Max Threat Inspection Throughput?

Looking to add some extra security to my home lab and have really liked the demo of the XG Firewall so far.  My only concern is the maximum throughput on the Home license for the XG firewall.  Currently I have 10Gb Fiber at home running through a UBNT EdgeRouter Infinity.  It works amazingly well as a standard router/firewall but I would really prefer to have a higher level of protection than it can provide.  From my understanding the Home licenses is just limited to CPU and RAM.  It seems to me that the RAM is the major limiting factor in the throught put for these.  What kinds of speeds are people getting with various packages enabled?  

Unfortunately I know the position I am in is rare and I cannot possibly expect to even get close to the full 10Gb link speed at any level under $40k or so.  I am just trying to find the best possible way to maximize the capability to within a reasonable budget.  Normally I would buy some used enterprise greade equipment but due to the XG (and other brands) license requirements the old equipment is all but worthless to me for this case.  I have a VM-200 Palo Alto license I can use for free as well (I think it might be lower throughput that the Home XG on proper hardware).  Hoping even if the XG home can't meet my wants someone has a better suggestion within a ~$3k budget for a home UTM that doesn't require an expensive yearly subscription.  Does Sophos have any Home style subscriptions that are not crazy expensive?  I have slightly looked into Sophos, PA, Untangle, PFSense, and Fortiguard but it is a lot of information to dig through.

  • Hi,

    half your  luck, with a 10gb internet.

    You will need som every good cards in the XG or any other firewall to process that speed. The XG hardware will not be that expensive and will work with what you are trying to achieve.

    XG home is limited to 4 CPUS (preferably very fast real cores, does not need I5 or i7 or even I9. 6gb of Ram and how that is utilised depends on your rules and policies. In your case a 128gb SSD is suggested.

    I would further suggest you use a server motherboard.

    The XG home licence has all the features of a small business eg no HA, no endpoint, no sandstorm or advanced ATP functions. There are other bits which most home users don't use eg STAS or DC integration but nothing stops you from trying. The only support you get is in these forums which have a number of very knowledgeable members.

    Ian

     

    Throughput will require you to tune your IPS.