Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
I know there are heaps of thread asking what hardware suits best for the home edition of Sophos XG. However I think my requirements are a little different. Most threads ask for the cheapest, least power consuming units. I rather go for the most powerful one to max out the limitations of 4 cpus and 6gb of RAM.
Currently I am running Sophos XG on an ESXI Server with E3-1265L V2. The Appliance got 4 vCPUs and 5GB of RAM.
I have about 40 live users (serveral servers, pc's and IOT devices) in average, Mainly clientless users. I run 5 Vlans and about 15 Firewall Rules. I already deactivated some Firewall feature in order to push the CPU load average below 4. Currently the average is around 3.5 with regular peaks over 4 which apparently leads to CPU Queuing.
Since used RAM is around 50%, I believe the virtual CPU Power is just not sufficient for my purposes. Of course I know that vCPUs perform worse than bare metal.
Therefore, I am looking for a fanless/silent barebone/mini pc with 4 NIC and a 4 Core CPU with enough power. Furthermore it should be possible to have 6GB of RAM (probably 8GB with 2 GB unused).
I read a lot about the Celerons J1900 as recommodations but I assume that couldn't be enough for my setup.
What CPU do you recommend and is there a nice ready to use barebone suiting these needs? I saw some Jetway units which could be a good option. e.g. https://www.minipc.de/catalog/il/2289
thx and Best
That Celeron 3855U/3955U CPU is only a dual core. And while the J1900 is a quad core it doesn't support AES-NI.
The best option is the Qotom mini pc with either an i5 or i7 CPU.
is probably the most powerful mini PC with 4 Intel gigabit LAN ports.
Supports AES-NI, has a boost of 3GHz and has 4 Mb cache.
I'll answer a bit aside your question.
If you've got 40 users, including servers, why do you stay with home edition ? It's not the target of this edition. You should go for a real hardware UTM.
In reply to Fabien Martinet:
thanks for your replies. I forgot to mention that this is not a commercial setup. This is my home lab. :-) And while servers (virtual machines) and pc are roughly 12 devices, the rest are all kind of mobile devices, IOT etc.
Based on the sizing guide I should go for a Sophos XG 210 or 230 which is pricy and most notably needs some sort of licensing. The latter doesn't really make sense for a home lab.
The QOTOM units look pretty decent. Unfortunately I can't find a reseller in Germany. But I keep on searching.
I also found the supermicro e300-d8 which seems to be a beast. But maybe overkill concerning the limitations and the price tag.
Sophos is tight-lipped about the specs of their UTM/XG devices.
Look here....what CPU do these have, how much RAM do they have?
OK, I found the technical brief. http://dttstores.com/media/documents/sophos-xg.pdf
In reply to alan weir:
Same for most of others :)
Some clues wtih Checkpoint UTM : https://www.checkpoint.com/downloads/product-related/comparison-chart/appliance-comparison-chart.pdf
Number of cpu/core and memory but no real full spec.
Another point is that often the hardware version for the OS is really optimized for this h/w, so with a standard PC you do not have same result.
Since he has the home license, he is limited to 6Gb of RAM. The only XG appliance with 6Gb is the XG 135(w) which sells for a whopping $940, and that's just the bare appliance, not the one year subscription that comes with it.
Now you see why recommend going with a mini-PC.
"Another point is that often the hardware version for the OS is really optimized for this h/w, so with a standard PC you do not have same result."
that's probably an important aspect. But the licensing prevents me from using anything else than the home edition. Therefore, my goal would be to find the most powerful hardware for the home edition while taking the limitations into consideration.
P.S. on the webpage of QOTOM I can't find the I7 version. Have they reduced their portfolio?
In reply to Peter Mueller:
The link I provided states it has a Intel® Core™ i7-5500U Processor 4M Cache, up to 3GHz.
There's also a different model where you can choose your CPU.
I was going to use a Qotom i5 for my home lab but ended up getting three defective units in a row. Their quality control is not what you might call "on point" and the CMOS battery on all of my units was attached to the motherboard using a dongle that flapped around inside the case without being attached to anything. The specs on these machines are really good for the price, but be warned that you are opening yourself to a bit of risk.
For reference, I finally gave up and went with this guy -> https://www.amazon.com/gp/product/B072ZTCNLK/ref=oh_aui_detailpage_o01_s00
I found the build quality to be much, much better. I threw my own drive and RAM in and ended up with a device that specs out somewhere between the 125 and 135 for a whopping $350.
Amazon also sells the XG 115w base appliance for around $635. It only has 4Gb of ram but it's optimized for the XG firmware it might be OK. Performance wise I don't know how it would compare.
In reply to Gary Parr:
They also make a 6 port version available with up-to an i5 if you want more power.
the QOTOM-Q375G4 with I7-5500U seems to be the most powerful from the given links. Since the main difference between i5 and i7 is hyperthreading, maybe even i5 i sufficient.
with 8gb of RAM and 128 SSD (is this enough?)
Since the Wifi Option is almost for free, does it make sense to get it in terms of compatibility with Sophos XG?
this comes down to 430$ plus tax and custom fees.
Furthermore, has anyone tested this Unit with Sophos XG?
6 ports are nice, since you could seperate networks without vlans, I guess.
but this one starts at 599 without ram and sdd. In this price range the supermicro e300-d8 could also be an option.
On the one (of three) Qotom units I had that worked (for an hour) I had to disable USB3 in the BIOS to get the USB installer to boot. During load, the installer could not find the mSATA drive, but that may have just been due to my unit being defective. I swapped out the mSATA for regular SATA (a nice feature of these micro machines) but could not get the unit to boot again so was unable to test further.
ok, that doesn't sound promising.