Sophos UTM Home Edition – 1 – Getting Started

UPDATE: Part 2 – The InstallationPart 3 – The Setup, Part 4 – Definitions and Rules, and Part 5 – SSL VPN are now available.

I recently built a house and was fortunate enough to be able to fill the walls with Cat6. This has allowed me to build out a significant home network which includes multiple wireless access points, a mixed Windows/Linux environment, and various other endpoints. Given the industry in which I work, I’ve tried to ensure that security has been integrated into each step of the build-out. To that end, a few weeks ago, I started a deep dive into potential Unified Threat Management (UTM) solutions.  After speaking with a number of our Defensive experts, I’ve finally settled on the Sophos UTM Home Edition. Cost was, of course, an important factor in my decision; the Sophos UTM Home Edition is completely free and comes with an impressive array of features. Aside from offering an intuitive firewall management interface, Sophos UTM Home Edition includes built-in web filtering, multiple VPN and remote access options, and it can even manage guest wireless networks hosted from non-Sophos access points. Though certain features are disabled in the non-paid edition, mostly from an interface customization perspective, it is more than robust enough to meet my requirements.

Sophos UTM is a full operating system and can be run on independent hardware or in a virtual machine. I’ve chosen the former and now have a dedicated box with four network cards ready for the install. Over the next few posts, I will document the installation and configuration of the Sophos UTM Home Edition with the end goal of offering a one-stop-shop for potential issues. We’ll start here with obtaining a license.

The first step in the process is to create an account. Users must sign up through Sophos before a usage license for the UTM can be obtained. Once the form as pictured below has been completed and submitted, Sophos will send a confirmation email to the associated email address.

Sophos UTM Home Addition Sample

Create Sophos Account

The confirmation email contains a link to download the ISO file and written instructions on how to get started. I had to use the password reset function to successfully access my Account Management page, but it did not take more than a few seconds to complete.

Sophos UTM Sample Email

Sophos Account Creation Email

From the Overview page, a new license must be created as pictured below. All data fields are mandatory (first and last name, email, and phone).  Unless working from an existing license ID, a new one must be created. After the process has completed, the new license file can be downloaded as a text file from the same Overview page.

Sophos UTM - Creating a new license

Create a new license

To download the ISO file for Sophos UTM Home Edition, users should follow the link in the account confirmation email or simply browse to the Sophos downloads page. There are three separate links for downloading the UTM which correspond to how the UTM will be run. The page includes a link for those interested in running independent hardware, a second for virtual environments, and a third for the ‘smart installer’ which is run from a pre-prepared USB stick. We’re going to be sticking to the hardware-based UTM.  The hardware installation page offers a pair of the most recent versions of the UTM for download. Unless specific problems are encountered, obviously, the most recent version is typically the best option. The ISO file at the time of this writing is about 650 megabytes in size, so it will fit on a standard CD.

Sophos UTM 1 - sample download

Downloads page for Sophos UTM – Home Edition, Hardware installation

Once the download is complete, burn the ISO to a disk. Windows can do this natively, so there shouldn’t be any major hiccups. The last steps before installing to hardware are to check that the dedicated machine meets the necessary requirements (see the original confirmation email) and to ensure that the bios permits booting from external media.


The next post in this series will cover the actual installation process and initial configuration of the UTM.



Former military intelligence. Physical security and network penetration testing.

Latest posts by patchwork (see all)