Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 16 replies
  • Subscribers 29 subscribers
  • Views 2340 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multi-Gig XG Hardware

Gkeg

Hi All, and thanks in advance for your help. I've been using Sophos XG for about 2 years now and I've absolutely loved it. I just moved into a brand new house and have ATT symmetrical 5Gbps fiber at the same price as my old Xfinity cable internet! 

I have a Zyxel XS1930-12HP and WAX650S already, so all I need is a firewall setup capable of pushing that 5Gbps connection. My current Qotom i3 box had no trouble with 1Gpbs lopsided cable at all, but it only has 1Gbe NICs. 

After 2 weeks without a firewall and since heavy reading... I still can't figure out what I should get. Is anyone using "multi-gig" NICs? Preferably the NICs would be able to negotiate 1000/2500/5000 like my other equipment. I know I need Intel, but what chipset?

Does anyone have a mini PC recommendation with 2 NICs minimum and perhaps a newer i5 so I can push those speeds with IPS?

Very grateful for any help, thank you!



This thread was automatically locked due to age.
Parents
  • 0

    Hello!

    I recommend you (if possible) to use 10G NIC's.

    The Linux Kernel on XG isn't "new", so there's chances of those 2.5G/5G Multi-Gig NIC's to not be detected correctly. (Or to not be detected at all.)

    Gkeg said:
    oes anyone have a mini PC recommendation with 2 NICs minimum and perhaps a newer i5 so I can push those speeds with IPS?

    For 5Gbit/s get the fastest 4 cores processor you can - doing 5Gbit/s of only IPS will be relatively easy, the main issue there will be if you want to decrypt the TLS Traffic.

    I don't have recommendations on mini-pc, but if you want to be sure get something like an AMD Ryzen 3300x or i3-10100. (Or if you can find, get a mini-pc that has a I3-8100)

    After all that, there's some tweaks you need do later (after you get your box), such as switching to hyperscan on IPS engine.

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    Thanks, Prism! Is there anywhere I can find which 10Gbe NIC chipsets/cards will work? I have seen some threads about people saying for instance the i219 does not work. How about the x550-T2? That seems like a simple and cheap enough 10Gbe RJ45.

  • +1 in reply to Gkeg

    The current Intel drivers that are supported are: (That I know of)

    • e1000e
    • igb
    • ixgbe

    The x550-T2 uses ixgbe driver which is supported by the Firewall.

    Here's a list of controllers that are used by the ixgbe drivers, all of them are at least 10Gbit/s, you can use this to find a network adapter for you. (But I'm not sure if all of them will work, from my experience the X520 and X540 controllers works just fine.)

    • Intel® Ethernet Controller 82598
    • Intel® Ethernet Controller 82599
    • Intel® Ethernet Controller X520
    • Intel® Ethernet Controller X540
    • Intel® Ethernet Controller x550

    And yes, the i219 chipset doesn't work.

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    Excellent, thank you so much for your help.

  • 0 in reply to Gkeg

    I don't know if you can find them, but the x520 are usually much cheaper.

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

  • 0 in reply to Prism

    It looks like the gateway NIC only supports 1/2.5/5Gbe, not 10Gbe, so I think I will have to use the x550 since supposedly it can negotiate 5Gbe

  • 0 in reply to Prism

    I fired up a spare machine with v18.5.1 and 2 INTEL i210s and two INTEL X540s

    The drivers installed for the X540. It does not connect at 10gb from setup and does not get an address. If I put it though a switch it gets an IPv6 link local address that is after I set ifconfig Port3 up.

    Next trick will be to configure the GUI and see what happens.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to Prism

    I fired up a spare machine with v18.5.1 and 2 INTEL i210s and two INTEL X540s

    The drivers installed for the X540. It does not connect at 10gb from setup and does not get an address. If I put it though a switch it gets an IPv6 link local address that is after I set ifconfig Port3 up.

    Next trick will be to configure the GUI and see what happens.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to rfcat_vk

    Hi,

    I fired up the box and configured it. The 10G interfaces are installed and show in the interface tab Initially the DHCP request was not honoured, but I suspect that was more a driver issue in auto negotiation not working. I changed the interface to 10g full duplex and an address was assigned, both I4 and IPv6. The interface was changed back to auto negotiate and the address was assigned again. 

    Just to make sure all the configuration changes stuck I restarted the XG and yes, the configuration changes stuck showing IP4 and IPv6 connected at 10GB/s.

    The software version is v18.5.2 mr-2, When the XG115w was updated to v18.5.2 I was concerned about memory usage, appears though this is an issue with MR-2 because the new box with a fast E series XEON (new variety) and 16gb of ram though only 6gb is used by the XG the memory usage shows 63%. Strange,bevause my e3 XG never got that high even running v19 EAP1.

    Enjoy your 10gb system.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Excellent insights, thank you! The last of my parts will be here in less than 24 hours so I'll provide an update once I'm all up and running... assuming I'm up and running!

  • 0 in reply to rfcat_vk

    Okay, I'm up and running... and the XG sees the two 10 gig NICs and DHCP worked fine and everything, I'm passing traffic... HOWEVER... it can't seem to negotiate 5Gbe! I even set the ATT gateway to not autonegotiate, just solid 5Gbe and it still says 1Gbe in Sophos! Any ideas? This is a really devastating scenario since this would render my 2.5 gig fiber useless unless I move off of Sophos XG... and I really love XG!

  • 0 in reply to Gkeg

    Hi Gkeg,

    the options are 1gb or 10gb. You could try setting the interface to 10gb and see if you can get traffic though it?

    Then there is another approach and this to put a dumb switch that is capable of 2.5 gb and 10gb between your fibre and the XG.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Unfortunately no, it cannot talk to the ATT router when I set it to 10Gb. I guess I will have to go the switch route.

  • 0 in reply to rfcat_vk

    Alright, I ended up creating a VLAN with all other ports forbidden on my Zyxel X1930-12HP and then used those ports to connect the ATT gateway and the Sophos XG. Everything connected at 5G/10G now. Hopefully this is a secure enough design. I don't know how possible VLAN hopping is...

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?