Sophos Central Firewall Manager (CFM) maintenance scheduled for Wednesday, July 8th starting at 06:30 GMT. Expected time to complete is 5 hours. Partners will be unable to access CFM during this period.

Hardware Limitations In Home version

Is it possible to get the hardware limitations removed for the home version?  Or have they been removed in V18?

  • In reply to Mike Scott:

    The only times I've seen large organisations using PFSense is for internal VLAN segregation, and where QoS is required - not for permitter use - they normally seem to leave that to the commercial side of things.

    Open Source has been a big no-no for a lot of the companies I support - it's the fear of the source code being available and therefore being examined by hackers for exploits - with closed source you have to take a longer route to find them.

    And agree, the problem is that most things at home have been left in the default setup, and that usually is not hardened enough...how many home users would just have an any>any rule, rather than just allow what's needed and block everything else?

    Any>Any kind of defeats the object of having a firewall - and a lot of people while they are happy to control what comes in, they forget about securing what goes out.

  • In reply to Flyncalpoly:

    Flyncalpoly

    No clue why you guys argue that the limitation is acceptable; it’s not for me.

    It isn't about limitations. It's about "is it sufficient to satisfactorily do the job I need doing".

    Every solution has limitations. You can always specify more cpu, more memory, more bandwidth etc. If Sophos limited you to 100 CPUs and 1TB memory would you be happy or would it still be 'limited'? If you were going to provide an XG solution to a customer would you specify the biggest possible (at enormous cost) because it has the least limitations? Of course not, you specify what will do the job.

    Will the free solution that Sophos offer do the job for a home user? Yes. That's what matters!

  • In reply to rfcat_vk:

     I seem to remember you stating on another post, that it is not the brute power but the speed that is most important when choosing a CPU, as mathematical calculations are not the cornerstone requirement of the software, just quick responses.

    I am currently looking out for a micro-pc with 2 x Intel NICs with a Team Red (AMD) CPU, as most are Intel.

  • In reply to Argo:

    Hi Argo,

    i don' think I have said anything different in this thread?

    Remember the main part of the firewall is establishing the start and ending of the connection, once the connection has been validated then you need a very fast processor to shift the incoming packets to the next stage of the firewall configuration.

    ian

  • In reply to rfcat_vk:

    I'm reconsidering my i3 6100T again Vs the Atom processor I'm currently using

  • In reply to Mike Scott:

    Hi Mike,

    that CPU has 2 real and 2 threads, so you could expect around equivalent of 3 cores, but get 3 snorts (most time one less than CPUs). It will work very well.

    Ian

  • In reply to rfcat_vk:

    Hi

     

    Food for thought indeed, just got to consider the power consumption vs performance etc.

     

    cpuspecs.com/E3845-vs-i3-6100T

  • In reply to JasP:

    With the limitations I wouldn’t offer it as an option to home based clients.  With being unable to fully test the software to its full capacity no I wouldn’t spec out to my business clients.  Again it’s a choice the company makes.

  • In reply to Flyncalpoly:

    Flyncalpoly

    With the limitations I wouldn’t offer it as an option to home based clients.  With being unable to fully test the software to its full capacity no I wouldn’t spec out to my business clients.  Again it’s a choice the company makes.

    I'm sure Sophos will be sad to lose your business.

  • Was the limit changed with v18?

    console> system diagnostics show mem                                            
    MemTotal:        8072680 kB                                                     
    MemFree:         3636728 kB                                                     
    MemAvailable:    4976236 kB 

     

  • In reply to shred:

    The limit has been "removed" since v18 EAP 1, but I believe It's temporary. It should go back soon. Maybe when the new MR-1 gets released.

    I've been running my secondary XG on a VM with 16vCore without any issue lately.

    This picture has taken while I had some files transfer between VM's.

     

    Thanks!

