XG Firewall throughput and HW configuration for an home ESXi host

Hello All,

to help the community I would like to share with all of us my actual situation.

I would like to install an XG Home on an ESXi host at home.

However it is really difficult for me to understand how to dimension the host for my needs (maximum thoughput for the XG on ESXi, then I can dimension all the rest of my VM).

For example, a i7 7700T with 4 threads and 8 GB can manage 300 Mb/s connetion at full speed?

Is this configuration too much and I can expect to use less vCPU or a less powerful processor?

I know also that the thoughput depends on which service is active on the FW.

I am wondering if all of you might share the configuration of your host, the services activated on your XG and the thoughput you can achieve.

This discussion might become an home made practical dimensioning guide for all newcomers like me.

Thanks in advance to everybody answering.

  • Giuseppe,

    As you wrote the configuration depended of the number of filters used and by the number of users.

    Have a look at this data sheet:

    You need at least 12 GB of ram in real environment with all engines enabled.4 threads should be ok.

    Regards

  • In reply to lferrara:

    Many thanks for your input.

    this means that an average home user, with a 300 Mb/s home connection, cannot use the Home license for his home network.

    As far as I remember, the Home License allows only 4 threads with 8 GB....

    It is perfect for ADSL connections, but not for new home fiber links.

    It is really a pity...

    ciao,

    GL

  • In reply to Giuseppe lauria1:

    I would like to add a note to Sophos.

    you are doing a great job providing for free a professional appliance and all of us should be grateful for that.

    Most of us are really ready to test and provide feedbacks as reward to Sophos for being allowed to use a professional appliance at home.

    However you should consider that home users willing to install your appliance and able to manage it, are usually professionals living in big towns, where home fiber links are today offered at prices equal or similar to ADSL connections. Most of them will soon move to such connections. 300 Mb/s or higher will be soon common in this forum. Plus, you should consider that such people have at home quite complex networks with streaming devices, NAS, several computers and/or tablets and smartphones.

    If we will not be able to use all functionalities due to HW limitations, then we will be obliged to move to a different appliance, e.g. linux distros (I know they are not the same, but what should we do if we cannot use all bandwidth?).

    Is there any chance to have higher limitations on vCPU and memory for the Home license (e.g. 6 vCPU and 12-16GB)?

    Thanks in advance.

    Saluti,

    GL

  • Hi

    I don't know if it are the Sophos XG Firewall - Free Edition for Home you uses.

    But this Free home version does not support more than 4GB Memory.

  • In reply to Per Johansen:

    Hi All,

    Home edition supports up to 4 cores and 6 GB of RAM. At the moment there is a bug where home version is limited to 4 GB but officially the home version supports up to 6 GB even if you install more RAM.

    Regards

  • In reply to Giuseppe lauria1:

    I have 100/100 fiber and running XG home on a quad core Celeron (https://www.amazon.com/gp/product/B01GZUQNAO/ref=oh_aui_detailpage_o05_s00?ie=UTF8&psc=1

    under maximum download where Im maxing out my available bandwidth, the CPU on XG never passes 30%. 

  • In reply to Giuseppe lauria1:

    Before you discount using Sophos XG as a VM, have a read about the performance I am getting from this firewall as a Hyper-V VM.

    community.sophos.com/.../sophos-xg-performance-as-hyper-v-vm