Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 28 subscribers
  • Views 789 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall Home Edition Questions

David Bottomley

Hello, I'm relatively new to the Sophos ecosystem and would like to play with the XG Firewall Home Edition prior to considering the commercial version for clients.

Are there any limitations on the home edition aside from the 6GB RAM and 4 core processor limit?  If I purchase some used Sophos WAPs can I add and administer them via the XG Firewall home?

Also, what kind of hardware should I look for to maximize the throughput with all filtering enabled?  What kind of throughput should I expect with the home edition maxed out?

Thanks in advance!



This thread was automatically locked due to age.
Parents
  • 0

    Hello!

    There's only a hardware limit of 6GB RAM and 4 Cores; And yes, you can use Sophos AP(x) and RED's in the same way you would use on a Sopohs appliance. (without any software limitation.)

    *It's also possible to setup HA with the Home license.

    David Bottomley said:
    Also, what kind of hardware should I look for to maximize the throughput with all filtering enabled?  What kind of throughput should I expect with the home edition maxed out?

    Highly depends on the processor and the network traffic, you should look at a high clock speed with 4Cores / 8 Threads processor. As an example, the Intel G5400 can handle around ~600 Mbit/s with DPI + TLS Decryption over multiple session.

    On a real world example, my current CPU is a Ryzen 3300x - while doing some SMB transfers with IPS over 1Gbit/s the CPU usage is around ~45% over a single thread; With DPI doing TLS Decryption I can reach around ~88MB/s over a single file transfer, line-rate 1Gbit/s over multiple sessions.

    Just a reminder, currently on v18 MR4 the DPI Engine can't share the load of a single connection to multiple cores, this can drastically affect your performance depending on the processor and application your using.

    Thanks!

    Edit: Sophos XG Home doesn't include a Threat Intelligence (Sandstorm) license, if you want to fully test all capabilities of the Firewall, It's better for you to get a Trial License.

  • 0 in reply to Prism

    Thank you for that detailed response, perfect!  I was thinking about something like this in terms of hardware: https://www.amazon.com/gp/product/B08MPYK1VM/  but in light of your response, I'm guessing that the processor would likely not be fast enough to let it perform well.  While I don't currently have a GB Internet connection, I think that's a reasonable goal for WAN throughput so it'll be somewhat future proof.  Do you have any hardware recommendations?

    With regard to Sandstorm, that's good to know, though since my endpoints are now Intercept X protected, I suppose that's less important at the FW level.  Can you compare the level of AV/AM protection on an XG with and without Sandstorm?  i.e. without Sandstorm, what filtering is still included?

    Thanks again!

Reply
  • 0 in reply to Prism

    Thank you for that detailed response, perfect!  I was thinking about something like this in terms of hardware: https://www.amazon.com/gp/product/B08MPYK1VM/  but in light of your response, I'm guessing that the processor would likely not be fast enough to let it perform well.  While I don't currently have a GB Internet connection, I think that's a reasonable goal for WAN throughput so it'll be somewhat future proof.  Do you have any hardware recommendations?

    With regard to Sandstorm, that's good to know, though since my endpoints are now Intercept X protected, I suppose that's less important at the FW level.  Can you compare the level of AV/AM protection on an XG with and without Sandstorm?  i.e. without Sandstorm, what filtering is still included?

    Thanks again!

Children
  • 0 in reply to David Bottomley

    The biggest issue right now on both Software and Virtual installations is - AES-NI isn't supported, that's one of the reasons on why you should get a better processor.

    David Bottomley said:
    though since my endpoints are now Intercept X protected, I suppose that's less important at the FW level.

    It still is important, you should look at a layered security approach; Even if your endpoint catches most of the malware, there will be some device or hardware on the network that won't have the endpoint installed. In reality It's much better for most of the malware to get dropped directly at the firewall - instead of them being successfully downloaded by a user.

    Adding to this: It's hard to compare because they're completely different, the endpoint can detect in real time if a process is malicious or not, meanwhile the firewall will depend on the Cloud database or Sandboxing, which can cause some (necessary) delay for the end-user.

    David Bottomley said:
    Can you compare the level of AV/AM protection on an XG with and without Sandstorm?  i.e. without Sandstorm, what filtering is still included?

    In my own personal testing, the standalone AV/AM protection of XG isn't enough for a mid-size or enterprise business but It's good enough for a small business or home user.

    Sandstorm doesn't only Sandbox the threat, but It can also do a lookup in real-time to the cloud - in order to check on a much bigger database if a file is malicious or not.

    Hopefully a Sophos employee can tell you more information about this later. Slight smile