  • In reply to JasP:

    Thanks for trolling.  If people like you are representing the company then I have no desire to be part of this community. Have a nice day troll

  • In reply to Prism:

    Hi Prism,

    I think that is an anomaly in the VM version. I know when I first install v18 I get the full memory being available until I restart the XG, then the limitations are applied.

    Ian

  • In reply to Flyncalpoly:

    Flyncalpoly
    Thanks for trolling.  If people like you are representing the company then I have no desire to be part of this community. Have a nice day troll

    I'm sorry, but, What the fsck? Seriously?

     

    I can't believe I'm wasting my time writing this. This really looks like a weak troll post from you.

     

    In the beginning of the thread you said;

    Flyncalpoly
    there is no reason to limit hardware if it is proven that the UTM is in a home location.

    How in the world will you prove to Sophos that  your currently only running XG on a Home environment? Do you really think they will put a lot of people and money just to inspect all Home users 24/7/365 to know if their running the Home version within their homes, instead of a small office? Just so the home users can have no hardware limit.

    You should be grateful there even is a home license from the beginning.

    No other else NGFW vendor in the market does this.

     

    Flyncalpoly
    There are tons of other UTM packages out there that don't have hardware limitations.

    And all of them doesn't even come close to what Sophos XG is currently capable off. Most of them are half baked solutions, and open source packages that have no interconnection between themselves.

    Look at pfsense, you can't have an IPS such as Suricata or Snort inspecting decrypted content from Squid, just because both of them inspect traffic direct from the interface.

     

    Flyncalpoly
    The limitation could be removed with the annual plan of $50/yr for the home premium.

    As stated by , the old astaro had a home license for $50, but the administration cost has way too high to maintain, It's much simpler giving it out for free to the home users.

     

    Flyncalpoly
    What you see is fair is your opinion; what I see is fair as a power home user / home lab is different.

    If you were a Home lab user, or a power users you would know exactly the performance you can get from XG. Even for today standards you can get 1Gbit/s of inspected traffic with XG fairly easy.

    The only problem here are people running CPU's from 2010 and expecting to push 1Gbit on their old dual core celeron that even on 2010 standards has already too weak.

     

    Flyncalpoly
    The limitation isn't necessary, and pushes people away from the product, which it has done to me.

    The limitation is necessary, so companies don't abuse it.

     

    Flyncalpoly
    It doesn't seem this product is in primetime for power users.

    Complete the opposite, just give yourself a time and learn what XG is capable of.

     

    Flyncalpoly
    Would you use a faster computer if there were no hardware limitations?  If you had a 7th generation intel with 16gb of ram, a 3 year old computer, would you want hardware limitations on it? You don't see a problem; I do.  No argument in the world will change my mind that there shouldn't be hardware limitations built into the software..

     

    Why do you even want a i5, i7 just wasting energy and being loud as fsck while a 2018 Celeron that barely uses 20W can do 1Gbit with SSL/TLS Decryption?

     

    Flyncalpoly
    Any who this seems pointless at this time; as the developers will not unlock the software package for users.  Therefore, I will continue to use PFSense rather than giving the Sophos developers a yearly subscription fee.  Good luck to others; maybe they will finally realize this is the right thing in V20.

     

    https://www.enterpriseav.com/SFv-4C6.asp

     

    The current price for a 4C6GB license, with the same features of the home version will cost you $7000 USD/Year, do you really want more as a home user?

     

    Flyncalpoly
    With the limitations I wouldn’t offer it as an option to home based clients.  With being unable to fully test the software to its full capacity no I wouldn’t spec out to my business clients.  Again it’s a choice the company makes.

     

    One thing, Home Users here are the minority. And if you really wanted to offer XG for your clients, you could simply become a partner and get NFR licenses for demonstration.

  • In reply to rfcat_vk:

    rfcat_vk
    I think that is an anomaly in the VM version. I know when I first install v18 I get eh full memory being available until I restart the XG, then the limitations are applied.

    Good to know, interesting enough, that VM got rebooted multiple times, and the limit still didn't got applied.

     

    Thanks!