Hello,
I am new to the Sophos XG platform and looking for some advice. Here is my situation:
· Usage will be in a home. But I work in IT and use my home as a lab / PoC environment, mostly to further my own knowledge about IT systems
· I am planning to add several IoT devices over the next year
· Previous two bullets will put me up near 50 devices at times, but I can potentially get creative (e.g., double-NAT some of them so that Sophos XG does not see the IP address on the network)
· Current Internet connection is 50/10. Looking to upgrade this as soon as I have a more-scalable router/firewall in place
· AT&T is installing fiber in my neighborhood, and so I want a firewall/router that can scale to at least 1 Gbps. As I understand it, to guarantee decent real-world speeds of 1 Gbps, you should find a router/firewall that states “on paper” that it can push at least twice that – 2 Gbps
· I have a site-to-site VPN connection with a coworker’s house, to extend the lab/PoC environment when needed. I may also want to set up a site-to-site VPN with Azure soon
· I use client-to-site VPN (Cisco AnyConnect) and need similar functionality
· I am interested in the next-gen firewall features of the Sophos XG platform, but I do not necessarily consider them “required”. The most interesting feature would be blocking of ads/malware/phishing sites through web proxy/content filtering. But I do not have these kinds of features today
· I have a cellular modem, intended for back-up Internet. I have some home security stuff and just trying to ensure that if someone cuts my Internet line, they cannot take out my security system
· I am not afraid to spend some money (to a point). BUT, this is a home environment
· I worry about hardware failure and need some amount of protection/assurance against it. If the Internet goes down while I am out of town and my wife cannot watch TV, it is a “Sev A outage” :)
So, to summarize, my must-have features are:
· Can reliably scale to 1 Gbps (i.e., without packet loss or jitter on real-time communications)
· Supports site to site VPN
· Supports client to site VPN
· Supports failover to a backup Internet connection
· Rudimentary firewall
Nice-to-have features are:
· Web proxy/content filtering (removal of ads and malware)
I guess my first question is whether the home license can meet all my functionality requirements (e.g., site to site VPN, client to site VPN, etc.).
Second, I am worried that 4 CPU cores + 6 GB of RAM may not scale to 1 Gbps Internet. Has anyone tried this? Are there any test results that show the scalability of the platform?
Third, to protect myself from hardware failure, I am considering running XG as a VM. If I do this, I will place it on dedicated hardware. To avoid any chance of a slowdown due to the hypervisor, I was considering buying a Xeon E5 with six cores (I would assign four to the XG VM, leaving two for the hypervisor). And I would buy the E5 that has 6+ cores and the highest clock speed available. Then I could use the hypervisor features to back up and/or replicate the VM to another host, so that I could quickly recover if there was a problem. I considered running the XG on “bare metal”, but I do not think it would afford me much protection from hardware failure with the home license and I am worried because there is no published hardware compatibility list that I have been able to find.
If I use a VM (or roll my own hardware), how much storage should I plan to give to the XG? I need room for logs, etc. and do not want to cut myself short.
Alternatively, I would not mind buying Sophos XG hardware (the XG 210?), but then I would be spending cash on warranty coverage, or would need to be willing to re-order hardware when a failure occurs.
Finally, I am assuming that the home license of Sophos XG does not allow me to configure a redundant XG for high availability. But let me know if I am mistaken about that… or maybe it’s possible to get a second home license for active/passive high availability?
Again, I do not mind throwing Sophos some cash or buying hardware for what seems to be a high-quality product. Just trying to spend wisely (considering that this is a home environment and not a business) and trying to manage risks.
Thanks in advance!
Frank
This thread was automatically locked due to age.
