I'll answer a bit aside your question.

If you've got 40 users, including servers, why do you stay with home edition ? It's not the target of this edition. You should go for a real hardware UTM.

Sophos is tight-lipped about the specs of their UTM/XG devices.

Look here....what CPU do these have, how much RAM do they have? 

https://www.firewalls.com/products/firewalls/sophos/xg/comparison

OK, I found the technical brief. http://dttstores.com/media/documents/sophos-xg.pdf

Same for most of others :)

Some clues wtih Checkpoint UTM : https://www.checkpoint.com/downloads/product-related/comparison-chart/appliance-comparison-chart.pdf

Number of cpu/core and memory but no real full spec.

Another point is that often the hardware version for the OS is really optimized for this h/w, so with a standard PC you do not have same result.

"Another point is that often the hardware version for the OS is really optimized for this h/w, so with a standard PC you do not have same result."

that's probably an important aspect. But the licensing prevents me from using anything else than the home edition. Therefore, my goal would be to find the most powerful hardware for the home edition while taking the limitations into consideration.

P.S. on the webpage of QOTOM I can't find the I7 version. Have they reduced their portfolio?

The link I provided states it has a Intel® Core™ i7-5500U Processor 4M Cache, up to 3GHz.

https://www.aliexpress.com/item/Industrial-PC-Gateway-Firewall-Router-for-pfSense-Core-I7-5500U-AES-NI-4-Gigabit-NICs-QOTOM/32855356778.html

There's also a different model where you can choose your CPU.

https://www.aliexpress.com/item/QOTOM-4-LAN-Mini-PC-with-Core-i3-4005U-i5-5250U-processor-and-4-Gigabit-NIC/32812678037.html?spm=2114.search0103.3.59.3b9462d5hPor2W&ws_ab_test=searchweb0_0,searchweb201602_3_10152_10151_10065_10344_10130_10068_10324_10342_10547_10325_10343_10546_10340_10548_10341_10545_10696_10084_10083_10618_10307_10313_10059_10534_100031_10103_10624_10623_443_10622_10621_10620_10810_10811,searchweb201603_25,ppcSwitch_5&algo_expid=d34c88dd-7706-4a90-b6de-f7c03df5156d-8&algo_pvid=d34c88dd-7706-4a90-b6de-f7c03df5156d&priceBeautifyAB=0

I was going to use a Qotom i5 for my home lab but ended up getting three defective units in a row. Their quality control is not what you might call "on point" and the CMOS battery on all of my units was attached to the motherboard using a dongle that flapped around inside the case without being attached to anything. The specs on these machines are really good for the price, but be warned that you are opening yourself to a bit of risk.

For reference, I finally gave up and went with this guy -> https://www.amazon.com/gp/product/B072ZTCNLK/ref=oh_aui_detailpage_o01_s00

I found the build quality to be much, much better. I threw my own drive and RAM in and ended up with a device that specs out somewhere between the 125 and 135 for a whopping $350.

-Gary

Amazon also sells the XG 115w base appliance for around $635. It only has 4Gb of ram but it's optimized for the XG firmware it might be OK. Performance wise I don't know how it would compare.

https://www.amazon.com/Sophos-XA1B1CSUS-XG-115w-TotalProtect/dp/B019G2UKFW?th=1

They also make a 6 port version available with up-to an i5 if you want more power.

https://protectli.com/6-port/

-GP

the QOTOM-Q375G4 with I7-5500U seems to be the most powerful from the given links. Since the main difference between i5 and i7 is hyperthreading, maybe even i5 i sufficient.

with 8gb of RAM and 128 SSD (is this enough?)

Since the Wifi Option is almost for free, does it make sense to get it in terms of compatibility with Sophos XG?

this comes down to 430$ plus tax and custom fees.

Furthermore, has anyone tested this Unit with Sophos XG?

6 ports are nice, since you could seperate networks without vlans, I guess. 

but this one starts at 599 without ram and sdd. In this price range the supermicro e300-d8 could also be an option.

On the one (of three) Qotom units I had that worked (for an hour) I had to disable USB3 in the BIOS to get the USB installer to boot. During load, the installer could not find the mSATA drive, but that may have just been due to my unit being defective. I swapped out the mSATA for regular SATA (a nice feature of these micro machines) but could not get the unit to boot again so was unable to test further.

ok, that doesn't sound promising.

ok, that doesn't sound promising.

