SOPHOS UTM: Use hardware appliances with home / software license

Martin 12/04/2016

This is not a supported configuration by Sophos 😉

Normally when you get an old hardware Appliance, ex. UTM 220, 320 etc, you cannot use this in your home environment (With your free home license), without paying for a hardware license.

This can be “solved”, by making the hardware installation think, it’s going software 🙂

The steps are listed here:

  1. Take a backup of your running UTM configuration in WebAdmin, if you have such running at the moment.
  2. Download the hardware image for appliances, theese starts with “SSI” in the file name. (Google “Download Sophos UTM”)
  3. Burn this to a CD-rom or to USB following this link. (This will format the harddrive of the appliance, so logs and stats are lost!)
  4. Install the hardware appliance as you would do normally.
  5. After installation, you now have a complete clean Sophos UTM 9 installation.
  6. Connect a VGA screen and a USB keyboard to the appliance.
  7. At the login prompt: login as root – it will tell you to change password, just do that (Old password is <blank>).
  8. When you’re logged in, do this:
    “vi /etc/asg”
    delete the “ASG_ID….”-entry in the file and save and close
  9. Reboot

Now the UTM will boot running software license, and you can use your home license with it 🙂

This workaround will not swap interface names, and if you have one of the bigger models, 220 and beyond, with LCD, then will this just work as it did with hardware config – software installations do not have support for the LCD driver – but this way it works.

Happy UTM’ing 😉

Update: 15/11-2016

When replacing a harddrive with ex. a SSD or other drive, the hardware installer will not install, due to hardware replacement (It looks for specific harddrives with special firmware!), then you cannot use the installer above, you will then have to go with the SOFTWARE ISO instead of the HARDWARE ISO. Install will proceed as normal, but after install, the LCD display will no longer work, cause it’s now a “software” install and not hardware appliance install.

There have been written a lot here about a fix:

https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/10917/asg-425-display-with-homelicense

But the link above does only make the display work with one view “Sophos UTM %version% and uptime”, this is due to the missing /etc/lcd.data file, because this file is only generated on appliances (hardware install).

The main reason it does not work, is that the /etc/asg file is now missing, because this file tells the installer that it is running on an appliance, you cannot copy this from another appliance solely, because you need to modify it (Ex. remove ASG_id and ASG_Serial lines):

Do a “vi /etc/asg”

It creates a new file and then insert:

Ex. for SG 210

ASG_VERSION=”210″
LCD4LINUX_HW=”LCD-SERIAL300″
ASG_SUBTYPE=”r1″

Ex. for UTM 320

ASG_VERSION=”220″
LCD4LINUX_HW=”LCM-162″
ASG_SUBTYPE=”r5″

As you see UTM and SG’s have different LCD controller.

Now reboot and watch the display cycle through the widgets, you can also see if /etc/lcd.data is being populated 🙂

About the Author

Leave a Reply