Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 12 replies
  • Subscribers 43 subscribers
  • Views 10926 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recommendation Hardware / CPU for Home Use

MExtreme

Hello,

 

i recently discovered the free offerings from Sophos for home users.

I find them quite appealing. I downloaded Sophos XG and installed it in a VM on my Notebook. I messed around with it quite some time and I am blown away of the features and capabilities. Now I want to buy hardware and install it in my home. Now to my question/problem: How should I size it?

 

Usecase:

-4 separated VLANs / Zones

-VPN for Mobile Devices and Notebooks

-Permanent VPN to 2 or 3 remote sites, all are running Fritz!Box

-Clientless VPN access

-Intrusion prevention, Web and Application Filtering/Policies, Web server protection, Advanced threat protection, Firewall rules, Routes

-Dynamic DNS

-2 Access Points

-Permanent Users: only 2

-Internet Speed: 50 Mbit Down / 10 Mbit Up; VDSL50 from 1&1; eventually Cellular WAN in the future

-Around 70 devices, including Server, NAS, PCs, Smartphone, Smarthome etc

 

Additional requirements:

-Not to expensive ~250€

-Future Proof for the next years

-4 NICs

-Low power consumption

-Quiet operation

 

So I narrowed down a few devices, all from vendor Qotom, all from Aliexpress.

All have 4 x Intel I211.

But which CPU?

Is a Atom J1900 sufficient? This would be the cheapest option. But isn’t it a bit old?

Or model Q335G4 with Core I3 5005U?

For a mit more money I could get Q370G4 with Core I7 4500U.

Additional to all of these is a SSD with 120GB and 8GB RAM.

 

Thanks in advance for every opinion and recommendation.

 

Greetings

 

MExtreme



This thread was automatically locked due to age.
Parents
  • +1

    Hi,

     

    First thing, the XG Home License have an limit of 4 cores and 6GB of ram. even if you have 8GB you will be limited to 6GB.

    Also you can look at the forums. there's a lot of posts like yours that have already been answered.

     

    Since you currently have a 50/10 Mbit connection, the J1900 is more than sufficient for it. I'm currently using a J1900 with 4GB of ram on XG v18 with a 240/120Mbit connection, almost everything on my network  is currently using IDS/IPS, Web/App filtering/Polices, Advanced threat protection and AV + HTTPS Decrypt, I'm able to reach 180Mbit/s with all this features enabled. The only thing on my network without IDS/IPS is my computer, so I'm able to reach full speeds with it.

    VPN throughput with AES-128 is at maximum 70-80 Mbit/s with the J1900. (It doesn't have AES-IN instruction on the CPU)

    The VPN throughput can probably be a little higher or lower, but that's the speed I've managed to get in a real-world test.

     

    Just a note: For some reason I've been getting higher throughput with the J1900 on the V17.5.8 MR-8, but that's probably because of a miss-configuration of the IDS/IPS.

     

    TL;DR: The J1900 is a good choice for your network, but if you have any plans on getting 200Mbit/s WAN throughput or higher, or you want to be future proof, then you will be better with the I7-4500U.

     

    Thanks,

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

Reply
  • +1

    Hi,

     

    First thing, the XG Home License have an limit of 4 cores and 6GB of ram. even if you have 8GB you will be limited to 6GB.

    Also you can look at the forums. there's a lot of posts like yours that have already been answered.

     

    Since you currently have a 50/10 Mbit connection, the J1900 is more than sufficient for it. I'm currently using a J1900 with 4GB of ram on XG v18 with a 240/120Mbit connection, almost everything on my network  is currently using IDS/IPS, Web/App filtering/Polices, Advanced threat protection and AV + HTTPS Decrypt, I'm able to reach 180Mbit/s with all this features enabled. The only thing on my network without IDS/IPS is my computer, so I'm able to reach full speeds with it.

    VPN throughput with AES-128 is at maximum 70-80 Mbit/s with the J1900. (It doesn't have AES-IN instruction on the CPU)

    The VPN throughput can probably be a little higher or lower, but that's the speed I've managed to get in a real-world test.

     

    Just a note: For some reason I've been getting higher throughput with the J1900 on the V17.5.8 MR-8, but that's probably because of a miss-configuration of the IDS/IPS.

     

    TL;DR: The J1900 is a good choice for your network, but if you have any plans on getting 200Mbit/s WAN throughput or higher, or you want to be future proof, then you will be better with the I7-4500U.

     

    Thanks,

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

Children
  • 0 in reply to Prism

    Thank you Prism for your answer.

     

    Prism said:

     

    First thing, the XG Home License have an limit of 4 cores and 6GB of ram. even if you have 8GB you will be limited to 6GB.

    I know. But since there is only a single SODIMM slot, I can only use 4GB or 8GB.

    Prism said:

    Also you can look at the forums. there's a lot of posts like yours that have already been answered.

    I searched around in the forums. I knew before my question, that my configuration will work.

    My research is also a reason, why I decided on  4 x Intel I211.

    But to find some real world performance figures is difficult, especial with the features enabled.

    Prism said:

    I'm able to reach 180Mbit/s with all this features enabled.

    So again: Thanks for this answer. It is exactly what I was looking for. 

    Prism said:

    It doesn't have AES-IN instruction on the CPU

     Yeah, I'm aware of it. But I didn't knew, how big the impact on performance will be.

    Prism said:

    if you have any plans on getting 200Mbit/s WAN throughput or higher

    I would really like, to have a higher WAN speed. Sadly I can't get faster connection.

    Only way would be Cellular, but this costs a fortune in Germany.

    Prism said:

    TL;DR: The J1900 is a good choice for your network

    Thanks for your advice

Unfiltered HTML