Sophos Security Gateway on Xen

A couple of Sophos hardware gateways

(This was updated in May 2015, with newer instructions for 9.310).

It’s good to be back. Had a really terrible stomach flu thing, was out of action for a week. Lots of electrolytes and less solid foods. But that’s not what you tuned in for.

The Sophos Security Gateway (formerly of Astaro fame) comes with a VMware Virtual Appliance. If you want to install on Xen (or another hypervisor) they suggest you can use their regular Software Appliance ISO:

Any other virtualization platforms such as Xen, Hyper-V, KVM, etc. that can boot up from an .iso should operate just fine as well. (Some platforms may not have full support for networking drivers, tools, or time keeping.)

The North American convention of putting full stops inside brackets is just crazymaking (but I digress).

If you can, install with Xen using the virtual optical drive. If you’re attempting a bootstrap on a cloud platform (or via USB key), you can first create a hybrid bootable image from the ISO and dd across. The syslinux package contains the isohybrid tool you can use.

# apt-get install syslinux
# isohybrid asg-9[x].iso
# dcfldd if=asg-9[x].iso of=/dev/xvda[x]

Unfortunately, this creates a small problem. The installer will boot, but when it gets to the file extraction stage it won’t find the installer files:

Install.tar wasn't found on the installation mirror

This likely happens because it can’t mount the optical drive as it expects. You can confirm this by dropping to a shell with [ALT]+[F2] and listing the install mountpoint.

# ls /install
# ==> crickets

Fortunately we’re dealing with Linux, so its relatively easy to mount the installer volume manually. It’ll be different depending on your environment, but if you imaged to a second Xen drive, try one of these likely options:

# mount /dev/xvda2 /install
# mount /dev/sda1 /install

Then hit [ALT]+[F1] (not [F2]) and proceed as normal. Again depending on your environment, you may even see this:

Extra RPMs are installed for improved Xen HVM support.