Qotom box?

Hi,

I'm thinking of either using Sophos XG home or pfsense. Not sure which atm, and it'd be appreciated if anyone has their thoughts. The Sophos UTM for home is restricted to 50 IPs which is a hit annoying but I believe that the XG does similar stuff?

I like the idea of a real firewall appliance too. I'm guessing it needs to be AES-NI capabale. What do people recommend for hardware say from the Qotom or similar line?

I don't really want to run this on a PC given the sheer size and because I don't use PCs these days. A hardware appliance would be much nicer in general

Would I need a beefy i7 box?

  • Hi,

    the XG home licence limits are

    1/. 6gb ram

    2/. 4 CPUs

     

    Recommendations

    1/. The fastest quad core CPU you can buy, does not need to be i7 or even i5. The XG does not use the inbuilt maths-coprocessor

    2/. real NICs, and not intel 219

    3/. t least 60gb of disk

    If you have an old PC which not a power hungry device and can take an extra NIC, go for it.

    QOTOM boxes are good, but be wary of the NICs.

    At this stage the home licence does not use AES.

    Finally, please do a search of these forums for a number of threads on this subject.

    Ian

  • I've been running Sophos XG on a Qotom Q335G4 for the past 2-3+ years with no issues. Previous to that I did try pfSense and OPNsense, but I prefer Sophos XG since I find it much easier to work with and setup (especially when it comes to configuring IPS). With Sophos XG v17, I was still able to achieve ~500Mbps down with basically everything enabled (application filtering, IPS policies, web filtering, ATP, etc.). With v18 and the new Xstream architecture, I'm pretty sure speedtest.com just ends up using the Xstream fast flow path so I'm able to achieve 900+ Mbps down on my 1Gb ISP. My CPU usage statistics over the past month are "Max 3.58% || Avg 1.97%". I actually just bumped up the maxpkts setting in the IPS from the default of 8 to 100 and there seems to be essentially no change to CPU usage. All that to say, I think it's a great box for home use with Sophos XG.

    Also, I think v18 home version supports up to 8Gb. It use to be 6Gb but ever since v18, I'm seeing 8Gb available even with the latest release. You also don't need a 60GB HDD. I'm running a 32GB SSD and it's plenty of space for home use. I'm not sure what the actual minimum is.

  • In reply to rfcat_vk:

    rfcat_vk
    Hi,

    the XG home licence limits are

    1/. 6gb ram

    2/. 4 CPUs

    Recommendations

    1/. The fastest quad core CPU you can buy, does not need to be i7 or even i5. The XG does not use the inbuilt maths-coprocessor

    2/. real NICs, and not intel 219

    3/. t least 60gb of disk

    If you have an old PC which not a power hungry device and can take an extra NIC, go for it.

    QOTOM boxes are good, but be wary of the NICs.

    At this stage the home licence does not use AES.

    Finally, please do a search of these forums for a number of threads on this subject.

    Ian

    Hi, what's wrong with their NICs?

  • In reply to Waqas Ahmed:

    Hi,

    in general terms there is nothing wrong with Intel NICs, just the 219 series are not supported in XG.

    Ian

  • In reply to rfcat_vk:

    rfcat_vk
    Hi,

    in general terms there is nothing wrong with Intel NICs, just the 219 series are not supported in XG.

    Ian

    Thanks. I've noticed that the Qotom type of boxes people have searched for ie: Qotom q3555g4, q305g4, g330g4, q350g4, and g370g4 are sometimes used. Should these be fine given that they're i211 NICs?

    I'm not sure what other box I could buy then given that I'd want something about as small as said Qotom box?

    Would one from Pondesk work fine? Just had a look and even they use Intel NICs but not necessarily the 219 ones

  • In reply to Waqas Ahmed:

    Hi,

    there are others in forum who use boxes from Pondesk.

    Ian

  • In reply to rfcat_vk:

    rfcat_vk
    Hi,

    there are others in forum who use boxes from Pondesk.

    Ian

    Thanks,

    I guess that any Qotom box with a newer Intel I211-AT chipset would also be fine?