Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recommendation Hardware / CPU for Home Use

Hello,

 

i recently discovered the free offerings from Sophos for home users.

I find them quite appealing. I downloaded Sophos XG and installed it in a VM on my Notebook. I messed around with it quite some time and I am blown away of the features and capabilities. Now I want to buy hardware and install it in my home. Now to my question/problem: How should I size it?

 

Usecase:

-4 separated VLANs / Zones

-VPN for Mobile Devices and Notebooks

-Permanent VPN to 2 or 3 remote sites, all are running Fritz!Box

-Clientless VPN access

-Intrusion prevention, Web and Application Filtering/Policies, Web server protection, Advanced threat protection, Firewall rules, Routes

-Dynamic DNS

-2 Access Points

-Permanent Users: only 2

-Internet Speed: 50 Mbit Down / 10 Mbit Up; VDSL50 from 1&1; eventually Cellular WAN in the future

-Around 70 devices, including Server, NAS, PCs, Smartphone, Smarthome etc

 

Additional requirements:

-Not to expensive ~250€

-Future Proof for the next years

-4 NICs

-Low power consumption

-Quiet operation

 

So I narrowed down a few devices, all from vendor Qotom, all from Aliexpress.

All have 4 x Intel I211.

But which CPU?

Is a Atom J1900 sufficient? This would be the cheapest option. But isn’t it a bit old?

Or model Q335G4 with Core I3 5005U?

For a mit more money I could get Q370G4 with Core I7 4500U.

Additional to all of these is a SSD with 120GB and 8GB RAM.

 

Thanks in advance for every opinion and recommendation.

 

Greetings

 

MExtreme



This thread was automatically locked due to age.
Parents
  • Also take a look at this thread that discusses the  Fitlet2 with J3455. It will support up to 4 NICs.

     

    Some more discussion here. You'll need to use (Google Translate unless you speak Finnish).

  • Anyone using hardware NUC with a 1 Gbit fibre internet connection? Currently using a Zotax 4 core C1323 with 8 Gb, Intel N3150 1.6 Ghz but this doens't do this well (trougput max about 300 Mb/s compared to 1Gb/s). Would like to know the specs for NUC / CPU to get full performance when using DPI, scanning traffic, etc.

    I know that this PC is old, but it's formfactor is great, and it has 2 nics out of the box.

    Perhaps I'll test XG v18 with macMini 2014 (SSD) and a thunderbolt NIC in the future (read somewhere that this could work)

     

  • While it's not a NUC, I'm using an older Supermicro 1U with a Core2Quad Q6600 processor and 8GB of ram.  I've got a symmetrical 1G connection but I don't do any sort SSL decryption or VPN termination on XG.  It's also in transparent bridge mode sitting behind another server that runs OPNSense on similar hardware.

    FWIW, I've got no trouble downloading at max speeds (think 105MB/sec+).  I don't know if that's because I have my rules misconfigured or what, but looking at the dashboard I see when incoming traffic getting blocked because they're classified as attacks, and my outgoing traffic is getting classified and sorted into categories.

    The processor I'm using probably would get killed if I tried doing anything requiring encryption since it has no AES-NI.

Reply
  • While it's not a NUC, I'm using an older Supermicro 1U with a Core2Quad Q6600 processor and 8GB of ram.  I've got a symmetrical 1G connection but I don't do any sort SSL decryption or VPN termination on XG.  It's also in transparent bridge mode sitting behind another server that runs OPNSense on similar hardware.

    FWIW, I've got no trouble downloading at max speeds (think 105MB/sec+).  I don't know if that's because I have my rules misconfigured or what, but looking at the dashboard I see when incoming traffic getting blocked because they're classified as attacks, and my outgoing traffic is getting classified and sorted into categories.

    The processor I'm using probably would get killed if I tried doing anything requiring encryption since it has no AES-NI.

Children
No Data