Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 16 replies
  • Subscribers 29 subscribers
  • Views 2340 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multi-Gig XG Hardware

Gkeg

Hi All, and thanks in advance for your help. I've been using Sophos XG for about 2 years now and I've absolutely loved it. I just moved into a brand new house and have ATT symmetrical 5Gbps fiber at the same price as my old Xfinity cable internet! 

I have a Zyxel XS1930-12HP and WAX650S already, so all I need is a firewall setup capable of pushing that 5Gbps connection. My current Qotom i3 box had no trouble with 1Gpbs lopsided cable at all, but it only has 1Gbe NICs. 

After 2 weeks without a firewall and since heavy reading... I still can't figure out what I should get. Is anyone using "multi-gig" NICs? Preferably the NICs would be able to negotiate 1000/2500/5000 like my other equipment. I know I need Intel, but what chipset?

Does anyone have a mini PC recommendation with 2 NICs minimum and perhaps a newer i5 so I can push those speeds with IPS?

Very grateful for any help, thank you!



This thread was automatically locked due to age.
Parents
  • 0

    For anyone interested in what I ended up building...

    My PC needs an upgrade anyways, so I decided to scrap those parts into my Sophos XG along with some additional equipment. Here will be the final specs of the device. I should know by Sunday night if everything is working, and will update this thread.

    CPU: Core i3-9100

    Motherboard: ASRock Z390M-ITX/AC

    RAM: 2x8GB Corsair Vengeance LPX DDR4 3200MHz C16 (CMK16GX4M2B3200C16)

    Power Supply: Corsair SF600 - 600 Watt Fully Modular 80+ Gold

    Case: Silverstone SST-ML06B-E

    NIC: Vogzone for Intel X550-T2 10Gb NIC / Dual RJ45 PCI-E 3.0 x4 (I'm pretty sure this will work fine in my x16 slot)

    This will be connecting to an ATT BGW320 gateway's 5Gbe port, which will be in IP Passthrough mode.

    The other port will be a trunk port into my Zyxel XS1930-12HP.

    Coming from the Switch:

    A POE++ port on its own VLAN will connect into a Zyxel WAX650S for WiFi. This will feed phones, Amazon fire sticks, etc. Then I'll have 2 more VLANs, one for my work computer and one for my wife's work computer+printer.

    A 3rd VLAN for my gaming PC.

    A 4th VLAN for the TV in the Living Room since it will be right next to the switch, no reason to put it on WiFi.

    A 5th VLAN with all my mini-PC servers running various infrastructure services for the rest of the devices.

    I plan for IPS inspection between each VLAN... let's see if this thing can handle it all and push that 5Gbe on a speedtest!  Once we're there, I'll start seeing how well it can handle SSL decryption.

Reply
  • 0

    For anyone interested in what I ended up building...

    My PC needs an upgrade anyways, so I decided to scrap those parts into my Sophos XG along with some additional equipment. Here will be the final specs of the device. I should know by Sunday night if everything is working, and will update this thread.

    CPU: Core i3-9100

    Motherboard: ASRock Z390M-ITX/AC

    RAM: 2x8GB Corsair Vengeance LPX DDR4 3200MHz C16 (CMK16GX4M2B3200C16)

    Power Supply: Corsair SF600 - 600 Watt Fully Modular 80+ Gold

    Case: Silverstone SST-ML06B-E

    NIC: Vogzone for Intel X550-T2 10Gb NIC / Dual RJ45 PCI-E 3.0 x4 (I'm pretty sure this will work fine in my x16 slot)

    This will be connecting to an ATT BGW320 gateway's 5Gbe port, which will be in IP Passthrough mode.

    The other port will be a trunk port into my Zyxel XS1930-12HP.

    Coming from the Switch:

    A POE++ port on its own VLAN will connect into a Zyxel WAX650S for WiFi. This will feed phones, Amazon fire sticks, etc. Then I'll have 2 more VLANs, one for my work computer and one for my wife's work computer+printer.

    A 3rd VLAN for my gaming PC.

    A 4th VLAN for the TV in the Living Room since it will be right next to the switch, no reason to put it on WiFi.

    A 5th VLAN with all my mini-PC servers running various infrastructure services for the rest of the devices.

    I plan for IPS inspection between each VLAN... let's see if this thing can handle it all and push that 5Gbe on a speedtest!  Once we're there, I'll start seeing how well it can handle SSL decryption.

Children
  • 0 in reply to Gkeg

    Looks good, but a reminder the Home Edition can use only 6GB of RAM, so it will be a waste to have 16GB on the box.

    And don't forget to enable legacy bios (CSM) on the motherboard, since the Firewall doesn't support UEFI only motherboards.

    At last, after installing the Firewall, ssh on it and go to the console (Option 4), then use "set ips search-method hyperscan". *

    * On the Home Edition It defaults to a much slower regex engine.

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    Ahh, I forgot the RAM limitation. That's just the RAM already in that motherboard. I suppose I could pull one stick... do you think I would get better performance being oversupplied though just due to the dual channel?

    When I search the command I see:

    Set the search method to be used for IPS signature pattern matching.

    ac-bnfa (low memory usage, high performance)

    ac-q (high memory usage, best performance)

    hyperscan (low memory usage, best-performance)

    Is there a good document or easy explanation as to what these different methods are? Am I losing out on deeper inspection with hyperscan? is ac-q better?

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?