Sophos Utm 220

Posted on  by



  1. Sophos Utm 220 End Of Life
  2. Sophos Utm 220 Driver

This is not a supported configuration by Sophos 😉

Utm

We installed our Sophos UTM 220 in March of 2014 in an environment consisting of roughly 100 PCs and 75 users. It replaced an aging, homebrew IP Cop firewall. The Sophos UTM is just incredible in comparison. So many features, an easy to use/understand interface, lots of ports and options, and fantastic protection for a competitive price. The Sophos UTM 220 provides easy-to-use security for up to 150 users. The rack-mountable device comes equipped with eight separately manageable network ports. It can be deployed within enterprise-class scenarios, including load-balanced and fail-over connections - without complicated configuration and maintenance.

Normally when you get an old hardware Appliance, ex. UTM 220, 320 etc, you cannot use this in your home environment (With your free home license), without paying for a hardware license.

220

This can be “solved”, by making the hardware installation think, it’s going software 🙂

The steps are listed here:

  1. Take a backup of your running UTM configuration in WebAdmin, if you have such running at the moment.
  2. Download the hardware image for appliances, theese starts with “SSI” in the file name. (Google “Download Sophos UTM”)
  3. Burn this to a CD-rom or to USB following this link. (This will format the harddrive of the appliance, so logs and stats are lost!)
  4. Install the hardware appliance as you would do normally.
  5. After installation, you now have a complete clean Sophos UTM 9 installation.
  6. Connect a VGA screen and a USB keyboard to the appliance.
  7. At the login prompt: login as root – it will tell you to change password, just do that (Old password is <blank>).
  8. When you’re logged in, do this:
    “vi /etc/asg”
    delete the “ASG_ID….”-entry in the file and save and close
  9. Reboot
Sophos utm 220 pro

Now the UTM will boot running software license, and you can use your home license with it 🙂

Sophos Utm 220 End Of Life

This workaround will not swap interface names, and if you have one of the bigger models, 220 and beyond, with LCD, then will this just work as it did with hardware config – software installations do not have support for the LCD driver – but this way it works.

Happy UTM’ing 😉

Update: 15/11-2016

When replacing a harddrive with ex. a SSD or other drive, the hardware installer will not install, due to hardware replacement (It looks for specific harddrives with special firmware!), then you cannot use the installer above, you will then have to go with the SOFTWARE ISO instead of the HARDWARE ISO. Install will proceed as normal, but after install, the LCD display will no longer work, cause it’s now a “software” install and not hardware appliance install.

There have been written a lot here about a fix:

But the link above does only make the display work with one view “Sophos UTM %version% and uptime”, this is due to the missing /etc/lcd.data file, because this file is only generated on appliances (hardware install).

The main reason it does not work, is that the /etc/asg file is now missing, because this file tells the installer that it is running on an appliance, you cannot copy this from another appliance solely, because you need to modify it (Ex. remove ASG_id and ASG_Serial lines):

Do a “vi /etc/asg”

It creates a new file and then insert:

Ex. for SG 210

ASG_VERSION=”210″
LCD4LINUX_HW=”LCD-SERIAL300″
ASG_SUBTYPE=”r1″

Ex. for UTM 220

ASG_VERSION=”220″
LCD4LINUX_HW=”LCM-162″
ASG_SUBTYPE=”r5″

As you see UTM and SG’s have different LCD controller.

Sophos Utm 220 Driver

Now reboot and watch the display cycle through the widgets, you can also see if /etc/lcd.data is being populated 🙂

Related Posts

A network, like a chain, is only as strong as its weakest link. And the weakest links are often the ones furthest from the control of IT: small to midsized remote offices, temporary field offices and remote users. These links in an agency’s network chain are the least likely to have up-to-date defenses, and directly connecting them into centralized network defenses can be expensive, impractical and in some cases physically impossible.

That’s where devices such as Sophos’ UTM 220 come in. This security appliance provides unified threat management for a small to midsized network (up to 150 users), delivering a front-line defense against malware and integrating with endpoint defenses.

Advantages

The UTM 220 provides out-of-the-box protection against many types of malware attacks, tapping into Sophos’ constantly updated database of virus threats. For an agency running a mail server within its network, the UTM 220 can act as a Simple Message Transfer Protocol relay, screening the content of messages for spam or malware before it even hits the server’s mail store.

Phishing scams and other threats have made the web the most common attack vector for landing botnets and other malware on users’ PCs. The UTM 220 can screen web traffic, watching for and blocking both web-based malware attacks and visits to potentially malicious websites, as well as enforcing an agency’s web use policies by blocking inappropriate sites.

The UTM 220 doesn’t just guard the network’s front door. It can be integrated with Sophos software agents that run on clients to provide defense in depth against viruses. It also provides intrusion prevention technologies to block attacks from outside the network or from one segment of the network to another.

The appliance also can act as a virtual private network connection point. It supports most common standards for remote access. The UTM 220 can also connect to the cloud via Amazon Virtual Private Cloud, so an agency can use cloud services as securely as if they were on the local network.

Why It Works for IT

The UTM 220 is extremely easy to set up. It can be configured from a network-connected PC through a web browser; it took me about 10 minutes to get an initial configuration up and running. Almost anyone with basic training can install a UTM 220 by following a simple set of procedures. The device can also be configured for remote administrative access from a fixed IP address.

From there, almost all of the tweaks can be made through the UTM 220’s web interface, and administrators can view its logs and reports. A feature called “network visibility” gives real-time information about application traffic on the network; this data can also be used for application control to throttle or block some services and to guarantee quality of service to more important applications.

Disadvantages

Most of the UTM’s functionality is based on subscription licenses. While this allows a user to pick and choose the levels and types of protection, it also means a recurring cost for operation.

Some of the features of the UTM 220 require additional Sophos hardware to work. For example, the appliance’s defenses can be extended to wireless network protection, enforcing a consistent networkwide set of passwords and security settings and watching for malicious traffic passing through access points. But this feature requires Sophos APs.

More On

Related Articles