Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 6 subscribers
  • Views 25178 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New Home Build - Help spend my money!

AndrewSerff

I'm trying to find good hardware setup for a new UTM Home build. I've never used Sophos UTM, but want to protect my home network and kids from the evils of the internet! ;) I've read about a 1000 threads with everyone recommending everything from NUCs to Desktops to 1U pizza boxes, but all of these recommendations are 1) old (it's 2016 guys!) and 2) build for different needs. What I would like to find is a general solution that I could just buy and recommend to family members and friends. Here my constraints:

Budget: I'd really like to stay under $300
Home connection: 50MB / 20MB
# Users: 2 adults, 2 kids
# devices: A mix of laptops, iOS devices, gaming consoles, and smart devices. I'd say we have probably have 20 devices online...
typical usage: We have no cable, so we stream everything. lots of netflix, hulu, amazon. Lots of general internet usage. Some online gaming (ps4, xbox, wii u, ios).

I can put the box in my basement, but would still like to consider lower power usage, and quieter operation.

I need web filtering first and foremost. I'd like IPS, VPN, and other features if possible. Everything I'm reading is pushing me towards a 3GHz i3 because of IPS.

I'd also like to not have to do this again (buy new hardware) for years if possible. So hardware with room to grow with both new Sophos capabilities and new technologies (like 4k streaming...much faster internet).

I'd love to just buy a Sophos box, but they seem so expensive and I don't want the subscription fee. I love to find a hardware solution I can just order from amazon, plug it in, and install Sophos UTM Home on it and be done as well, that's not looking very possible though which is bumming me out.

So, I know I'm probably asking for a unicorn...but let me know what is possible! Thanks for all your help!

P.S. as a side note, anything announced at CES right now would be awesome. dual nic NUC with fast processors for cheap?? Let me know if you see anything!



This thread was automatically locked due to age.
Parents
  • 0
    Andrew - I just ordered from Amazon, total build 305.00 I could get it down to under 300 if I go with smaller cheaper mSata, but I wanted a little wiggle room to grow, and/or if it doesn't work out for me as a UTM I can repurpose it as something else. It arrives on Friday, I'll build it up and run it a day or two and let you know.
    1) Jetway JC320U93W-2930-B Intel Celeron N2930 Dual Intel LAN Fanless NUC, 2.5" HDD
    2) Samsung 850 EVO 120 GB mSATA 2-Inch SSD (MZ-M5E120BW)
    3) Crucial 4GB Single DDR3-1600 (PC3-12800) SODIMM 204-Pin High Density Memory CT51264BF160BJ
  • 0 in reply to GeneBarnett
    Gene, any update on how your setup is working?
  • 0 in reply to AndrewSerff
    It's pretty solid, but I haven't put it into full use yet. I had to work on a server all weekend and then back to the grind during the week. So it's only covering a few of my computers. I have faster web browsing, and solid vpn connections so far.
    The other reason for holding back, was I had high hopes of making the wireless work. I even purchased an Atheros card for it, still no joy. I know, I have plenty of APs around here, even a couple of new ones. But I really wanted the already built in wireless to work.
    So I'm making this too long for a short answer of still working on it.
Reply
  • 0 in reply to AndrewSerff
    It's pretty solid, but I haven't put it into full use yet. I had to work on a server all weekend and then back to the grind during the week. So it's only covering a few of my computers. I have faster web browsing, and solid vpn connections so far.
    The other reason for holding back, was I had high hopes of making the wireless work. I even purchased an Atheros card for it, still no joy. I know, I have plenty of APs around here, even a couple of new ones. But I really wanted the already built in wireless to work.
    So I'm making this too long for a short answer of still working on it.
Children
  • 0 in reply to GeneBarnett
    Just my two cents...

    I use the Sophos firewall here at my home on the hardware I listed above. I run it because I have Sophos UTMs at almost every one of my customers sites. To be honest, their throughput sucks, the Wifi is garbage and the firmware is buggier than a month old ham sandwich. I am not impressed with the VPN (SSL or IPSEC) throughput and have other VPN issues that likely will not be of concerns to home users. The boxes are still IKEV1, have TLS 1.0 still enabled, a never ending list of real-world-impact bugs and piles of other should-have-been-fixed issues that will never get attention.

    I have no idea why anybody would want to run one of these at home.... I regret putting them at customer sites but am stuck with them for a few more years.

    Just my two cents...
  • 0 in reply to BeanAnimal
    Bean,
    Thanks. I'm still trying to figure out the better home solution. I've worked with Sonicwalls so I have no Sophos experience. I tried the pFsense, but it took me a long time just to set up a basic configuration and was slow for downloads and browsing. So far, the Sophos XG Home, quick setup, fast browsing and fast downloads.
    Also, it seems I have to constantly be an Administrator for the pFsense.
    If not Sophos XG Home, what else you got?
  • 0 in reply to BeanAnimal
    Bean,
    Your hardware is the same as what iX Systems offers. I was looking at that same server before to put a phone voice server together running FreePBX. Looks nice, but I never pulled the trigger. Do you like it?
  • 0 in reply to GeneBarnett
    Honestly... for a home with no teenagers? Whatever comes with your broadband connection. Add one of the raspberry-pi or similar ad blockers if you want. Use a safe DNS (OpenDNS, whatever). Many of the ISP provided firewalls can accommodate outbound rules, even if they come wide open.

    Web filtering is another ball of wax, but even at that, the UTM really does not do a good job (at least easily and quickly) in my opinion and the SSL proxy (in my opinion) kind of blows.

    My sites with UTMs and without have about the same malware infection rate and it is usually 0day. The sites with UTMs always have one problem or another related to firmware updates or sluggish performance due to resource shortages. SSL VPN connectivity is slow and site-to-site IPSEC is a nightmare.

    It is not that I hate the UTM or the concept, I just don't care (a bit)for Sophos' stewardship of the product. I think they are tone deaf and arrogant.


    .
  • 0 in reply to GeneBarnett
    I really like the supermicro atom servers. The unit in question runs hyper-v 2012 with 4 VMS: UTM, SUM, Spiceworks (complete and utter garbage) and ScreenConnect (very nice product). Each VM has a dedicated SSD drive and a pile of RAM. The CPU is really barely taxed. The UTM may hit 10 CPU sometimes with two of us. NOTE: I DO NOT use Sophos Wireless protection anymore, it is pure 100% steaming garbage. It is unstable, has low throughput, craps out, hates IOS, etc. In fact, I have removed it from almost every one of my customer sites, at my cost.

    FWIW here are the uptimes for the VMs on that box:
    ScreenConnect: 357 days *dynamic RAM, using 1.2 meg
    Sophos SUM: 75 Days *dynamic RAM using 1 meg
    Sophos UTM: 156 Days *static RAM assigned 8 meg
    Spiceworks: 337 Days *dynamic RAM using 1.75 meg

    Clearly warm reboots are not counted there (Sum and UTM for updates, the others, never).

    I have a second similar server, also running Hyper-V that holds my AD servers and a File Server. Again, no RAID (not willing to use the onboard or windows RAID). JBOD storage.

    Note on the lack of RAID. The onboard RAID would likely be fine for this type of home/soho setup, but I don't really care about uptime. The VMs and backed realtime to local and off-site storage, RAID would really buy me nothing here but extra complexity.
Unfiltered HTML