They make work fine, but Qotom sacrifices build quality to keep the price down. I'm guessing they had a bad batch of the i5 units and each time I would RMA a defective one, I just got the next on the shelf from the same production run. Who knows. The actual hardware used should be just fine with XG and the only BIOS issue I'm aware of is the USB3 problem.

Personally, I would take an honest assessment of your needs and reconsider a lower-powered unit. I'm very happy with the quality of the Protectli builds and their BIOS doesn't suffer from the USB3 issue. The 4 port quad core Atom based version is serving me well right now with a boat load of IOT devices, multiple streaming platforms that seem to be entertaining empty rooms all day long, and a few servers and VPN connected work devices while averaging 10% CPU (spikes to 30%) and 45% RAM usage (out of 8GB installed, 6GB used). This is with 18 rules, most of which have AV scanning and policy applied.

Just food for thought.

Gary

alright. thanks for all the answers and recommendations. I'll investigate a little further and see what's the best option for me.

best

Pete

I bought an intel atom 3845 with 4 lan ports from

https://www.pondesk.com/product/Intel-Atom-E3845-4-LAN-AESNI-3G4G-Fanless-Firewall-Router_MNHO-048

ships from London,

I'm very happy with my home setup, consumption is under 7 W,

but I don't know if its cpu is enough for your needs

I  bought this one - fully conpatible - installation without problems - localwifi, core I7-4670K - console - 8 LAN Ports - VGA 

https://www.pondesk.com/product/8-LAN-1-COM-4-Fiber-SFP-4G-NGFW-Firewall-1U-Rackmount-Server_NSHO-001

(hope it is allowed to post a direct product link here)

 Product has  great support, my first unit was damaged by the parcel service, got a new one within a week.

sorry, just saw you are looking for a quiet one ! this one is rather noisy.

What you a really looking for is a quad core machine with a very fast CPU, it does not have to be i5 or i7 both of which are overkills.

Your e3-1265l v2 as a bare metal machine should be more than adequate - 2.5ghz to 3.5ghz.

Ian

(just to explain my choice)

have a direct switched 1 GBit connection to the internet at home, just wanted to be on the safe side, at least i can say that with my system mentioned above i have an up- and download rate of about 90 MByte per second all security features of Sophos XG enabled.

But in fact i am locking for a not so noisy gateway with enough performance for my internet connection  as backup so started following this thread.

Hey rfcat,

since the e3 is running the esxi server hosting two other vm's including a Raid NAS, I can't use it for Sophos only. That's actually the reason why I am looking for dedicated Hardware for the firewall appliance. 

QOTOM as well as Protectli could be good options for this purpose. Whereas the Protectli units are recommended more often because of quality reasons.

I did a quick spec comparison of these units:

got some questions:

1. is there a difference whether I go for a quad core or a dual core with hyperthreading? in case of Dual Core with HT, does Sophos XG Home actually use all 4 threads or is it limited to the 2 real cores? Is the CPU limitation of the Home version fixed to cores or threads?

2. Is the AES-NI feature used by Sophos XG

3. Whats better: Dual Core (with HT) and high Clockspeed or Quad Core (that would boil it down to E3845 or J1900)

Gary Parr , what is your average load on your machine? In my case CPU load is also quite low but the average load is fairly high and since both aspects are not directly connected to each other, I think average load is a good indicator for the performance of the firewall.

Best

Pete

I have somewhat of an answer regarding the cores vs. thread issue. Posted by Aditya Patel | Sophos Network and Security Engineer.

"The limit does not apply to threads, if your processor has 8 core 16 thread it would restrict the use of 4 cores but you may need to check the maximum threads the core would handle. If 4 cores are able to use all 16 threads then it will 16 threads if needed."

community.sophos.com/.../xg-home-edition-4-core-limit-apply-to-threads

And for your third question, I had almost the same question regarding core speed vs. amount of threads. The consensus is that higher core speed is more important than the amount of cores, especially in regards to the IDS.  I received two different responses. 

1. By default in the XG a snort thread is created for each core. 
2. ...you’ll get better performance with a CPU that has higher single core performance. While Sophos does run multiple instances of Snort on each CPU core, this is so it can run dedicated instances of Snort on each connection (i.e. better multi-connection performance).

community.sophos.com/.../361755

Here are last weeks averages.