I'll answer a bit aside your question.

If you've got 40 users, including servers, why do you stay with home edition ? It's not the target of this edition. You should go for a real hardware UTM.

Sophos is tight-lipped about the specs of their UTM/XG devices.

Look here....what CPU do these have, how much RAM do they have? 

https://www.firewalls.com/products/firewalls/sophos/xg/comparison

OK, I found the technical brief. http://dttstores.com/media/documents/sophos-xg.pdf

Same for most of others :)

Some clues wtih Checkpoint UTM : https://www.checkpoint.com/downloads/product-related/comparison-chart/appliance-comparison-chart.pdf

Number of cpu/core and memory but no real full spec.

Another point is that often the hardware version for the OS is really optimized for this h/w, so with a standard PC you do not have same result.

"Another point is that often the hardware version for the OS is really optimized for this h/w, so with a standard PC you do not have same result."

that's probably an important aspect. But the licensing prevents me from using anything else than the home edition. Therefore, my goal would be to find the most powerful hardware for the home edition while taking the limitations into consideration.

P.S. on the webpage of QOTOM I can't find the I7 version. Have they reduced their portfolio?

The link I provided states it has a Intel® Core™ i7-5500U Processor 4M Cache, up to 3GHz.

https://www.aliexpress.com/item/Industrial-PC-Gateway-Firewall-Router-for-pfSense-Core-I7-5500U-AES-NI-4-Gigabit-NICs-QOTOM/32855356778.html

There's also a different model where you can choose your CPU.

https://www.aliexpress.com/item/QOTOM-4-LAN-Mini-PC-with-Core-i3-4005U-i5-5250U-processor-and-4-Gigabit-NIC/32812678037.html?spm=2114.search0103.3.59.3b9462d5hPor2W&ws_ab_test=searchweb0_0,searchweb201602_3_10152_10151_10065_10344_10130_10068_10324_10342_10547_10325_10343_10546_10340_10548_10341_10545_10696_10084_10083_10618_10307_10313_10059_10534_100031_10103_10624_10623_443_10622_10621_10620_10810_10811,searchweb201603_25,ppcSwitch_5&algo_expid=d34c88dd-7706-4a90-b6de-f7c03df5156d-8&algo_pvid=d34c88dd-7706-4a90-b6de-f7c03df5156d&priceBeautifyAB=0

I was going to use a Qotom i5 for my home lab but ended up getting three defective units in a row. Their quality control is not what you might call "on point" and the CMOS battery on all of my units was attached to the motherboard using a dongle that flapped around inside the case without being attached to anything. The specs on these machines are really good for the price, but be warned that you are opening yourself to a bit of risk.

For reference, I finally gave up and went with this guy -> https://www.amazon.com/gp/product/B072ZTCNLK/ref=oh_aui_detailpage_o01_s00

I found the build quality to be much, much better. I threw my own drive and RAM in and ended up with a device that specs out somewhere between the 125 and 135 for a whopping $350.

-Gary

Amazon also sells the XG 115w base appliance for around $635. It only has 4Gb of ram but it's optimized for the XG firmware it might be OK. Performance wise I don't know how it would compare.

https://www.amazon.com/Sophos-XA1B1CSUS-XG-115w-TotalProtect/dp/B019G2UKFW?th=1

They also make a 6 port version available with up-to an i5 if you want more power.

https://protectli.com/6-port/

-GP

the QOTOM-Q375G4 with I7-5500U seems to be the most powerful from the given links. Since the main difference between i5 and i7 is hyperthreading, maybe even i5 i sufficient.

with 8gb of RAM and 128 SSD (is this enough?)

Since the Wifi Option is almost for free, does it make sense to get it in terms of compatibility with Sophos XG?

this comes down to 430$ plus tax and custom fees.

Furthermore, has anyone tested this Unit with Sophos XG?

the QOTOM-Q375G4 with I7-5500U seems to be the most powerful from the given links. Since the main difference between i5 and i7 is hyperthreading, maybe even i5 i sufficient.

with 8gb of RAM and 128 SSD (is this enough?)

Since the Wifi Option is almost for free, does it make sense to get it in terms of compatibility with Sophos XG?

this comes down to 430$ plus tax and custom fees.

Furthermore, has anyone tested this Unit with Sophos XG?

On the one (of three) Qotom units I had that worked (for an hour) I had to disable USB3 in the BIOS to get the USB installer to boot. During load, the installer could not find the mSATA drive, but that may have just been due to my unit being defective. I swapped out the mSATA for regular SATA (a nice feature of these micro machines) but could not get the unit to boot again so was unable to test further.

ok, that doesn't sound promising.

In this case both the i5 and i7 are dual core with hyper threading. The main difference is the base frequency. The i7 has a MUCH higher base frequency of 2.4GHz instead of 1.6GHz. And the i7 will top out at 3GHz instead of 2.6GHz.

Also the built in wifi is not compatible with Sophos XG. So get the no-wifi option. 8Gb of RAM and 128Gb SSD should be more than enough. In fact a 64Gb SSD should be fine as long as you don't keep logs saved for too long.

I am running UTM 9.5 with a 128Gb SSD and 8Gb of RAM and it is more than plenty even with web filtering and intrusion prevention running. RAM never goes above 45% and that's with a total of 6.8 Gb RAM available due to graphics memory set aside. So this should give you an idea.

They make work fine, but Qotom sacrifices build quality to keep the price down. I'm guessing they had a bad batch of the i5 units and each time I would RMA a defective one, I just got the next on the shelf from the same production run. Who knows. The actual hardware used should be just fine with XG and the only BIOS issue I'm aware of is the USB3 problem.

Personally, I would take an honest assessment of your needs and reconsider a lower-powered unit. I'm very happy with the quality of the Protectli builds and their BIOS doesn't suffer from the USB3 issue. The 4 port quad core Atom based version is serving me well right now with a boat load of IOT devices, multiple streaming platforms that seem to be entertaining empty rooms all day long, and a few servers and VPN connected work devices while averaging 10% CPU (spikes to 30%) and 45% RAM usage (out of 8GB installed, 6GB used). This is with 18 rules, most of which have AV scanning and policy applied.

Just food for thought.

Gary

alright. thanks for all the answers and recommendations. I'll investigate a little further and see what's the best option for me.

best

Pete

I bought an intel atom 3845 with 4 lan ports from

https://www.pondesk.com/product/Intel-Atom-E3845-4-LAN-AESNI-3G4G-Fanless-Firewall-Router_MNHO-048

ships from London,

I'm very happy with my home setup, consumption is under 7 W,

but I don't know if its cpu is enough for your needs

I  bought this one - fully conpatible - installation without problems - localwifi, core I7-4670K - console - 8 LAN Ports - VGA 

https://www.pondesk.com/product/8-LAN-1-COM-4-Fiber-SFP-4G-NGFW-Firewall-1U-Rackmount-Server_NSHO-001

(hope it is allowed to post a direct product link here)

 Product has  great support, my first unit was damaged by the parcel service, got a new one within a week.

sorry, just saw you are looking for a quiet one ! this one is rather noisy.

What you a really looking for is a quad core machine with a very fast CPU, it does not have to be i5 or i7 both of which are overkills.

Your e3-1265l v2 as a bare metal machine should be more than adequate - 2.5ghz to 3.5ghz.

Ian

(just to explain my choice)

have a direct switched 1 GBit connection to the internet at home, just wanted to be on the safe side, at least i can say that with my system mentioned above i have an up- and download rate of about 90 MByte per second all security features of Sophos XG enabled.

But in fact i am locking for a not so noisy gateway with enough performance for my internet connection  as backup so started following this thread.