Skip to main content

Installation Process

System Requirements

Mandatory conditions for work with SafeUTM:
1. UEFI support.
2. Turn off Legacy boot mode, it may be called CSM (Compatibility Support Module).
3. Turn off the Secure Boot option in UEFI.


Minimum system requirements



Intel Pentium G/i3/i5/Xeon

E3/Xeon E5 with SSE 4.2 instructions support

Requirements may differ depending on network load and services used, as well as content filtering, antiviruses, and intrusion prevention system. The system requires at least 2 cores; a 4-core processor is better.


8 Gb (16Gb if the number of users is over 75)

Requirements may differ depending on network load and services used, as well as content filtering, antiviruses, and intrusion prevention system.

Disk subsystem

HDD or SSD, capacity 64 Gb or more, with SATA, SAS. Additional HDD or SSD when using a mail server is required.

Software RAID controllers are not supported (those integrated into the chipset or motherboard). Using hardware RAID controllers is not recommended.

Network adapters

One network adapter

Gigabit (or 10G) Intel network cards are recommended.


Display and keyboard

No preinstalled OS or additional software is required to install and run SafeUTM. SafeUTM is installed to a dedicated server from an installation USB-flash, a file system is automatically created and all necessary components are installed.

In order to choose the best hardware platform for you please follow the guidelines on equipment choice for SafeUTM. The approximate hard drive capacity to store the information of about 1000 users for 1 year is 10-15 Gb.

Browser support for server administration web interface

All up-to-date versions of Firefox, Chrome, and browsers based on Chromium are supported. Internet Explorer is not supported.

Hypervisor support

Microsoft Hyper-V (2nd generation, Windows 2012R2 or higher), VMware, VirtualBox, KVM, Citrix XenServer. More information can be found here.

Configuration examples

Examples of several types of configurations depending on the number of users can be seen in the table below.








Intel Pentium Gold G5400 or compatible

Intel i3 8100 or compatible

Intel i5, i7, Xeon E3, 3 GHz and up, or compatible

Intel Xeon E3, E5 or compatible

Intel Xeon or compatible 8-core one


8 Gb

8 Gb

16 Gb

16 Gb

32 Gb

Storage space

64 Gb

64 Gb

250 Gb

500 Gb

500 Gb

Network adapters

2 pcs.

2 pcs.

2 pcs.

2 pcs.

2 pcs.

Performance data:

Configuration example: Intel Xeon E-2234, 16 GB DDR4, 1 GB LAN.

  • Mode L3: TCP up to 1 Gbps, UDP up to 1 Gbps, HTTP up to Gbps.
  • *Mode L7: TCP up to 550 Mbps, UDP up to 900 Mbps, HTTP up to 500 Mbps.

- Mode L7: IPS modules, content filtering, application control, and antivirus scan are on.

Installation Options

You can install SafeUTM on a dedicated server or a virtual machine. It depends on the expected load and equipment capacity.

SafeUTM installation from a USB flash drive

SafeUTM can be installed from a flash drive by using an installation ISO file. This process is described in the Creation of boot USB flash drive article.

Installation on a dedicated server

In order to install the SafeUTM security gateway you need to follow these steps:

  1. Prepare hardware in accordance with technical requirements.
  2. Prepare a USB-flash drive with a capacity of over 2 Gb.
  3. Receive the ISO file from your manager.
  4. For safety reasons check the downloaded file checksum, which you can find on the SafeUTM downloads page in your personal account.
  5. Create the bootable USB-flash drive using the ISO file.
  6. In the computer’s BIOS settings choose "boot from USB-flash drive" and start the system installation from this USB drive. SafeUTM installer should appear on the screen as seen below.

Installation Process

Stage 1. Start of installation


Choose a disk for installation. To do this, enter the number of the disk you wish to use and press Enter.
2. Installation Process.png

The system will warn about the loss of all data stored on the disk. We recommend that you make sure the disk does not contain any important information, as it will not be possible to recover it. The data loss alert can be seen in the screenshot below. To continue, type and press Enter.

Now you need to select the time zone. Select the time zone you are in. To do this, type and press Enter.
3. Installation Process.png

In the next dialog box, you need to set up a date and time.  If the settings are correct, type and press Enter.

If the current settings are incorrect, type and put in the correct data, then press Enter.
4. Installation Process.png

Then the system will perform disk subsystem tests necessary for installation:

  • A partition table will be created and formatted.
  • System files will be copied onto the disk.
  • Basic system settings will be configured according to your computer configuration.

Don’t forget to eject the USB drive when restarting UTM so that the system doesn’t start booting from the installation drive.

After the server restarts, you will see a window with system info. An example of such a window can be seen below. To continue press any key.
5. Installation Process.png

If you want to configure the server as the second node of the cluster, press y and then Enter. For more information about configuring clustering, see the High Availability article.

If the clustering setup is not required, press n and then Enter.

Stage 2. Creating admin’s account

Create an admin account. After typing in login press Enter and type in a new account password, then press Enter.

Admin password requirements:

  • Minimum 10 symbols.
  • Upper- and lower-case Latin letters.
  • At least one digit
  • Special characters (! # $ % & ' * + etc.)

6. Installation Process.png

If the password does not pass the security policy requirements, a notification about password unreliability will appear. You need to type in another password taking into consideration password requirements and press Enter.
7. Installation Process.png

When the account has been created, press any key to switch to the local menu and type in data from the newly created admin’s account.
8. Installation Process.png

Stage 3. Network adapter setup

Now the system will suggest that you set up a local network interface. It is the interface to which all your enterprise network will be connected. Type in the network adapter number from the list and press Enter.

During local interface definition, you may encounter difficulties with NIC identification. Sometimes several adapters may have the same manufacturer. In such a case in order to avoid a mistake, you need to identify the device by its MAC address. Do not worry about making a mistake, you can change these settings later.

9. Installation Process.png

Type in the local IP address subnet mask as ip/mask and press Enter.
Next, if necessary, create a VLAN tag or leave the field empty and press Enter.
10. Installation Process.png

After creating a local interface, the server administration menu will open.
11. Installation Process.png


The next step is SafeUTM configuration. This process is described in the Initial configuration article.