Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 47 replies
  • Subscribers 38 subscribers
  • Views 99921 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

most powerful hardware for Sophos XG home

Peter Mueller

Hi,

 

I know there are heaps of thread asking what hardware suits best for the home edition of Sophos XG. However I think my requirements are a little different. Most threads ask for the cheapest, least power consuming units. I rather go for the most powerful one to max out the limitations of 4 cpus and 6gb of RAM.

Currently I am running Sophos XG on an ESXI Server with E3-1265L V2. The Appliance got 4 vCPUs and 5GB of RAM.

I have about 40 live users (serveral servers, pc's and IOT devices) in average, Mainly clientless users. I run 5 Vlans and about 15 Firewall Rules. I already deactivated some Firewall feature in order to push the CPU load average below 4. Currently the average is around 3.5 with regular peaks over 4 which apparently leads to CPU Queuing. 

Since used RAM is around 50%, I believe the virtual CPU Power is just not sufficient for my purposes. Of course I know that vCPUs perform worse than bare metal.

 

Therefore, I am looking for a fanless/silent barebone/mini pc with 4 NIC and a 4 Core CPU with enough power. Furthermore it should be possible to have 6GB of RAM (probably 8GB with 2 GB unused).

I read a lot about the Celerons J1900 as recommodations but I assume that couldn't be enough for my setup.

What CPU do you recommend and is there a nice ready to use barebone suiting these needs? I saw some Jetway units which could be a good option. e.g. https://www.minipc.de/catalog/il/2289

 

thx and Best 

Pete



This thread was automatically locked due to age.
  • 0 in reply to GermanGuy

    sorry, just saw you are looking for a quiet one ! this one is rather noisy.

  • 0 in reply to GermanGuy

    What you a really looking for is a quad core machine with a very fast CPU, it does not have to be i5 or i7 both of which are overkills.

    Your e3-1265l v2 as a bare metal machine should be more than adequate - 2.5ghz to 3.5ghz.

    Ian

  • 0 in reply to rfcat_vk

    (just to explain my choice)

     

    have a direct switched 1 GBit connection to the internet at home, just wanted to be on the safe side, at least i can say that with my system mentioned above i have an up- and download rate of about 90 MByte per second all security features of Sophos XG enabled.

    But in fact i am locking for a not so noisy gateway with enough performance for my internet connection  as backup so started following this thread.

  • 0

    After doing some research I believe that it would be better to purchase the parts separately. By building a system yourself you can save about $75 and get higher quality parts on top of that.

    Total price: $282

     

    Total price for a Qotom of similar specs: $350-$426

    And it doesn't come with a DVD drive, dual channel RAM or a server-grade LAN NIC, and the Qotom cases are ugly IMO.

    www.aliexpress.com/.../32812678037.html

  • 0 in reply to alan weir

    Hi Alan,

    I would be wary of there Asrock MBs, they seem to use some strange chipset arrangements. I don't buy them anymore because I could not get it to work with UTM or XG.

    Also from memory you cannot change the power settings eg auto restart after power failure.

    Your choice of SSD is consumer grade low read/write requirement, not industrial 24 hr day every day grade.

    Ian

  • 0 in reply to rfcat_vk

    The only industrial drives I see are by KingDian which look like they would've been sold out the back of a white van. The only industrial PCIe based SSDs I see are prohibitively expensive. An SSD that takes advantage of wear-leveling should not have any issues for years especially if it is SLC type.

    Also, power failure shouldn't be an issue if you use a UPS. I have an APC UPS connected and it can actually communicate with the UTM and show the battery charge level.

  • 0 in reply to rfcat_vk

    Hey rfcat,

     

    since the e3 is running the esxi server hosting two other vm's including a Raid NAS, I can't use it for Sophos only. That's actually the reason why I am looking for dedicated Hardware for the firewall appliance. 

     

    QOTOM as well as Protectli could be good options for this purpose. Whereas the Protectli units are recommended more often because of quality reasons.

    I did a quick spec comparison of these units:

    got some questions:

    1. is there a difference whether I go for a quad core or a dual core with hyperthreading? in case of Dual Core with HT, does Sophos XG Home actually use all 4 threads or is it limited to the 2 real cores? Is the CPU limitation of the Home version fixed to cores or threads?

    2. Is the AES-NI feature used by Sophos XG

    3. Whats better: Dual Core (with HT) and high Clockspeed or Quad Core (that would boil it down to E3845 or J1900)

     

     , what is your average load on your machine? In my case CPU load is also quite low but the average load is fairly high and since both aspects are not directly connected to each other, I think average load is a good indicator for the performance of the firewall.

     

    Best

    Pete

  • 0 in reply to Peter Mueller

    I have somewhat of an answer regarding the cores vs. thread issue. Posted by Aditya Patel | Sophos Network and Security Engineer.

     

    "The limit does not apply to threads, if your processor has 8 core 16 thread it would restrict the use of 4 cores but you may need to check the maximum threads the core would handle. If 4 cores are able to use all 16 threads then it will 16 threads if needed."

     

    community.sophos.com/.../xg-home-edition-4-core-limit-apply-to-threads

     

    And for your third question, I had almost the same question regarding core speed vs. amount of threads. The consensus is that higher core speed is more important than the amount of cores, especially in regards to the IDS.  I received two different responses. 

    1. By default in the XG a snort thread is created for each core. 
    2. ...you’ll get better performance with a CPU that has higher single core performance. While Sophos does run multiple instances of Snort on each CPU core, this is so it can run dedicated instances of Snort on each connection (i.e. better multi-connection performance).

    community.sophos.com/.../361755

  • 0 in reply to Peter Mueller

    Here are last weeks averages.

  • 0 in reply to alan weir

    that implies that the best option would be a quad core cpu with hyperthreading. Even tough it would most likely be heavily oversized. :-)

    the answer you got regarding cores is not entirely clear to me. If one snort process is being generated per core I'd assume that more cores would be the better option instead of higher clock rate. I guess that heavily depended on the use cases.

     

    After looking for a reseller for the Protectli or Qotom devices in Europe, it seems like there isn't any. Meaning, importing would add another 200 Bucks to the bill. So, maybe build a system on my own is probably the better option, in term of performance as well as budget.

     

    Based on your post above, you already did the research for that. Have you done the build already or are you also still in researching phase?