UTM9 Home Firewall IPS cuts my bandwidth in half

CPU is too slow for Snort in your configuration with 300mbps download.  It sucks, but that's just the way it is unfortunately.  A really fast dual core or quad core will be much more performant with UTM, but I know you probably don't want to go that route.

Thanks darrellr for your reply. Ok yes I do have server grade CPU's to put UTM on to try it out. The only thing is pfSense with Snort and other packages can handle 300mbps down on the same hardware without a problem. Oh well I guess there is a difference between the 2 products.  Thanks for your help!

darrellr

You was right. The j1900 only could handle half of the IPS 300mpbs. I install UTM on a xeon server with 16gb ram and did speedtest and I got 300/20. Great! on one hand. I was trying to migrate to smaller and low power devices. Oh well I guess for now its all good with the IPS/Snort. with UTM.

Now I got to go sell the j1900 on ebay......

darrellr

You was right. The j1900 only could handle half of the IPS 300mpbs. I install UTM on a xeon server with 16gb ram and did speedtest and I got 300/20. Great! on one hand. I was trying to migrate to smaller and low power devices. Oh well I guess for now its all good with the IPS/Snort. with UTM.

Now I got to go sell the j1900 on ebay......

What do you think the max throughput with IPS would be for your Xeon? What model CPU is it?

Hi

 I only have time so far to do the easy test with speedtest.net. This test was cutting my bandwidth in half for some reason on the j1900. Now with the new UTM on a Server which has a 3.2 GHz Intel Xeon E3-1225 v3 Processor with 16gb of ram on speedtest.net I am getting what I'm pay for from Comcast. 300/20.....  I don't have another internet connection to test with this setup is in my home so that is the max with speedtest.  Maybe if I get time this weekend I'll blast it with bit blasters and see what happens..... Sorry I can't confirm what the max throughput of the IPS as you requested....

Thanks

Hmmm I'll have to do some more reading. I've got 1000/1000 primary and 150/10 failover/load balanced WAN. My SonicWALL isn't cutting it, but I don't want to go to Sophos if I can't get something fast enough to allow SNORT to go full speed.

WOW 1000/1000 you got to do your research before you decide. If this is for work in my experience do a bakeoff  request the vendors you want demo equipment and you should put together a RFP. for them to respond too. Well that's just the Technical Fun stuff. Then you need to look at Support and SLA with contracts and work with you legal department also replacement hardware if needed. If this is for home where do you live to get 1000/1000? you can test with the Sophos UTM Home up to 50 devices. 

The only thing that is puzzling me is when on the j1900 intel 4 port ethernet you can get on amazon from Hong Kong if you are interested. I run pfSense with the same specs with Snort, Emerging Threats and Snort free loaded with tons faults/positives.  also Squid and other packages and I get 300/20 on openvpn without a problem.  Sophos does not support OpenVPN for some reason...... Speedtest.net gives me 300/20 give or take.....

Thanks

Jason

Oh it's for home. 

For work we have plenty of options. But at that speed it won't be Sophos. Typically those are very large deployments and Sophos really only goes up to SMB level. Our reps tell us don't even go after the large market. 

For gig in an enterprise we'd start with a Palo Alto PA-3020 or a CheckPoint 5800 and higher. We are an VAR/MSP. 

That being said, home is different as there is a significantly reduced or no budget. So you have to be more creative with the solutions. I like the idea of Sophos home since I'm fairly knowledgeable with their OS (and SonicWALL), but the limitations of single threaded Snort worry me. It's an ego thing... I want to see my 1000mbps speed test lol. With multiple users any of my machines should do gig, but not with a single user.

Nice!!!!!!  Enterprise is a different market.........

I use to have 15 years ago Checkpoint NG on Nokia in my house with Cisco VOIP and dedicated get this T1 to work.... Well I don't have it anymore just like you for home there is a budget to work with... Mainly my big boss the Wife always says NO!.....  One of my old co-worker contacted me just recently if I knew any  Palo Alto Engineers. I asked if he can spare some equipment put of course he can't...... Well Good Luck!!!!!

Thanks for the chat

Jason

@tuannguyen

I didn't do any testing over the weekend because I really don't want to use a xeon server to run UTM. For home I am trying to use low powered intel mini pc's. So an update is that i took the j1900 intel mini pc and loaded Sophos XG Home on it to see if that would make a difference with the IPS vs UTM. Well for some reason with IPS on the XG under policies/Intrusion Protection is set for lantowan_strict and I ran speedtest and I got 300/20.....  I don't know what the difference between UTM and XG and what IPS/IDS engines and rules that are used I know UTM is snort.. Oh well I'll play with the XG for now and do more research... If anyone reading this that can answer this please share with the community.......