Cannot use ASG software license on ASG1xx device.

Sophos UTM Home on Sophos hardware

By Andreas Walker 8 Jan, 2023

My post about installing Sophos XG Home on Sophos hardware included a note that Sophos UTM Home is still available. After multiple requests from users, here is how to license Sophos UTM Home on a Sophos ASG appliance.

Restrictions and considerations

Unlike Sophos XG Home, the Sophos UTM Home does not have any hardware limits. In principle, any Sophos SG or ASG appliance can be equipped with Sophos UTM Home. However, you should note that the number of “Protected IPs” is limited to 50 and the number of connections to 32’000. Therefore, it is not worth using the latest appliance for this tinkering project, as you would not be able to use its performance to the full anyway. The following instructions are based on a Sophos ASG 120.

Install Sophos UTM firmware / Initial setup

The latest installer images for Sophos UTM can be downloaded directly from Sophos. In contrast to the Sophos XG home installation, the normal installer package for Sophos hardware can be used. It is good to know that Sophos UTM install ISOs are not suitable for installation from USB sticks, because the USB drive is not mounted by the installer. You could do this manually yourself, but I used an ODD emulator instead.

To install the Sophos UTM software, you can follow the KB article on reimaging a UTM appliance.

Order Sophos UTM Home license

The Sophos UTM Home Use license can still be created and downloaded from the Sophos MyUTM portal.

  • Clock on "Join today and get instant access" at https://myutm.sophos.com
    Clock on “Join today and get instant access” at https://myutm.sophos.com
  • Fill in the form and click on "Sign up to MyUTM".
    Fill in the form and click on “Sign up to MyUTM”.
  • Finnish registration at MyUTM by confirming your Mailaddress.
    Finnish registration at MyUTM by confirming your Mailaddress.
  • Under "License Management", click on "Create license here" near "Home Use License".
    Under “License Management”, click on “Create license here” near “Home Use License”.
  • The licence is created immediately and can then be downloaded. Simply click on the licence.
    The licence is created immediately and can then be downloaded. Simply click on the licence.
  • Download the licence file with "Download License File".
    Download the licence file with “Download License File”.

Modify appliance

The Sophos UTM Home Use license is a “software” license and therefore cannot be installed on an ASG appliance. Importing the licence fails with the error message “Cannot use ASG software license on ASG1xx device.”

Cannot use ASG software license on ASG1xx device.
Cannot use ASG software license on ASG1xx device.

Fortunately, it is relatively easy to modify the installation so that the USG Home Use License can be read.

Activate SSH access

    • Under “Management” -> “System Settings” -> “Shell Access” in the area “Shell User Passwords” create a password for the users “root” and “loginuser”.
    • Activate SSH shell access
    • Check if you are allowed to access the application from your own network via SSH.

    Rename the configuration file

    • Connect to the IP of the appliance via PuTTY.
    • When connecting to the appliance for the first time, the SSH fingerprint at the “PuTTY Security Alert” must be confirmed with “Yes”.
    • Log in to the console with the user “loginuser”.
    • Issue the following commands:
    loginuser@fw-sophos-asg120:/home/login > su
Password: [root Passwort]
fw-sophos-asg120:/home/login # mv /etc/asg /etc/asg.txt
fw-sophos-asg120:/home/login # exit

    Restarting the appliance & testing

    The appliance must be restarted so the adjustment can take effect. After the restart, “ASG Software” should be listed as the Model in the Dashboard.

    • Set a root and loginuser password in the Sophos UTM WebGUI under Management -> System Settings -> Shell Access. Then activate "SSH shell access". Also check that access via SSH from the source network is allowed.
      Set a root and loginuser password in the Sophos UTM WebGUI under Management -> System Settings -> Shell Access. Then activate “SSH shell access”. Also check that access via SSH from the source network is allowed.
    • Log in to the Sophos UTM appliance via SSH.
      Log in to the Sophos UTM appliance via SSH.
    • Confirm PuTTY Security Alert with Yes.
      Confirm PuTTY Security Alert with Yes.
    • Login with the user "loginuser
      Login with the user “loginuser
    • Use the command "su" to obtain root rights. Then rename the configuration file with the command "mv /etc/asg /etc/asg.txt".
      Use the command “su” to obtain root rights. Then rename the configuration file with the command “mv /etc/asg /etc/asg.txt”.
    • After restarting, check in the dashboard whether the Model has been changed to "ASG Software".
      After restarting, check in the dashboard whether the Model has been changed to “ASG Software”.

    Import Sophos UTM Home license

    • Upload the licence file under “Management” -> “Licensing” -> “Installation” and confirm with “Apply”.
    • As the licence restricts some values, a warning message will appear. You can confirm this with “OK”.
    • The application of the licence is confirmed with the message “New license installed successfully.
    • Under “Management” -> “Licensing” -> “Overview” you can then verify the licence status.
    • The licence number should now also be displayed on the dashboard below the Model.
    • Under "Management" -> "Licensing" -> "Installation" upload Sophos UTM Home licence file.
      Under “Management” -> “Licensing” -> “Installation” upload Sophos UTM Home licence file.
    • Confirm warning messages about restrictions with "OK".
      Confirm warning messages about restrictions with “OK”.
    • Installation of the licence is confirmed with "New license installed successfully.
      Installation of the licence is confirmed with “New license installed successfully.
    • Checking the installed licence under "Management" -> "Licensing" -> "Overview
      Checking the installed licence under “Management” -> “Licensing” -> “Overview
    • The licence number is displayed in the dashboard below the Model.
      The licence number is displayed in the dashboard below the Model.

    Useful links:

    The following is a small list of links with help / resources.

    Sophos XG (Home)

    Sophos SG/UTM (Home)

    Usefull Links

    Andreas Walker completed an apprenticeship in gastronomy and worked in this industry for almost 15 years. In addition to his work in the hospitality industry, he built up a small IT company and supported small SMEs in IT projects in his spare time. Over time, he slipped into the IT of his employer and managed the site IT of a business hotel of the internationally active hotel chain IHG. In the summer of 2019, he graduated with an Advanced Federal Diploma of Higher Education in Information Technology. Since spring 2019, Andreas Walker is working for a local IT provider in the canton of Glarus as a system engineer, where he primarily supports SME customers.