There are a lot of options when it comes to Firewall\Unified Threat Management appliances – including hardware, software, and virtual appliance. Several names come to mind including pfSense, Untangle, m0n0wall, and the topic of this post – the Sophos UTM Home Edition appliance (formerly Astaro Gateway). After doing fairly extensive research, I decided upon this distribution for a few reasons:
- Available as a virtual appliance, or software to run on your choice of hardware (or Sophos hardware $)
- The free edition is surprisingly feature-rich including:
- Intrusion detection and prevention
- Full featured firewall
- Web content filtering for both HTTP and HTTPS
- Web AV scanning
- Email anti-spam
- Remote access with several VPN options
- An easy to use web UI
- Integration with Sophos endpoint AV protection for 10 users
- All of the above is $0 with the limitation of 50 users
I chose to go the software running on whitebox hardware as it allowed lots of flexibility and did not rely on the complexity of an underlying hypervisor – an unofficial HCL is available here.
Some low-power Intel Atom solutions may work for this application, but due to the number of options available with this UTM, a minimum of an I3 processor is recommended to be able to push throughput with advanced services such as IPS and AV – I chose the Supermicro SYS-5018D-MF
- 4th Generation i3, Xeon E3 V3 support
- Up to 32 GB ECC UDIMM memory
- Dedicated IPMI LAN
- PCIE x8 slot
- Dual Intel i210 1Gbps Ethernet
- Enterprise grade server hardware quality I’ve come to expect from Supermicro
To get started, you will need to request a Home Edition license from Sophos – do that here.
Once you receive your license, you will need to download the software from here.
There are two options – a hardware appliance and software appliance. The hardware appliance is specific to Sophos Hardware – if you try to use this installer on non-Sophos hardware, it will be detected, and installation will stop. So you want to download the software appliance for both installation on custom hardware or in a virtual machine.
*Note: This is a firewall – you must have at least 2 network interfaces – the installer will check for this.
The installation is fairly straightforward – you will need to choose an inside interface and address type:
Next, select options for a 64 bit kernel, if you would like the enterprise toolkit, and then partition setup. Once complete, the system will reboot and most, if not all configuration will be from the webadmin console: https://[console_IP_Address]:4444/
Getting the Sophos UTM Home Edition Installed and Configured
Once the system is back up, you will run through a basic system setup specifying hostname, admin password, etc. You will then continue system setup – you will need your license file at this point. You will also configure the WAN interface and type, basic firewall services and advanced protection services.
Finally, you will arrive at the main dashboard – depending on what you configured, this may look different.
The next thing you will want to do is define your networks – internal network, any DNS servers you may have, and any internal web servers you may have. Some network definitions are auto added based on connectivity and defaults (any IPV4, etc).
Next, assuming you have a single public IP address, you want to configure NAT masquerading – this is similar to NAT overload on an interface or PAT. Simply choose the network to be translated and which interface to use – in the below example, ‘Production’ is defined as any inside network, with ‘Outside’ being the WAN interface.
At this point, you should at least have internet access from any inside hosts. In the next post, I’ll cover configuring advanced protection services and allowing dynamic NAT for internal web servers, etc.