In a nutshell, the overall horsepower of the computer running the Sophos UTM seems to make all the difference if you want to use Country Blocking and Country Blocking Exceptions.
On several software only UTM's, we enabled the Firewall Country Blocking "From" parameter, in order to block connections initiated from most countries, with Country Blocking Exceptions also enabled for SMTP email from all countries and some local traffic (OWA, HTTP, etc.). After doing so, the CPU's pegged at 100% on several UTM's for hours, though not necessarily starting immediately. It may be a reflection of worldwide traffic accessing that particular UTM, because some Intel Atom boxes with 4Gb, and other beefier UTM's, were fine. But several regular boxes with 2Gb and 4Gb were struggling.
On those UTM's that were CPU overloaded, we tried cutting back to just a small number of countries for blocking and exceptions. That helped for some UTM's, but for others we had no choice but to disable the country blocking entirely to get the CPU utilization down.
The mix of boxes we used were new to old, I7 to Atom's, 4 core to 1 core, 8Gb to 2Gb and SSD's, to SATA.
This thread was automatically locked due to age.
