Hardware Limitations In Home version

Yes I use host passthrought for CPU

Right now I only have 3 cores exclusive for Sophos, the other one is for dockers, but I have had 4 cores and performance was a bit better but not much.

  <os>
    <type arch='x86_64' machine='pc-q35-5.0'>hvm</type>
  </os>
  <features>
    <acpi/>
    <apic/>
  </features>
  <cpu mode='host-passthrough' check='none'>
    <topology sockets='1' dies='1' cores='3' threads='2'/>
    <cache mode='passthrough'/>
    <feature policy='require' name='topoext'/>
  </cpu>

Maybe there is something wrong with Ryzen 1 a KVM or Ryzen 1 and Sophos. I have a 3900X that I use in my main computer, this is suppose to replace the 2400G the day I buy a new one, but that day is not close. I guess I will have to suffer the 2400G

If they increased the RAM to 8GB I think it'd be a good move.  More would hopefully swap from pfsense and Untangle Home users over.  

I keep experimenting with Untangle, but end up back at Sophos XG.  My only grip with my current Sophos XG install on an Atom system is the UI is a bit slow.  It was running on a Dell PowerEdge R210 nicely, but the noise etc and no doubt power.  Even though a 25W TDP Xeon

Please correct me, if I‘m wrong but from your config it seems that you have allocated 1 socket, 3 cores and 2 threads per core. This would mean that the VM has 6 vCPUs.

My suggestion would be to try 3 or 4 cores with 1 thread per core.

Besides that my config after some throughput testing now is 4 cores with 1 thread = 4 vCPUs on a i7-7500U (2 cores with HT) but with 3 ips instances.

Two other ideas:

- Try the software image (I use this) instead of the KVM image.

- Try another search-mode for the IPS

I have 4 cores 8 threads CPU

I get better performance If I assign 3 cores with their 2 threads each because I can't assing cores in KVM I can assign virtual cores with that topology, so if I use 4 cores (virtual cores) and 1 thread per core I am really using 2 cores (4 threads). So if you do it like I do it you can use 4 cores with 8 threads in a virtualize environment and Sophos XG will accept them.

I have tried diferent combinations in the pass and this gave me better performance, the last thing I can try is to assign 4 cores (threads)  where each thread belong to a different core.

I have tried KVM image and software image, same result, right now I have software image.

This is my IPS config

For the IPS settings, can you change your search-method to hyperscan? It's much better than ac-bnfa.

"set ips search-method hyperscan"

Seriously, on my 3300x with ac-bnfa it IPS over a single connection/core top outs at 800Mbit/s, on a 10G card I can push 2.6Gbit/s, again over a single core/connection.

But it won't matter that much in your setup, because even on idle loads your CPU usage is too high.

Also, did you already tried running XG on ESXi in your 2400G? If I recall correctly, the performance on ESXi with Zen 1 has better than KVM.

Did they increase the usable ammount of ram up to 8gb? Really? I can not find any informations about that.

Thanks a lot and regards, andy.

He didn't say that, He said that would be nice IF they increase....

This is my RAM consumption with the machine mostly iddle

There are several topics around this, maybe someone from Sophos could say something, what plans they have for home users.

Hi,

why are you so concerned about memory usage, your machines does not appear to be slow because it is swapping and you have plenty of memory left.

My GUI shows about 50% memory use which looking at your report yours will be similar. The issue about memory only arises when you start hitting >80% in the GUI.

My XG memory usage dropped after applying v18.0.2 MR-2. Also memory usage increases when the GUI is active.

Ian

Do not forget, free -m is different by meaning to a, lets say windows OS. 

There are even website, explaining what is happening: https://www.linuxatemyram.com/