Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 29 subscribers
  • Views 7988 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Home First Timer - Hardware Suggestions?

Thumper EX

I'm diving in to learn about firewalls and threat management and would appreciated comments on my plans from you experts.  

I am not interested today in email server or web server protection today as I don't plan to add these at any point.  I might do VPN but only for me to access my home network while away from the property.  Network protection and sandstorm and web protection I'd like to experience.  Email protection, I could be naive, but gmail seems to provide enough filter for me today but I'd like to gain experience with better protection options.

First, I think I need XG because I have more than 50 IPV4 devices on my network.  But I'm not even sure about XG need, because initially I plan to have my Eero gateway managing DCHP assignments so maybe UTM could work.  Eero would be handling DCHP at least at first because I know the Eero system and like the management it does with family profiles and content blocking.  I want to dip my toe in firewalls instead of plunging so want the XG box in bridge (I think) between cable modem and Eero gateway.   I'd appreciate comments on this part too.

But I need hardware for either UTM or XG and am shopping for a desktop box I can repurpose for the more demanding of these two options.  My biggest concern in adding a firewall at this early point is that I don't want to slow down the internet traffic for the devices in the home.  I have 100/10 mbps service and might go to 200/20 soon but that is fast enough for me. I want to size hardware for maximum ISP bandwidth even though its true we rarely need 100% bandwidth.  

If I have Intel 1Gb NICs installed, how much processor do I need?  I'm hoping to gain a passmark score through your recommendations so I can benchmark the used equipment I find around here.

I really want the logging these firewalls can do.  Is a eMMC or SSD required to keep up with a household of maybe 8 active devices accessing external addresses at one?  Seems to me any hdd could manage logging but I don't really know.

Thanks for any comments you have.

 

 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Matt928

    Hi,

    for what you are describing you need a very fast but not necessarily very powerful CPU (4 real cores is better) and 6gb of ram.

    50 devices you must have a very busy home.

    I run a 100/40 into an e3 based system as per my signature. I choose the E3 over a J1900 because I do regular changes to the firewall and the J1900 was too slow in updating the GUI. If you are a set and leave person the Atom based box will be very good. If you are a fiddler like me then you will want something a little more powerful. I run a modified IDS and can max my 100 download with software updates.

    I have about 25 active devices (clienteles), now 2 AP55/c. 4 SSIDs and 4 VLANs. My 6gb system uses about 3.2gb of ram with 15 firewall rules and a number of specific policies in those rules. I don;'t hav e any active servers at the moment.

    Ian

  • 0 in reply to rfcat_vk

    Thanks for these comparisons  and Ian.  

    We have a shop here where people donate their put to pasture computers.  I picked up a i5-2400 system with 8 GB ram and 500 GB HDD for just over $100.  Sound like it should work given your comparisons.  Passmark is only about 10% lower than the E3 single core.  I have to put an ethernet card in it though.  It only has one right now.

    Yes, we have a lot of end points here and I didn't count the hue lights but its not as busy as it sounds.  Most EPs are normally quiet.  But a good reason for firewall in itself maybe.

    Do you think I will need a eMMC for logging  or is an old HDD enough?

  • 0 in reply to Thumper EX

    Hi,

    most people in eluding commercial sites get away with a 60 or 120gb. Your spinning disk will e fine, just remember to allow for a long time for a full format at installation time.

    I have two end points and they re as chatty as all hell. I power switch sends over 2mB a day, it would send more if I unblocked all its ports. It functions with just the ones I  allow it to use. I cannot see why a power switch needs to talk to a helpdesk at a Chinese university.

    I have two other devices as IoT but they are expected to be chatty weather station and solar controller.

    Ian

  • 0 in reply to rfcat_vk

    Interesting about the endpoint traffic.  Maybe I am about to learn my home is much more noisy than I think.   All I've had to go on to date is ISP data usage and I never did figure out how we were using 1.3 TB a month a few months ago.  I thought the kids were sleeping with YouTube playing but the data monitor I put on their devices did not support this theory.  This could be eye opening.  

  • 0 in reply to Thumper EX

    Turns out Directv is the data-hog in my house.  But we have Satellite so its something find out why and to fix. The whole point of satellite is to preserve precious data cap.   Score 1 for Sophos XG on finding this rat.

  • 0 in reply to Thumper EX

    How did you find it? I'm finding XG a bit of a challenge to find bandwidth hogs. Hoping there's a feature I haven't found yet.

  • 0 in reply to Arie

    You can look in the reports tab on the GUI or create a daily report which you email to yourself.

    Ian

  • 0 in reply to rfcat_vk

    Ah.

    I was hoping for realtime metrics...

  • 0 in reply to Arie
    Not on this version of XG, best you can get as far as I know is slightly behind time information from the repot tab. There might be commands in the cli, but my cli skills are lacking. Ian
  • 0 in reply to rfcat_vk

    I was playing with the CLI a while back. It does seem to provide access to this information in (near) realtime, but I haven't figured out how to normalize it to something useful.

    My consumer-grade ASUS router provides this information, though...