Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 2167 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Home

Jobin JacobVarghese
We have an HP Pro 3500 MT i5 with 8GB RAM on which we are planning to run Sophos XG Home. Would it be recommended to use a 240 GB SSD as the hard disk. Right now I have a 500 GB WD in it. How can I know of the throughputs that the machine is capable of. I will be having a 200 Mbps WAN. Ours is a 5 flat building with everyone’s family residing in the same building. Each flat has gaming units and PCs running torrents. The PC will have four 1000 Mbps NIC. One NIC for WAN, Built-in (Which gets recognized as Port 4) NIC for LAN and the others for any future use. I am very keen to know the throughput if it matches an XG 86 or XG 106.


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    the disk will niot affect performance, but will affect install time bec sue of the full format.

    The XG86 and XG106 are based on low end processors so your machine will perform way better. The limitation of the home licence is 4 CPUs (real or virtual) and 6 gb of ram regardless of how much you have installed.

    Your throughput will depend on what rules and policies you have in place.

    Ian

  • 0 in reply to rfcat_vk

    rfcat_vk said:

    Hi,

    the disk will niot affect performance, but will affect install time bec sue of the full format.

    The XG86 and XG106 are based on low end processors so your machine will perform way better. The limitation of the home licence is 4 CPUs (real or virtual) and 6 gb of ram regardless of how much you have installed.

    Your throughput will depend on what rules and policies you have in place.

    Ian

     

    Hi

     

    Thanks for the reply. 

     

    Wouldn't the writes be improved if an SSD is installed ?  

     

    Basically, its just two rules, one for a DNS server and Second for all traffic with None as Web filter and an Application filter to block proxy.

     

    Are there ways the throughput can be benchmarked ?

Reply
  • 0 in reply to rfcat_vk

    rfcat_vk said:

    Hi,

    the disk will niot affect performance, but will affect install time bec sue of the full format.

    The XG86 and XG106 are based on low end processors so your machine will perform way better. The limitation of the home licence is 4 CPUs (real or virtual) and 6 gb of ram regardless of how much you have installed.

    Your throughput will depend on what rules and policies you have in place.

    Ian

     

    Hi

     

    Thanks for the reply. 

     

    Wouldn't the writes be improved if an SSD is installed ?  

     

    Basically, its just two rules, one for a DNS server and Second for all traffic with None as Web filter and an Application filter to block proxy.

     

    Are there ways the throughput can be benchmarked ?

Children
  • 0 in reply to Jobin JacobVarghese

    Hi,

    I am at a bit of loss over your requirements.

    You are planning on using a power hungry quad core server using high end commercial grade firewall software with one all purpose firewall rule?

    There will be very little to write to the disk because you are not scanning or logging much. Disk performance is cached, the only time disk performance really becomes an issue is if the disk is too small or you have large user base with many firewall rules and policies.

    Why are you concerned about benchmark you are not using any features of the XG, you would be better off purchasing a high end home router.

    Ian

  • 0 in reply to rfcat_vk

    rfcat_vk said:

    Hi,

    I am at a bit of loss over your requirements.

    You are planning on using a power hungry quad core server using high end commercial grade firewall software with one all purpose firewall rule?

    There will be very little to write to the disk because you are not scanning or logging much. Disk performance is cached, the only time disk performance really becomes an issue is if the disk is too small or you have large user base with many firewall rules and policies.

    Why are you concerned about benchmark you are not using any features of the XG, you would be better off purchasing a high end home router.

    Ian

     

    Well Ian, I been using Sophos (Cyberoam initially) at work for the past 10 years. We have about 15 devices in our organization 500iNG-XPs, 300iNG-XPs and XG 550. 

    I deployed an XG Home for my home a few years back and use a Pi DHCP. 

    This setup is actually for a Boss of ours for his villa. Where too I deployed a pi DHCP and kept the ISP router like a CE. The application filter and if need be IPS can be used on his firewall. He gets a drop in speed every day at 4:00 and 9:00 in the evening everyday mostly when all the people are home to which I am at a loss. The bandwidth goes from hovering around 90 to 10 and picks up a while later.

    There are no user base as to talk about and its more of a open network rule.

    Wanted to do the benchmark on this setup to see what sort of throughputs it's capable of giving.

    Between Logging of firewall rule is enabled. 

    And more you can say I was also curious to know how the PC stood against a 100i or a 300i having had/still use(d) these devices.

  • 0 in reply to Jobin JacobVarghese

    Hi Jobin,

    Speed drop issue sounds like an ISP issue.

    What you will need to do to test the HP.

    1/. disable power saving in the BIOS so the processor doesn't need to ramp up which wil distort throughput figures.

    2/. run iperf while the HP is on your LAN but not in the network traffic path.

    3/. you might need to tune the IPS settings or completely disable it which would defeat your protection in production.

    4/. run the tests see what throughput you get and if it does not meet your requirements check the IPS tab on the XG GUI so se which setting is the guilty party.

     

    There are some settings which can be changed to help if you run into difficulties.

     

    I would run the firewall rule with 'allow all' in both web and application with http scanning enabled so you get some protection without requiring CAs etc.

     

    Ian