Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 28 subscribers
  • Views 6866 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

3 questions after initial setup: High memory, intenal hostname, Access point in XG

Tomjrunner

Hi all,

 

I just installed Sophos XG Home on a Qotom 310 (4GB Ram) and have 3 questions:

Context: small network with 5 users, 2 servers, fiber (1gb/1gb), mostly video streaming and games activities for the load.

 

1) Memory usage is very high, about 80% which sounds strange as for now it's mostly basic configuration (just the default firewall rule)

If I disable most service in the Configure/System service/Service (like anti-virus, IPS, ...) it goes down to 35-50% but no lower.

Any idea of the potential issue ?

 

2) In Network configure/Network/Dns I have setup the DNS host entry for my local computers, linking IP to names and checking "Reverse DNS" (did try unchecked too). Still I just have IP address in the various reports and not the names. Based on some others posts it sounded to be the way to do.

How can I have the hostname instead of local ip in the reports ?

 

3) Access points

I don't have Sophos AP but consumer grade routers with DD-wrt installed on them (2 TP-link, 1 buffalo). The XG computer doesn't "see" them.

configuration is:

ISP Modem --> (NIC2) Qotom/Sophos XG (Nic 1) --> (LAN) TPlink (wireless local) --> basic Lynksys switch (not managed) --> (LAN) Tplink (wireless local + guest network)

- DHCP for the LAN is served by the XG firewall

- all SSID are, for now, configured on each router

- the guest network is configured on the 2nd tplink, directly in the dd-wrt interface ,with it's own dhcp and subnetwork declared there.

- Each router has a fixed IP

Everything is working fine like that, except all guest network connection just show as being 1 IP (the router IP) and I would like to manage it from the XG firewall.

Is it possible to have the 2 routers (SSID + guest network) declared and managed in XG, knowing that I need both local and guest network ?

 

Please let me know if you need additional information.

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    1) I’m running Sophos XG on a Qotom Q355G4 with 4GB of RAM and I’m seeing about 65% memory use. When I first installed, it was about 71% and over the weeks, it’s started to slowly go down. I have a fairly basic home setup with only two users but about 33 devices on our network. Sophos XG uses a lot of memory when comparing it to something like a clean install of pfSense which I believe is based on the fact it’s basically a full Unified Threat Management system out of the box. In other words, there’s just a lot of stuff running in addition to a basic stateful firewall. For example, for IPS, Sophos XG automatically configures an instance of Snort on each core your CPU has so in my case with the Sophos OS seeing four cores, there’s four instances of Snort running. I’m not saying this is solely the reason for all the memory being used but there’s just a lot going on with Sophos XG by default. All that to say, I don’t think it’s an issue but just the nature of Sophos XG. Personally, I wouldn’t be worried unless I’m seeing the RAM usage starting to exceed something like 90%.

    2) Sorry I cant help with this but hopefully someone can chime in.

    3) I’m also running two wireless access points (Apple devices), one for my home network and another for guest users. My setup is a little different though as I have each access point connected to a different port/interface on the Qotom box. I’m not sure if you have the ability to do this but if so, I typed up a guide here on how to set that up:

    https://shred086.wordpress.com/2017/12/21/sophos-xg-setting-up-a-guest-wireless-network/

    Otherwise, I’d think you need to setup VLANs to separate the guest network from your main network.

Reply
  • 0

    1) I’m running Sophos XG on a Qotom Q355G4 with 4GB of RAM and I’m seeing about 65% memory use. When I first installed, it was about 71% and over the weeks, it’s started to slowly go down. I have a fairly basic home setup with only two users but about 33 devices on our network. Sophos XG uses a lot of memory when comparing it to something like a clean install of pfSense which I believe is based on the fact it’s basically a full Unified Threat Management system out of the box. In other words, there’s just a lot of stuff running in addition to a basic stateful firewall. For example, for IPS, Sophos XG automatically configures an instance of Snort on each core your CPU has so in my case with the Sophos OS seeing four cores, there’s four instances of Snort running. I’m not saying this is solely the reason for all the memory being used but there’s just a lot going on with Sophos XG by default. All that to say, I don’t think it’s an issue but just the nature of Sophos XG. Personally, I wouldn’t be worried unless I’m seeing the RAM usage starting to exceed something like 90%.

    2) Sorry I cant help with this but hopefully someone can chime in.

    3) I’m also running two wireless access points (Apple devices), one for my home network and another for guest users. My setup is a little different though as I have each access point connected to a different port/interface on the Qotom box. I’m not sure if you have the ability to do this but if so, I typed up a guide here on how to set that up:

    https://shred086.wordpress.com/2017/12/21/sophos-xg-setting-up-a-guest-wireless-network/

    Otherwise, I’d think you need to setup VLANs to separate the guest network from your main network.

Children
  • 0 in reply to shred

    Hi guys,

    to get the device name into some of the reports you need to create clientless users, each clientless user will require an email address, I use a dummy address. At this stage the DNS and DHCP server do not talk to each other as per the UTM.

    As Billybob says since when does an fileserver etc receive emails?

    My memory hits about 50% on a 6gb system with a quad core CPU, 30 odd clientless users of which about 20 are active. 7 IP4 and 4 IPv6 rules and two ADSL2+ connections.

    Ian

  • 0 in reply to rfcat_vk

    Thank you both.

     

    1) Well for now I'm stuck at 80+% with 2 firewall rules, about 20 clientless. I disabled IPS as the take on bandwidth was very significant, dropping to 150/1Mb from 800/800Mb. I'll review that later but just 2 core here, so going to be challenging.

     

    2) Great it works, at least for the "users" which are not using the guest network. I was not patient enough looking at the report and it doesn't apply the change to past log. Still cumbersome to have to assign IP in DHCP to be able to link "users" to devices. Mac address would have been nice. I saw there was a request feature about it.

     

    3) Ok so for now now just applicable to 1 router as the 2 others are a bit remote and I can't plug them on the Qotom. I will try to play more with the DD-WRT setup and see if there is a way. But I fear I might have to change router.

    Short term, it means all "guest access" are logged under the remote router IP, according to the router setup and I can't have details per IP/MAC.

     

    Thank you again.

    Shred, nice other entries in your blog. It indeed gives some ideas.