Recommendation Hardware / CPU for Home Use

Hi,

First thing, the XG Home License have an limit of 4 cores and 6GB of ram. even if you have 8GB you will be limited to 6GB.

Also you can look at the forums. there's a lot of posts like yours that have already been answered.

Since you currently have a 50/10 Mbit connection, the J1900 is more than sufficient for it. I'm currently using a J1900 with 4GB of ram on XG v18 with a 240/120Mbit connection, almost everything on my network  is currently using IDS/IPS, Web/App filtering/Polices, Advanced threat protection and AV + HTTPS Decrypt, I'm able to reach 180Mbit/s with all this features enabled. The only thing on my network without IDS/IPS is my computer, so I'm able to reach full speeds with it.

VPN throughput with AES-128 is at maximum 70-80 Mbit/s with the J1900. (It doesn't have AES-IN instruction on the CPU)

The VPN throughput can probably be a little higher or lower, but that's the speed I've managed to get in a real-world test.

Just a note: For some reason I've been getting higher throughput with the J1900 on the V17.5.8 MR-8, but that's probably because of a miss-configuration of the IDS/IPS.

TL;DR: The J1900 is a good choice for your network, but if you have any plans on getting 200Mbit/s WAN throughput or higher, or you want to be future proof, then you will be better with the I7-4500U.

Thanks,

Thank you Prism for your answer.

Prism said:

 

First thing, the XG Home License have an limit of 4 cores and 6GB of ram. even if you have 8GB you will be limited to 6GB.

I know. But since there is only a single SODIMM slot, I can only use 4GB or 8GB.

Prism said:

Also you can look at the forums. there's a lot of posts like yours that have already been answered.

I searched around in the forums. I knew before my question, that my configuration will work.

My research is also a reason, why I decided on  4 x Intel I211.

But to find some real world performance figures is difficult, especial with the features enabled.

Prism said:

I'm able to reach 180Mbit/s with all this features enabled.

So again: Thanks for this answer. It is exactly what I was looking for. 

Prism said:

It doesn't have AES-IN instruction on the CPU

 Yeah, I'm aware of it. But I didn't knew, how big the impact on performance will be.

Prism said:

if you have any plans on getting 200Mbit/s WAN throughput or higher

I would really like, to have a higher WAN speed. Sadly I can't get faster connection.

Only way would be Cellular, but this costs a fortune in Germany.

Prism said:

TL;DR: The J1900 is a good choice for your network

Thanks for your advice

Hi MExtreme,

Don't discard the option of a low profile appliance, an example:

https://www.ebay.com/itm/HP-T620-PLUS-Thin-Client-Quad-Core-GX-420CA-16GB-F-4GB-R-Intel-Pro1000-39Y6138/202784836845?hash=item2f36eb0ced:g:lgwAAOSwxU9df4lh

Or minitx boards and slim cases.

Good luck!

Also take a look at this thread that discusses the  Fitlet2 with J3455. It will support up to 4 NICs.

Some more discussion here. You'll need to use (Google Translate unless you speak Finnish).

Anyone using hardware NUC with a 1 Gbit fibre internet connection? Currently using a Zotax 4 core C1323 with 8 Gb, Intel N3150 1.6 Ghz but this doens't do this well (trougput max about 300 Mb/s compared to 1Gb/s). Would like to know the specs for NUC / CPU to get full performance when using DPI, scanning traffic, etc.

I know that this PC is old, but it's formfactor is great, and it has 2 nics out of the box.

Perhaps I'll test XG v18 with macMini 2014 (SSD) and a thunderbolt NIC in the future (read somewhere that this could work)

To give back some feedback: based on research and the answers from the forum (thanks again) I decided on J1900.

I bought a cheap device from aliexpress with 4 x I211 NIC and the J1900, 4GB RAM and 64GB mSATA SSD.

It's passive cooled and has 2 USB ports. 

The installation worked flawlessly, everything works fine.

My ISP recently upgraded (surprisingly) to 80/30 Mbit.

As a modem I chose the dirt cheap FritzBox 7412.

All my requested features work fine. 

The horsepower is definitely enough.

Most time the CPU utilization is in the single percentage, with peaks at ~35% with much VPN traffic.

RAM usage is around 70%.

To buy more powerful hardware would have been a waste of money.

Hi,

the J1900 will struggle with v18 even with 4gb of ram. You will need at least 6gb. On my 6gb system running V18 EAP2 memory sits around 68%. You will also need to manage your disk utilisation, especially the reports section.

If you intend doing any changes on a regular basis the J1900 will be too slow.

Ii was running a J1900 with 8gb (6 active) ram on a 100/40 and it worked very well for throughput on v17.5.x but was almost unmanageable on v18.

Extra processing power is not a waste of money because it gives you head room to grow your configuration as you acquire more devices for home eg IoT devices needing higher security eaxta firewall rules etc.

Ian

I am currently running the CPU in my signature because the the more modern lower performing MB fails to complete the installation of V18 EAP2 and this one needs changing because one of the NICs died during installation very annoying.

While it's not a NUC, I'm using an older Supermicro 1U with a Core2Quad Q6600 processor and 8GB of ram.  I've got a symmetrical 1G connection but I don't do any sort SSL decryption or VPN termination on XG.  It's also in transparent bridge mode sitting behind another server that runs OPNSense on similar hardware.

FWIW, I've got no trouble downloading at max speeds (think 105MB/sec+).  I don't know if that's because I have my rules misconfigured or what, but looking at the dashboard I see when incoming traffic getting blocked because they're classified as attacks, and my outgoing traffic is getting classified and sorted into categories.

The processor I'm using probably would get killed if I tried doing anything requiring encryption since it has no AES-NI.

Hello rfcat_vk,

thanks for your answer and your knowledge. 

As you can assume from this thread, I'm an absolute beginner with Sophos.

I worked with firewalls from Zyxel in the past. But even midrange devices won't come close to my J1900 with XG.

Neither with feature nor with GUI performance.

So I'm quite impressed and satisfied how my device works.

My goal was to build a very cheap firewall, which can handle everything described above.

rfcat_vk said:

If you intend doing any changes on a regular basis the J1900 will be too slow.

I am patient ;)

rfcat_vk said:

Ii was running a J1900 with 8gb (6 active) ram on a 100/40 and it worked very well for throughput on v17.5.x but was almost unmanageable on v18.

I hope they improve on performance until release.

rfcat_vk said:

Extra processing power is not a waste of money because it gives you head room to grow your configuration as you acquire more devices for home eg IoT devices needing higher security eaxta firewall rules etc.

As mentioned, I am a beginner and really happy with the first weeks of using the firewall. 

So I posted my conclusion, to give some feedback.

I hope my device will handle the next few years. I don't want to upgrade the hardware after two weeks of usage.

HJi,

when you migrate to v18 you will find 4gb of ram will not be enough, also the J1900 will have throughput issues. I just downloaded the update to my MBP and it pushed the CPU and ram considerably. My ram went over 4gb. CPU went from 3% to 15% on a quad core e3.

The issue being the Sophos hard ware is tuned to provide peak performance where as the home hardware is not.

Enjoy your new security.

Ian