Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 23 replies
  • Subscribers 2 subscribers
  • Views 6441 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM@Home Network Performance

KHolohan
Hi

I'm running a UTM installation on a HP microserver at home to protect the network and ensure the kids don't go places they shouldn't.

The problem I have is the impact the UTM is having on network throughput and pings.

I'm running 9.104. The dashboard says the CPU is 


This thread was automatically locked due to age.
  • 0 in reply to KHolohan
    I think you may be right. Disabling the web filtering sees the ping drop to 
  • 0
    well even if you throw 6ghz at it you'll see a ping drop on http..no matter what...a fast enough cpu can get around the throughput speed to a point..[[:)]]  I would go DC non celeron or atom or sempron with at least 2.0 ghz or faster and 4 gigs of ram..[[:)]]

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0 in reply to William Warren
    Are the dedicated UTM boxes any better in this respect - i.e. UTM 110/120?
  • 0
    they are based on atoms in the 1xx series.  I only recommend them for light use..plus it'll be cheaper for you to use the home license and your own gear..[:)]

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    You may see some decrease in ping response time if you load the webfiltering database to your disk.
    See this post (its the first optimization mentioned in this post)

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    You may see some decrease in ping response time if you load the webfiltering database to your disk.
    See this post (its the first optimization mentioned in this post)


    I do not remember where i made a detailed post on these forums but for HTTP ping is a non issue you do not need real time interaction unless you are gaming with H TTP so the proxy scanning delay is inconsequential. With nine point 1 new hybrid proxy I do not do loading things to disk or RAM any longer in terms of the proxy I leave it be I do do some other memory optimizations on a very limited case by case basis there are a couple of other issues that are being addressed but otherwise 9.1 is a pretty good build

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    Hi, which microserver is this? Gen7 or 8?

    I agree that http ping times themselves are not a clear indication of a problem.

    Nonetheless, if it's a gen8, the cpu can be upgraded to an e3 Xeon.
     
    Barry
  • 0
    event he base celey that comes with the gen8 would perform better than the numbers shown due to it being dc 2+ ghz..[[:)]]  Just put 4 gigs of ram into it..[[:)]]

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    It is a HP ProLiant G7 N54L 2.2GHz version, with 4Gb of RAM.

    The problem will largely go away when the teenagers start school again in a week or so...Thank goodness for an unlimited broadband connection :-D
  • 0
    Hi,
    The CPU in the N54L is somewhat low-end.

    That said, you could try some tuning to improve performance: 
    Set HTTP Anti-Virus to single-scan or disabled.
    Tune the IPS rules to match your network.
    Turn off Application Detection if you don't use it.

    Barry
Cookie Information Banner