We'd love to hear about it! Click here to go to the product suggestion community
Is it possible to get the hardware limitations removed for the home version? Or have they been removed in V18?
no, the hardware limitations are part of using the XG for home use
4 CPUs and 6gb of ram.
Why do you think you need more than this for home use?
If you need greater resources then you should look at buying small commercial box/licence.
C'mon mate, lets imagine that sophos has to pay salaries, developing new solutions, ideas maintain current activities, infrastructure etc etc. We can be glad that sophos is allowing us a home users to using their product just for free with all features. Beside that, for home usage 4 cores and 6 gb is a overkill. With all features on you can gain 1GB/s. look how Fortigate(and other solutions) are expensive, what the are offering etc. With sophos you've got it for free with great community :) appreciate it ^^ and if you wanna use it for commercial just support it - buying it ;)
to give you an idea of resource usage here is screenshot of my home XG.
In reply to rfcat_vk:
rfcat_vk That is not a home version you have heartbeat enabled and app control :P (and 41 concurrent users)
On the other hand I consider that for home, more CPU cores would be needed, you can easily max out 4 cores in a 500Mbps line with the IPS (Snort) and the Advanced Threat enable, considering that there is an important fine tunning of the IPS rules.
You can easily consume that bandwith in a normal home when someone is downloading something and in many countries 1Gbps is avaible already and I can assume that SophosXG with 4 cores will have problems to work fine at high bandwidth load.
In reply to l0rdraiden:
l0rdraidenThat is not a home version you have heartbeat enabled and app control :P (and 41 concurrent users)
When you connect your XG Home to Sophos Central It automatically enables app control and heartbeat.
l0rdraidenOn the other hand I consider that for home, more CPU cores would be needed, you can easily max out 4 cores in a 500Mbps line with the IPS (Snort) and the Advanced Threat enable, considering that there is an important fine tunning of the IPS rules.
4 Cores is much more than enough for a Home User; The problem here are, people are using really old CPU's or CPU's that are too weak for pretty much anything in today standards, I'm talking about old Intel Atom's and AMD Athlon X2, those kinds of CPU.
If you get any new CPU, even those $60 USD such as G5400 or 3000GE, you will be able to get Gigabit speeds without any issue. Not only 1Gigabit/s of IPS, but also with SSL/TLS Inspection and AV.
Also the only tuning on IPS that you should be doing is changing from ac-bfna to hyperscan. After this change you will see almost no difference on performance while selecting all IPS signatures or just a few of them.
In reply to Roman klisiewicz:
I understand this logic, but there is no reason to limit hardware if it is proven that the UTM is in a home location. There are tons of other UTM packages out there that don't have hardware limitations. I don't mind paying the annual license, but to pay the annual license with a hardware restriction is weak. I guess I'll just stay on PFsense until they finally decide to remove the limitations. Thanks
In reply to Flyncalpoly:
That makes no sense to me at all.
What possible reason would you have for a home machine to have more hardware resource than the limitations? I've got a home license running on a I5-3470 Dell Optiplex 3010 - old machine, it has an SSD and have installed a hardware based dual network card from HP.
And it works better than anything else I've come across.
I also supply through my consultancy practice to several customers the Sophos XG and SG firewalls, and we have several virtual machines, most of which are set with 4GB RAM and 2vCPU - and for offices with 50 users these work well - the CPU passthrough is usually a E5-2697v4 running on Dell R730 hardware...
The point is, the 6GB RAM and 4vPUC is very generous, and if configured correctly not an issue for most users, let alone home users.
I tend to use the home machine for what it's intended for, and this protects the perimeter of my home very well, I also use it as a machine where I can apply patches and test things before I roll out to customers.
I am very grateful that Sophos have the decency to be able to offer a FREE product such as this to home users.
In reply to BLS:
The limitation could be removed with the annual plan of $50/yr for the home premium. What you see is fair is your opinion; what I see is fair as a power home user / home lab is different. The limitation isn't necessary, and pushes people away from the product, which it has done to me. Thanks for your response, and your need to belittle my desires. It doesn't seem this product is in primetime for power users.
I sill fail to see where there is a problem, even for power home users...
If I can push this through an Azure machine, over Express Route and then out of the ISP - it has 4GB RAM and 4vCPU, and not get about 25% CPU, I don't think there is a problem.
Would you use a faster computer if there were no hardware limitations? If you had a 7th generation intel with 16gb of ram, a 3 year old computer, would you want hardware limitations on it? You don't see a problem; I do. No argument in the world will change my mind that there shouldn't be hardware limitations built into the software.
It would depend on the task in-hand, but comparing desktop PC's with firewalls is not really the same, although you would specify both to do the job in hand, for example you would put in a really decent graphics card if the end user was editing video, working on photos most of the time - also the lifecycle of a PC is about 5 years, and software is 3 years in general.
With a firewall, you can specify this dependent on your networking requirements, the throughput of the home version, for a standard user, or even a power user at home is more than sufficient for the task it's designed to do?
More to the point, if you're specifying this in Azure, would you put in the fastest, most expensive costing machine just....because?
Why would you have a machine that's capable of delivering 40Gb connection from the internet, when at the moment the fastest home is about 1Gb? Just think about the cost of all that wattage with the CPU and RAM costs...if a machine is using 100w, that's going to cost 38p a day (16p/kwh) / £11.78 per month - so wouldn't it make more sense to put in a CPU with 4-cores and lower the RAM budget to half that?
One day it may get to that performance, but by then I can guarantee you that the hardware you're using now, will be in a landfill.
I'm currently testing Untangle, which I have paid the $50 license for, but I expect I'll be switching back to Sophos XG Home edition. I agree with Tim's comments TBH and I'm currently running it on an Atom quad core PC, 4GB Intel NICs with 4GB that I paid circa £200 for.
I do like pfsense, both are a good product, but I'd still use Sophos XG home.
My only wish is that applying the home product to an appliance was supported.
What is guaranteed is that Untangle, Sophos XG or pfsense is better than the Unifi UDM-Pro junk.
Let us go back a little time in history, Astaro used to charge home users $50 annual fee, but decided the administration cost was too high so changed the UT< to a maximum of 50 IP addresses not including interfaces.
You seem to fail to understand, there is no limitation on CPU performance, jus the number of real cores.
As BLS has pointed out most home user hardware is way more powerful that the top of the range Sophos hardware.
The recommendation for home users is 4 real CPU cores running as fast as you can. I7s are a waste of money and generate too much heat, you need CPUs that do not have extra features like a maths co-processor which adds no performance value.
In reply to Mike Scott:
you can apply the home licence to the Sophos hardware, takes a little bit of doing and I even think there are KBAs on the subject and there are plenty of threads in these forums.