Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 35578 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Home Firewall Hardware - 200Mbps ISP

Harps Shina

Hi Guys,

Sorry if this might have been asked before.

I'm looking to run XG firewall on a mini PC. Would the below machine run with all security features turned on.

I have virgin 200Mbps download / 20Mbps upload.

Zotac ZBOX nano C ZBOX-CI323NANO-BE Desktop Computer - Intel Celeron N3150 1.60 GHz DDR3L SDRAM - Mini PC - Intel HD Graphics Graphics - Wireless LAN - Bluetooth - HDMI - 5 x Total USB Port(s)

Thanks

Harps



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

    Thanks Luk.

    Would turning off some of the features allow me to achieve the speeds? If so what would you recommend disabling or reducing?

    Also would the processor on the box I pasted work with this reduced load?

    Last question: with the home license what are the maximum throughput based on RAM and Average CPU?

    Thanks

  • 0 in reply to Harps Shina

    The hardware appliance XG85 only has 2GB RAM, and is rated for 2Gb/s throughput, so any decent hardware should be sufficient for 200Mb/s.

    On DPI this takes more CPU, but I do not see where the 8GB RAM requirement comes from

  • +1 in reply to sixteen again

    Very simple, user experience. The product performance displayed is with a one device performing one function. if you are using multiple functions with a number of devices the game changes.

    Home use maximum is 4 cores and 6gb of ram.

    If you want to use a number of the features to provide some real protection you will need more cpu speed for that external link speed.

    I am running a 5/1 ( in round terms) with some IPS functions disabled, 5 rules, WIFI, mail scanning, ATP (web proxy) and some fixed IP addresses, my XG uses between 2 and 3gb of ram depending on the current anti- packages. I have 17 addresses active (in reality about 5). When the number of active users increase ram use increases.

     

    If you want best throughput, disable TCP/UDP flood under IPS, this applies to the current version of XG and has applied to the last number of versions. Sophos still hasn't got the IPS working very well, there is a long thread on the subject.

  • 0 in reply to rfcat_vk

    Thanks Rfcat_vk.

    Is there any hardware device you can recommend? Something small.

    Thanks

  • 0 in reply to Harps Shina

    I was wondering why I spend so much building UTM/XG boxes when a small SG/XG Sophos box will provide unlimited IP addresses and good performance, something XG115 and the 3 year cost of a full guard licence is about the same as I pay for the hardware.

    I do notice there are a number of home users on the forums with SG and XG boxes at home.

    There are other threads on this subject.

    Uses little power compared to my serverboards.

  • 0 in reply to Harps Shina

    Hello,

     

    I use @Home this device with 4Gb of RAM :

    https://www.amazon.fr/gp/product/B00TQM42XO/

    I have 300Mbps in Download and 100Mbps in Upload.

     

    A friend buy the same box for1Gbps Download link and speed test with ok, more than 980Mbps.

    Best regards.

  • 0 in reply to BenoîtChampagne

    Hello,

     

    your friend use this box with IPS and AV ?

     

    best regard

  • 0 in reply to Harps Shina

    I use a re-purposed HP server. You can find them 3-5 years old on ebay for a few hundred USD.

    They have two NICs already installed which is a requirement for a router like XG.

    I added two more for $25 with another ebay purchase - authentic HP part.  I'm running Server 2016 and my XG runs in a Hyper-V (virtual machine).

    Overall it's the same size as a normal mid-tower PC case and since it runs as a virtual machine it takes no more space than my server already used.

     

    For something smaller with at least two NICs you would need a "small form factor" PC which will probably only have one NIC and will need to add another with a "low profile" PCIe NIC.

    You might even get a "mini" like the Lenovo to work but would have to use a USB Ethernet adapter for a second NIC.  I've not tested these configurations for compatibility.

  • 0 in reply to Aland Coons

    I run a i7 4500 with gigabit Fios and have no problems with 6GB of memory.

    I run full traffic shaping, do some web filtering and may have a OpenVPN connected. 

    Memory sits around ~45% utilization.

    I've found after testing the same hardware with pfSense, OPNSense, Untangle, and ipFire that Sophos XG worked the best for me. I miss not having UPNP for my consoles as I have to create a few port forwards to make the XBox work, but not really a big deal for the overall benefits.