Hardware for replace my UTM

Hi all, I need any tip for purchase 2 new server for replace my UTM Sophos v9.

The hardware current is 2 HP Proliant DL320 G5, 1 x Dual Core 2.4 GHz, 8GB RAM, 2 HD SATA 250GB on RAID 1.

The services active are:

Firewall, IPS, Anti-Portscan, Web Filtering, SMTP Proxy, Wireless Protection, 3 Site-to-Site VPN (but the traffic is really limited), 8 x Remote Access, Web Appliance Firewall (for CRM, Web site and in the next days OWA), HA/Cluster, Antivirus for HTTP/S, SMTP, WAF, Antispam and Antispyware. There are 7 VLANs and 4 wireless network with 1 x AP15 and 1 x AP10.

There are 50 users.

Sometimes, lately more frequently, the CPU usage go to 100%, which makes it almost impossible to navigate, so I have to disable the IPS and restart the HTTP Proxy to get it back to normaly values.

The candidates to replace them are:

 2 x HPE ProLiant DL360 Gen9 servers with the following specs:

- 1 x Xeon E5-2620V4 2.1 GHz

- 16 GB RAM

- Intel Corporation 82571EB Gigabit Ethernet Controller Quad port (current installed on my UTM)

- SSD to be defined (some tip??)

This configuration is oversized? What should I change, maybe to reduce costs?

 

Thank you for any help!

  • The 100% on the proxy could be down to a download getting stuck. I used to have a devil of a job with Adobe downloads (DC etc) until I throttled it right down and no more issue. It behaves smoothly now.

    With regards to hardware, you might want to consider one of the hardware appliances. They are fairly powerful beasts with SSD's etc and I don't think they are too expensive for what they are.

  • In reply to Louis-M:

    Already checked, when the processor goes to 100% usually http/https traffic is normal.

    Unfortunately, there is a difference in price that given the circumstances is not cheap...

  • In reply to papali:

    I would get a much faster processor, but you should talk with a good Sophos Partner to get a recommendation.

    Cheers - Bob