Intro: Protect Your Network With a UTM Firewall Free
This guide will cover the basics to get a Sophos UTM installed and running on your home network. This is a free and very powerful software suite.
I'm trying to hit the lowest common denominator, so I won't go into active directory integration, remote access, public certificates, private CAs, or many of the other advanced areas. If there is interest will expand it though.
The main focus will be protecting your network, allowing safe access for children, blocking ads and getting the device and your network to a place where you can add features. Did I say it's free? Yeah. Completely free.
Step 1: Gather Hardware
I built mine using a server with a bunch of network cards that has VMware ESXi as the operating system. This is free also, if you are interested in virtualizing it let me know and I'll write about it. It is the way to go for advanced services and keeping things clean and green.
This guide I'm going to explain using an old computer to do the same thing.
So get an old computer, it needs to be made in the last decade. You'll want something with 2-4 GB of RAM, at least 40GB hard drive, if you have an add-in GPU remove it.
You will need some Ethernet cables. Grab 3-4 5' cables if you don't have any hanging around. Use your discretion if you know wifi will be remote, or the UTM will be.
This is the part that you will likely have to buy or scavenge: another network card. You should be able to find one at a computer recycler cheaply. If your computer has a built in network port then you need a 1 port card. Bare minimum you need 2 network ports, one will connect to your modem or ISP supplied device and one will connect to your internal devices.
If you are using wifi that is supplied by your ISP modem, you need to buy a new wifi access point.
At this point you should have a computer with at least two network ports and a wifi access point if you use wifi.
Side note: Wifi access points are the same as wifi routers for the most part, but we will be turning the routing features off, hence I will call them access points as they will not be routing.
Step 2: Gather Software
The only software we need is a bootable copy of the Sophos UTM.
You will need to burn the ISO to a DVD or create a bootable USB stick.
You will need to register to download the UTM here:
Register and download the ISO. Once downloaded create a bootable DVD or USB stick.
Use one of these programs to create your boot media. They have the usual caveats for free software, make sure you click carefully while downloading and installing.
Congrats! At this point we have everything needed to begin.
Step 3: Install!
This is pretty straight forward. Insert boot media into the computer and hit the f key that will get you to the boot options menu.
Select the USB or DVD to boot from.
Take all of the defaults and let er rip.
Once it completes we can start having fun and get some relevant screenshots going.
Side note: We're going to talk about networking. I'll lay out examples that should work. But if you're interested in how it works this is a good start: https://www.bleepingcomputer.com/tutorials/ip-addresses-explained/
Again hit me up with questions.
Step 4: Now It Gets Real
So now you have a box that is ready to go, but it's running Linux, and you can't get to the GUI interface to start