most powerful hardware for Sophos XG home

Hi,

 

I know there are heaps of thread asking what hardware suits best for the home edition of Sophos XG. However I think my requirements are a little different. Most threads ask for the cheapest, least power consuming units. I rather go for the most powerful one to max out the limitations of 4 cpus and 6gb of RAM.

Currently I am running Sophos XG on an ESXI Server with E3-1265L V2. The Appliance got 4 vCPUs and 5GB of RAM.

I have about 40 live users (serveral servers, pc's and IOT devices) in average, Mainly clientless users. I run 5 Vlans and about 15 Firewall Rules. I already deactivated some Firewall feature in order to push the CPU load average below 4. Currently the average is around 3.5 with regular peaks over 4 which apparently leads to CPU Queuing. 

Since used RAM is around 50%, I believe the virtual CPU Power is just not sufficient for my purposes. Of course I know that vCPUs perform worse than bare metal.

 

Therefore, I am looking for a fanless/silent barebone/mini pc with 4 NIC and a 4 Core CPU with enough power. Furthermore it should be possible to have 6GB of RAM (probably 8GB with 2 GB unused).

I read a lot about the Celerons J1900 as recommodations but I assume that couldn't be enough for my setup.

What CPU do you recommend and is there a nice ready to use barebone suiting these needs? I saw some Jetway units which could be a good option. e.g. https://www.minipc.de/catalog/il/2289

 

thx and Best 

Pete

  • In reply to rrosson:

    Dell Optiplex i7 3770 + 2 Interl 4 Port NIC aroud 350 on ebay and consume 16w power

     

  • When Sophos announced 17 would be released soon I started shopping and found this for under $500.00 including tax. Acer Aspire AXC-780-UR16 with a core i7 running at 3.6ghz. I added another 4gb of ram, I had a spare 120gb ssd and pulled a duel nic from my old box.  I also thermal glued a heatsink to the northbridge. Never had any issues with it. . If I ever see this again for under $500.00 I may just pick another one up.
     
  • In reply to Conehead:

    1 week ago, I pulled the trigger on this Protectli look-a-like. i5-7200u.

    Using the Aliexpress Mobile App you can get it for less than 400€ incl. shipping. Shipping took less than a week and so far I am very happy with this little device.I payed 50€ tax, bought 8GB Ram for 50€ and reused an existing 120GB mSata. So a total of 500€ did it for me.

    Installation was easy and done in 15min and restored a backup from my Sophos XG VM to replace the VM entirely.

     

    Comparing to the charts I posted earlier, the load average almost never exeeds 3, which means the load is 1 unit less than before. Since I have started using it yesterday I still need to observe it a little longer.

    Due to the fact that the device has 6 Ports and is, of course, not depended on my ESXI Server location, I will soon rearrange my network. At the moment I have cascaded two switches but If I connect both switch directly to the Firewall I can maybe reduce general network load and improve latency for some devices.

     

    Thanks everyone for the good suggestions and finding a nice solution for my network.

     

    Best

    Pete

  • Posted about these before and the model below i use was cheapest Intel Core I cpu with 4 threads and enough ram and ssd to max out XG home edition.

     

    https://www.amazon.co.uk/Partaker-Firewall-Pfsense-Mikrotik-Ethernet/dp/B078SNJ4F6/ref=sr_1_2?s=computers&ie=UTF8&qid=1540925514&sr=1-2&keywords=partaker%2Br9&th=1

     

    Partaker seemed to have best and right combo of components than the others i looked at, just check the cpu models first if its a dual core but has Hyperthreading then your OK just I wouldnt go with anything under an I3 like a celeron or Atom they just don't seem to have the power required to run all the xg features at once...  That model above is now being shipped with a replacement I5 now too so its even better value and has the power to run all 6 ports with at least enough throughput for any decent FTTC ISP.