New Home Build - Help spend my money!

Just my two cents...

I use the Sophos firewall here at my home on the hardware I listed above. I run it because I have Sophos UTMs at almost every one of my customers sites. To be honest, their throughput sucks, the Wifi is garbage and the firmware is buggier than a month old ham sandwich. I am not impressed with the VPN (SSL or IPSEC) throughput and have other VPN issues that likely will not be of concerns to home users. The boxes are still IKEV1, have TLS 1.0 still enabled, a never ending list of real-world-impact bugs and piles of other should-have-been-fixed issues that will never get attention.

I have no idea why anybody would want to run one of these at home.... I regret putting them at customer sites but am stuck with them for a few more years.

Just my two cents...

Bean,
Thanks. I'm still trying to figure out the better home solution. I've worked with Sonicwalls so I have no Sophos experience. I tried the pFsense, but it took me a long time just to set up a basic configuration and was slow for downloads and browsing. So far, the Sophos XG Home, quick setup, fast browsing and fast downloads.
Also, it seems I have to constantly be an Administrator for the pFsense.
If not Sophos XG Home, what else you got?

Bean,
Your hardware is the same as what iX Systems offers. I was looking at that same server before to put a phone voice server together running FreePBX. Looks nice, but I never pulled the trigger. Do you like it?

Honestly... for a home with no teenagers? Whatever comes with your broadband connection. Add one of the raspberry-pi or similar ad blockers if you want. Use a safe DNS (OpenDNS, whatever). Many of the ISP provided firewalls can accommodate outbound rules, even if they come wide open.

Web filtering is another ball of wax, but even at that, the UTM really does not do a good job (at least easily and quickly) in my opinion and the SSL proxy (in my opinion) kind of blows.

My sites with UTMs and without have about the same malware infection rate and it is usually 0day. The sites with UTMs always have one problem or another related to firmware updates or sluggish performance due to resource shortages. SSL VPN connectivity is slow and site-to-site IPSEC is a nightmare.

It is not that I hate the UTM or the concept, I just don't care (a bit)for Sophos' stewardship of the product. I think they are tone deaf and arrogant.


.

I really like the supermicro atom servers. The unit in question runs hyper-v 2012 with 4 VMS: UTM, SUM, Spiceworks (complete and utter garbage) and ScreenConnect (very nice product). Each VM has a dedicated SSD drive and a pile of RAM. The CPU is really barely taxed. The UTM may hit 10 CPU sometimes with two of us. NOTE: I DO NOT use Sophos Wireless protection anymore, it is pure 100% steaming garbage. It is unstable, has low throughput, craps out, hates IOS, etc. In fact, I have removed it from almost every one of my customer sites, at my cost.

FWIW here are the uptimes for the VMs on that box:
ScreenConnect: 357 days *dynamic RAM, using 1.2 meg
Sophos SUM: 75 Days *dynamic RAM using 1 meg
Sophos UTM: 156 Days *static RAM assigned 8 meg
Spiceworks: 337 Days *dynamic RAM using 1.75 meg

Clearly warm reboots are not counted there (Sum and UTM for updates, the others, never).

I have a second similar server, also running Hyper-V that holds my AD servers and a File Server. Again, no RAID (not willing to use the onboard or windows RAID). JBOD storage.

Note on the lack of RAID. The onboard RAID would likely be fine for this type of home/soho setup, but I don't really care about uptime. The VMs and backed realtime to local and off-site storage, RAID would really buy me nothing here but extra complexity.

it has 2 NICs.. wireless did not work.. i use an external wifi ap for the wireless..

nice, thanks.

I have encountered zero hardware issues with the following setup (it’s actually overkill):

• $195.00 - HP 8200 Elite Small Form Factor
  •  Intel i5
  •  8GB RAM
  •  HDD 500GB 7200RPM SATA 3Gb/s 16 MB Cache 3.5

•  $69.00 - NIC - Dell Broadcom BCM5709C Quad Port Gigabit Adapter P736R

The CPU usage is almost non-existent and has never spiked above 6%.

Throughput is really good. I get 58Mbps down and 12Mbps up on my 50/10 business cable connection. I use ESXi and host several websites, FTP server, remote support server and an email server that utilizes ActiveSync (separate box behind the UTM). I use the UTM’s VPN, network, email and webserver protection. It’s been rock solid for me.

I have two of these. I got a really good deal on the second one which is currently in use. The original one is now my cold backup but it was put into service in 2013. Both were purchased used and were very reasonably priced. I believe I got the original one off of Craigslist. The Broadcom NIC has been great too. I encountered the e1000 reset issue with the original 4-port Intel NIC I purchased. I don’t know if that issue has been fixed or not so I’d stick with a Broadcom NIC unless someone on here can verify that the e1000 reset issue has been fixed.

IMHO, you don’t need a SSD and 4GB of RAM is plenty. No, this is not server grade hardware and it’s not as small as those ATOM units but I’ll bet you these little jewels will hold up just fine over time and you can’t beat the price. Just another option for you if you have the space and you are willing to watch ebay and Craigslist for a couple of weeks to get a really good deal ;-)

No one knows what the future holds for the Sophos UTM but I’m sticking with it till the wheels fall off. The Sophos XG Home slash Cyberoam whatever is not my cup of tea. Suggest you stick with the UTM. Unfortunately, the XG appears to be the future. I only hope they greatly improve upon it before the Sophos UTM reaches EOL.

Cheers,

Jeff