Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 14256 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Performance As Hyper-V VM

NashBrydges

After a fair amount of work migrating from Sophos UTM9 to Sophos XG, I wanted to test out the new firewall to check out the kind of performance I could get out of it compared to the UTM9. Before I get to that, a little about my environment.

Sophos XG is running as a VM on Windows Server 2012 R2 Hyper-V. The server is a small 1U Dell R230 with a E3-1240v5 3.5Ghz, 64 GB DDR4 RAM, and a 400GB SSD. The Sophos XG VM itself has been assigned 4vCPU, 6GB RAM and 100GB VHDX drive.

My home environment is not hugely complicated but here is a breakdown of what I am currently running.

  • 61 devices
  • Devices run from multiple Dell servers, desktops, laptops, mobile phones, tablets, iOT devices, tablets, media playback devices...etc
  • FreePBX running as a VM on Hyper-V for telephony throughout the house
  • 15 Linux web servers like Nextcloud, Kanban, Minecraft, Plex, a SMB share, Unifi and mFi controllers, UCRM as well as a few other web sites

On the Sophos XG, I've copied the Lan to Wan policy and changed it to match what applications, devices...etc are on my network. It is running with 8,017 signatures.

Thanks to Luk for his help, I've also got a default Wan to Lan policy for externally available web servers.

All in all, I have only 26 firewall rules, IPS is enabled, and so is Advanced Threat Protection.

I am connected to my ISP via a 940Mbps/120Mbps fiber connection.

The latest set of tests that I ran have shown that my download on large files is sustained at 700Mbps (see attached screenshot). This download speed has hardly peaked the CPU usage much beyond 20% to 30% and memory usage has remained under 50% the entire time (see attached).

The speedtest.net results are equally impressive (I've redacted location and IP address for privacy)!

Here is the HTTP/S firewall rule that shows setup and bandwidth usage

This kind of performance, running as a VM with such low resources is truly impressive! I could theoretically run dozens more devices on my home network and never worry about running into a bottleneck. My family's typical internet usage each month runs anywhere between 1.3TB to as high as 4TB of bandwidth (there are a lot of cloud backups and streaming activities).

My previous setup consisted of Sophos UTM9 running directly on the Dell R210-ii hardware with 8GB RAM and a 4 core hyper-threading E3-1270 CPU and it was necessary to run on the hardware to maximize performance. When I tried as a VM, the best I could manage was around 400Mbps to 450Mbps.

My next project will be to setup guest wifi and VLAN.



This thread was automatically locked due to age.
Parents
  • 0

    After a fair amount of work migrating from Sophos UTM9 to Sophos XG, I wanted to test out the new firewall to check out the kind of performance I could get out of it compared to the UTM9. Before I get to that, a little about my environment.

    Sophos XG is running as a VM on Windows Server 2012 R2 Hyper-V. The server is a small 1U Dell R230 with a E3-1240v5 3.5Ghz, 64 GB DDR4 RAM, and a 400GB SSD. The Sophos XG VM itself has been assigned 4vCPU, 6GB RAM and 100GB VHDX drive.

    My home environment is not hugely complicated but here is a breakdown of what I am currently running.

    • 61 devices
    • Devices run from multiple Dell servers, desktops, laptops, mobile phones, tablets, iOT devices, tablets, media playback devices...etc
    • FreePBX running as a VM on Hyper-V for telephony throughout the house
    • 15 Linux web servers like Nextcloud, Kanban, Minecraft, Plex, a SMB share, Unifi and mFi controllers, UCRM as well as a few other web sites

    On the Sophos XG, I've copied the Lan to Wan policy and changed it to match what applications, devices...etc are on my network. It is running with 8,017 signatures.

    Thanks to Luk for his help, I've also got a default Wan to Lan policy for externally available web servers.

    All in all, I have only 26 firewall rules, IPS is enabled, and so is Advanced Threat Protection.

    I am connected to my ISP via a 940Mbps/120Mbps fiber connection.

    The latest set of tests that I ran have shown that my download on large files is sustained at 700Mbps (see attached screenshot). This download speed has hardly peaked the CPU usage much beyond 20% to 30% and memory usage has remained under 50% the entire time (see attached).

    The speedtest.net results are equally impressive (I've redacted location and IP address for privacy)!

    Here is the HTTP/S firewall rule that shows setup and bandwidth usage

    This kind of performance, running as a VM with such low resources is truly impressive! I could theoretically run dozens more devices on my home network and never worry about running into a bottleneck. My family's typical internet usage each month runs anywhere between 1.3TB to as high as 4TB of bandwidth (there are a lot of cloud backups and streaming activities).

    My previous setup consisted of Sophos UTM9 running directly on the Dell R210-ii hardware with 8GB RAM and a 4 core hyper-threading E3-1270 CPU and it was necessary to run on the hardware to maximize performance. When I tried as a VM, the best I could manage was around 400Mbps to 450Mbps.

    My next project will be to setup guest wifi and VLAN.

     

     

    Hello,

     

    I got to say i am impressed. Would you mind sharing your VM setup please? I like to know what settings, ram and cpu configuration you have used. Are you using Gen 1 or Gen 2 VM? 

    Look forward hearing from you.

     

    Regards Ronald.

  • 0 in reply to patan32

    Hey Ronald,

    The VM is a simple Gen 1 VM. Here is a screenshot of the VM settings...

    Note the host specs from my original post. It has a fairly high clock CPU and is running on a SSD drive.

Reply Children
No Data