.
Hello,
Thanks for the guide, it was very helpful. It was actually Sophos support that directed me here to help with imaging an XG Hardware device.
If anyone is following these steps and gets stuck with an error saying ‘Failed Getting ISO Disk’ when booting off the USB disk created with Rufus. Try creating the disk again and select ‘DD’ mode instead of ‘ISO (Recommended)’ for creating the bootable USB
Tim
Thnx.
Works like a charm on ASG 9.4
That saved my day! Thank you so much! I have just bought a SG 115 second hand that did not boot at all for 200€. I had to reinstall and got the error install.tar cannot be found. Your manual worked great.
Thank you so much again!
Glad we could help! Cheers!
The current UTM ISO ssi.9703-3.1 has a weird countdown at the blue introduction screen’s Start button. This makes it impossible to manually mount the UFD and do the necessary copy operations. Now – it seems – you need a CDROM emulation on your UFD to allow proper mounting of the install by the UTM’s Linux – or you would be using ann old iso and upgrade from there. Looking forward to the day, when Astaro mounts USBs properly…
Great