Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 29 subscribers
  • Views 7790 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hardware Sizing

JasP

I am trying to get some realistic sizing information so that I can purchase XG firewalls for a couple of sites.

I have found a Sophos sizing guide but it was written in 2015 and hardware and software have changed quite a bit since then. I have also read the data sheets but they give max throughput for a particular service and that often doesn't bear much resemblance to reality once you start to apply a mix of services. I will be using XG v18.

The two sites will both be using Firewall, Intrusion Protection, Advanced Threat Prevention, Web Filtering and Protection. They won't be using VPN or email. One site has 50 users with a 30/30 Mbps connection and the other has 10 users with a 10/10 Mbps connection.

Obviously I am looking at the smaller end of the range but how small can I go?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    do a google search for XG115 which should fit your description of your requirements. The cost will depend on what features you purchase, so nobody in the company will be accessing any form of email over the internet?

    Ian

  • 0 in reply to rfcat_vk

    Thanks for the reply rfcat.

    That was in line with my expectations. The trouble is we currently have nothing in the field to get any meaningful experience. The software license can be changed but obviously you don't want to be left with a bit of hardware that won't do the job! Equally you don't want to spend more than you need to.

    I have been running the Home Edition at home since XG 18 pre-release was available but as that runs on a second hand 430 and we only have a few users it isn't a useful comparison. I have also tried running it on a Hyper-V VM (but there is no Fastpath support) and a second hand 125 rev2 and that was hitting 80-90% CPU when saturating a 100Mb link.

    The company currently uses Office365, connecting directly with Outlook via MapiHttp. Outlook has its own malware detection and TBH I'm a bit unclear if XG offers anything extra for emails delivered this way. Please enlighten me if I'm missing something important.

  • 0 in reply to JasP

    Hello,

    my experience with your number of users is different: XG115 would by far too small for that. Have a look at the table I got form the sizing guide for XG appliances (yes, it is from 2016, but that's the mot recent ressource of information). I guess, that V18 has even more cpu requirements, than the release before, even though the hardware has been revised.

    But if you have a good and professional Sophos partner, he should help you with testing and finding the right size. There are several possibilities to go: you can always have an appliance of any size for a 30 day test drive without any costs. Just ask your professional Sophos partner. If we would have a customer with a heavily undersized hardware, we would find a way to exchange/upgrade to a more powerful appliance with minimal cost and effort. BTW: I think there is a promo still running (at least in Germany), where you can "trade in" another vendors firewall/router hardware and get the hardware for free. You only pay the licenses and subscription.

    So by looking at the table above and your requirements I would suggest a XG210 at the bigger site with 50 Users and a XG115 at the smaller site.

  • 0 in reply to jprusch

    Thanks for your input jprush.

    OK it's confession time!

    We ARE a Sophos Partner but have only just become one. We previously sold Symantec products and are looking to replacing them with Sophos solutions having spent 6 months evaluating the products. Unfortunately we only became registered about 6 weeks ago and the whole partner support team at Sophos vanished over a month ago.

    I presume they aren't working through the current Covid crisis but we have had no notification from Sophos that this is the case. Emails go unanswered, not even an Out of Office reply. I can understand if they decided to close that department but I'm unimpressed by the lack of communication. It may well be we can take the hardware on a 30 day trial basis as a partner but I can't check at the moment.

    It also makes it difficult to price a solution for a customer. This particular customer were originally looking to implement a solution in April before Covid struck. They want to at least get the pricing sorted so they are ready to go once they return to working at their offices. I will probably have to give them a price range and explain the situation. Although this isn't how I would like to quote, they are a good long term customer and will understand.

    I have looked at that sizing document but it is pretty out of date. The hardware has changed quite a bit and whilst you may expect later versions of the software to have greater hardware requirements that isn't necessarily true. I am not experienced with previous versions of XG but I get the impression that v18 is architecturally quite a bit different (addition of fastpath for instance) so the hardware impact may not be predictable. Sophos really should bring out an updated version of the guide.

    One option was to try a 115 and if it wasn't up to the job at the main site then use it for the smaller site (which will be installed after the main site is up and running).  All the feedback from people with experience is very useful though as I would like to try and get it right first time.

  • 0 in reply to JasP

    May I ask: where are you situated?

  • 0 in reply to JasP

    Haha, you should be at the source, then!

  • 0 in reply to jprusch

    Fat load of good its done me :)

    Would still welcome anybody else's thoughts/suggestions.

Reply Children
  • 0 in reply to rfcat_vk

    Though stating in the thread title it would be about "sizing" there is no sizing guide in that thread at all. There are "only" datasheets included.

  • 0 in reply to rfcat_vk

    Thanks rfcat but I have seen all the data sheets and the throughput figures are pretty much worthless. They are idealised figures that bear little resemblance to the real world once you start switching features on and start increasing the numbers of users. Although the topic is "Up-to-date XG sizing guide", the link isn't an up to date sizing guide.

    The copyright on the last sizing guide was 2015 for XG v15. Sophos should really reissue this for each version change in software or hardware revision but they haven't. What's notable about the sizing guide it that its principal factor is number of users, not internet speeds, which also illustrates why the data sheets aren't much use unless you are talking about a very small number of users.

    I appreciate that experienced Partners will have a good feel for what is required. Unfortunately as a new Partner we just don't have that yet. Ask me to size a Cisco router and that is a completely different matter :)

    What makes me so keen to get this right is that there is such a large jump in licensing costs between the models so I don't want to oversize it and risk the customer wasting their money. I appreciate the suggestions I've had here but the difference between a 115 and a 210 is 5x the licensing cost! I can't see any obvious way around this other than saying to the customer, this is the price range but we won't know what you need until you try it. I'm assuming I can get some sort of evaluation period on hardware as a partner but can't confirm that either ATM.

  • 0 in reply to JasP

    Hi JasP,

    I am not in a position to authorise any trial periods, you will need one of the Sophos support team or partner who is a moderator for that.

    The sizing guides while they might appear to be useless are based on industry standard testing and reporting processes.

    Ian

  • 0 in reply to rfcat_vk

    I wasn't suggesting you authorise any trial period. I need to talk to the partner support team but as I mentioned earlier they seem to have gone AWOL ATM!

    I think we are getting confused about two different things. I didn't say the sizing guides are useless. I said the data sheets are pretty useless - that link is for a data sheet. I don't doubt that the data sheets are accurate and based on industry standard testing and reporting processes but they don't give any indication of how they perform with a mixed feature set and 'x' number of users.

    As an example, the data sheet for the XG 86 says:
    Firewall (Mbps) 3000
    VPN (Mbps) 225
    NGFW (Mbps) 310
    AV-proxy (Mbps) 360

    So, does that mean it will support 50 users on a 30/30 Mbps internet connection using Firewall, Intrusion Protection, Advanced Threat Prevention, Web Filtering and Protection? There is no way to tell from the figures on the data sheet. That's why I say they are pretty useless.

    A sizing guide is designed to give you a feel for how the hardware performs in a real world scenario with different feature sets and different numbers of users. They aren't perfect but they are a lot better at indicating real world performance and giving you an idea of what you need. The trouble is, your last sizing guide was written in 2015 for XG v15 and a lot has changed in terms of hardware and software since then.

  • 0 in reply to JasP

    Hi,

    XG86 is designed for about 10 basic users and does not have all functions. 

    Sounds like a 125/135 are more your models, but I will let the wizkids with greater knowledge answer.

    Ian

  • 0 in reply to JasP

    Hello,

     

    As a Sophos Partner, I would suggest a Sophos XG135 for 50 users and the functions needed.

     

    Regards.