This article describes the steps to deploy a Sophos UTM in high-performance environments/scenarios to maximize throughput and is designed for high-end appliances, although most of the operations can be performed on mid-end ones.
The following sections are covered:
Applies to the following Sophos products and versions Sophos UTM
To deploy the Sophos UTM in a high-performance environment, a mix of design considerations and Sophos UTM tweaking is necessary. The Sophos UTM is shipped with a standard, default configuration that fit most of the environments, to achieve the maximum throughput design considerations and Sophos UTM optimizations should be put in place.
In high-performance environments, Sophos UTM should be deployed in High-Availability to ensure redundancy in case of hardware or software faults; it is crucial to design the solution with enterprise-grade hardware that fits the needs of the solution, for both Sophos and third-party vendors used in the solution (namely, switches).
Sophos UTM current models that fit the high-performance environments are SG450, SG550 and SG 650,
Here is an example of a high-performance deployment:
REF_Lag # (tab autocomplete or type out complete string) xmit_hash_policy=layer3+4
As a general guideline, avoid enabling services and options that are not being used in order to save CPU clocks, RAM space and disk I/O for the used modules, you should also create exceptions to skip modules or module options for streams, services and/or hosts that do not require them.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.