We're having 1Gbit internet installed and by Sophos' own tech sheets the XG 210 would be an appropriate device.
Do the spec sheet numbers line up with performance in reality?
Is the XG 210 likely https://19216811.cam/ to handle 1Gbit line speed with all services turned on?
Is there a rule of thumb for performance sizing on these devices depending on what services are turned on?
Thanks in advance .
I am not abundantly familiar with XG quite yet, but I do know that in UTM, Snort is used and is still a single-threaded process - which is the web filter used in UTM. It's also widely known to bring internet speeds to a crawl. As an example, I have a 50mb download, at best I get with IPS on, it's at 7.5mb.
I *believe* XG is using something different, but performance wise and configuration, I don't know if it limits the speeds with the tech it uses.
UTM - 9.711 | Intel Xeon 4-core v3 1225 3.20Ghz 16GB Memory | 500GB SATA HDD | GB Ethernet x5
There is already a thread on this topic...https://community.sophos.com/sophos-xg-firewall/f/discussions/125452/snort-3-on-sophos-xg/458458#458458
I'm pretty sure Sophos works around Snort 2.X's single-threadedness by running multiple copies of Snort in the XG. At least I see multiple Snort processes when I'm in the Advanced Shell.
quick note, on the UTM they run multiple copies of snort (like in the XG). You can tweak the copies of snort -> Sophos UTM: Low throughput with Intrusion Prevention (IPS)
BERGMANN engineering & consulting GmbH, Wien/Austria