After spending a lot of time looking at Sophos UTM, I may finally have some budget to actually deploy it. I would be very grateful for anyone’s input on the below. We are an SME, with 18 users on site. We would be looking a licensing the Network and Web protection modules only. I would be looking to use the IPS and dual engine HTTPS AV scanning, web filtering and application control. As well as QOS for VOIP. There won’t be that much VPN usage, possibly 1-2 users max. We currently have an FTTC connection with 80 megabits down 20 megabits up, however I’m trying to get an FTTPoD connection installed at some point (which would do 330 megabits down and 30 megabits up), ideally I would like a solution that could scale to match the FTTPoD if we do manage to get one installed. Potential deployment options: [LIST=1] Either an SG115, which would cover the FTTC connection ok but not the FTTPoD, or an SG135, which would cover the FTTPoD connection, but would be a lot more expensive. We have a Microserver Gen 8, with 10GB of RAM, Celeron G1610T and 2 Seagate NAS drives in RAID 1. This is currently running Hyper-V 2012 R2. I would be looking to run the UTM as a VM on this. Judging by Barry’s (very useful) benchmarks of the Gen8 it should be able to handle the FTTC fine, but might not be able to handle the 330 megabits per second of the FTTPoD. Get a Jetway JBC311 , and put in 4 GB of ram and resilient SSD (something like an 850 pro). [/LIST] Questions: [LIST=1] Is there much performance penalty from running the UTM as a Hyper-V VM and not directly on the machine (assuming the UTM VM is the only one on the host). I.e. can I expect to see Barry’s Gen8 figures if the UTM is in a VM instead of on the metal? How does the Jetway compare to the Sophos appliances? It has a quad core baytrail N2930 as well as Intel NICs. Having read the HW Appliance tech specs thread , I guess it should out perform the SG125? Can Sophos UTM decrypt traffic that uses the SPDY protocol? We currently use Google Apps for email with Chrome, and I know chrome uses SPDY to communicate with the Gmail servers. [/LIST] I’m leaning towards the Gen8 option as we already have the hardware and if we did get the FTTPoD connection I could always upgrade the hardware. But would be interested to hear what you guys thought would be suitable hardware for this use case. Thanks for any help.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM sizing for 18 users

After spending a lot of time looking at Sophos UTM, I may finally have some budget to actually deploy it. I would be very grateful for anyone’s input on the below.

We are an SME, with 18 users on site. We would be looking a licensing the Network and Web protection modules only. I would be looking to use the IPS and dual engine HTTPS AV scanning, web filtering and application control. As well as QOS for VOIP. There won’t be that much VPN usage, possibly 1-2 users max.

We currently have an FTTC connection with 80 megabits down 20 megabits up, however I’m trying to get an FTTPoD connection installed at some point (which would do 330 megabits down and 30 megabits up), ideally I would like a solution that could scale to match the FTTPoD if we do manage to get one installed.

Potential deployment options:
[LIST=1]

Either an SG115, which would cover the FTTC connection ok but not the FTTPoD, or an SG135, which would cover the FTTPoD connection, but would be a lot more expensive.
We have a Microserver Gen 8, with 10GB of RAM, Celeron G1610T and 2 Seagate NAS drives in RAID 1. This is currently running Hyper-V 2012 R2. I would be looking to run the UTM as a VM on this. Judging by Barry’s (very useful) benchmarks of the Gen8 it should be able to handle the FTTC fine, but might not be able to handle the 330 megabits per second of the FTTPoD.
Get a Jetway JBC311, and put in 4 GB of ram and resilient SSD (something like an 850 pro).

[/LIST]

Questions:
[LIST=1]

Is there much performance penalty from running the UTM as a Hyper-V VM and not directly on the machine (assuming the UTM VM is the only one on the host). I.e. can I expect to see Barry’s Gen8 figures if the UTM is in a VM instead of on the metal?
How does the Jetway compare to the Sophos appliances? It has a quad core baytrail N2930 as well as Intel NICs. Having read the HW Appliance tech specs thread, I guess it should out perform the SG125?
Can Sophos UTM decrypt traffic that uses the SPDY protocol? We currently use Google Apps for email with Chrome, and I know chrome uses SPDY to communicate with the Gmail servers.

[/LIST]

I’m leaning towards the Gen8 option as we already have the hardware and if we did get the FTTPoD connection I could always upgrade the hardware. But would be interested to hear what you guys thought would be suitable hardware for this use case.

Thanks for any help.

This thread was automatically locked due to age.

Parents

0 BarryG over 10 years ago

Hi,

Licensing is Per IP, and a machine with an IPv4 and an IPv6 IP will be counted twice.

A 25-user license allows 25 internal IPs.

Transferring a license between a VM and a software install is no problem. However, transferring a license from an appliance to a different device is impossible, unless you can arrange a trade-in or upgrade.

UPS: the UTM will shut itself down if connected to an APC UPS with a USB cable.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 10 years ago

Hi,

Licensing is Per IP, and a machine with an IPv4 and an IPv6 IP will be counted twice.

A 25-user license allows 25 internal IPs.

Transferring a license between a VM and a software install is no problem. However, transferring a license from an appliance to a different device is impossible, unless you can arrange a trade-in or upgrade.

UPS: the UTM will shut itself down if connected to an APC UPS with a USB cable.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data

Sophos UTM sizing for 18 users

Submitted a Tech Support Case lately from the Support Portal?