Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recommendation Hardware / CPU for Home Use

Hello,

 

i recently discovered the free offerings from Sophos for home users.

I find them quite appealing. I downloaded Sophos XG and installed it in a VM on my Notebook. I messed around with it quite some time and I am blown away of the features and capabilities. Now I want to buy hardware and install it in my home. Now to my question/problem: How should I size it?

 

Usecase:

-4 separated VLANs / Zones

-VPN for Mobile Devices and Notebooks

-Permanent VPN to 2 or 3 remote sites, all are running Fritz!Box

-Clientless VPN access

-Intrusion prevention, Web and Application Filtering/Policies, Web server protection, Advanced threat protection, Firewall rules, Routes

-Dynamic DNS

-2 Access Points

-Permanent Users: only 2

-Internet Speed: 50 Mbit Down / 10 Mbit Up; VDSL50 from 1&1; eventually Cellular WAN in the future

-Around 70 devices, including Server, NAS, PCs, Smartphone, Smarthome etc

 

Additional requirements:

-Not to expensive ~250€

-Future Proof for the next years

-4 NICs

-Low power consumption

-Quiet operation

 

So I narrowed down a few devices, all from vendor Qotom, all from Aliexpress.

All have 4 x Intel I211.

But which CPU?

Is a Atom J1900 sufficient? This would be the cheapest option. But isn’t it a bit old?

Or model Q335G4 with Core I3 5005U?

For a mit more money I could get Q370G4 with Core I7 4500U.

Additional to all of these is a SSD with 120GB and 8GB RAM.

 

Thanks in advance for every opinion and recommendation.

 

Greetings

 

MExtreme



This thread was automatically locked due to age.
Parents
  • To give back some feedback: based on research and the answers from the forum (thanks again) I decided on J1900.

    I bought a cheap device from aliexpress with 4 x I211 NIC and the J1900, 4GB RAM and 64GB mSATA SSD.

    It's passive cooled and has 2 USB ports. 

    The installation worked flawlessly, everything works fine.

    My ISP recently upgraded (surprisingly) to 80/30 Mbit.

    As a modem I chose the dirt cheap FritzBox 7412.

    All my requested features work fine. 

    The horsepower is definitely enough.

    Most time the CPU utilization is in the single percentage, with peaks at ~35% with much VPN traffic.

    RAM usage is around 70%.

    To buy more powerful hardware would have been a waste of money.

  • Hi,

    the J1900 will struggle with v18 even with 4gb of ram. You will need at least 6gb. On my 6gb system running V18 EAP2 memory sits around 68%. You will also need to manage your disk utilisation, especially the reports section.

    If you intend doing any changes on a regular basis the J1900 will be too slow.

    Ii was running a J1900 with 8gb (6 active) ram on a 100/40 and it worked very well for throughput on v17.5.x but was almost unmanageable on v18.

    Extra processing power is not a waste of money because it gives you head room to grow your configuration as you acquire more devices for home eg IoT devices needing higher security eaxta firewall rules etc.

    Ian

     

    I am currently running the CPU in my signature because the the more modern lower performing MB fails to complete the installation of V18 EAP2 and this one needs changing because one of the NICs died during installation very annoying.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hello rfcat_vk,

    thanks for your answer and your knowledge. 

    As you can assume from this thread, I'm an absolute beginner with Sophos.

    I worked with firewalls from Zyxel in the past. But even midrange devices won't come close to my J1900 with XG.

    Neither with feature nor with GUI performance.

    So I'm quite impressed and satisfied how my device works.

    My goal was to build a very cheap firewall, which can handle everything described above.

    rfcat_vk said:
    If you intend doing any changes on a regular basis the J1900 will be too slow.

    I am patient ;)

    rfcat_vk said:
    Ii was running a J1900 with 8gb (6 active) ram on a 100/40 and it worked very well for throughput on v17.5.x but was almost unmanageable on v18.

    I hope they improve on performance until release.

    rfcat_vk said:
    Extra processing power is not a waste of money because it gives you head room to grow your configuration as you acquire more devices for home eg IoT devices needing higher security eaxta firewall rules etc.

    As mentioned, I am a beginner and really happy with the first weeks of using the firewall. 

    So I posted my conclusion, to give some feedback.

    I hope my device will handle the next few years. I don't want to upgrade the hardware after two weeks of usage.

  • HJi,

    when you migrate to v18 you will find 4gb of ram will not be enough, also the J1900 will have throughput issues. I just downloaded the update to my MBP and it pushed the CPU and ram considerably. My ram went over 4gb. CPU went from 3% to 15% on a quad core e3.

    The issue being the Sophos hard ware is tuned to provide peak performance where as the home hardware is not.

    Enjoy your new security.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • HJi,

    when you migrate to v18 you will find 4gb of ram will not be enough, also the J1900 will have throughput issues. I just downloaded the update to my MBP and it pushed the CPU and ram considerably. My ram went over 4gb. CPU went from 3% to 15% on a quad core e3.

    The issue being the Sophos hard ware is tuned to provide peak performance where as the home hardware is not.

    Enjoy your new security.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
  • when you migrate to v18 you will find 4gb of ram will not be enough, also the J1900 will have throughput issues.

    Well, let's hope it's fixed on EAP 3. The current throughput in v18 is... bad...

    Also, I've noticed your using e3-1225v5, how is the throughput on it? in v17 and v18. I'm asking this because your using the same CPU as XG 430 Rev. 2.

     

    Thanks,


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • Hi Prism,

    I used to have a 100/40 network and downgraded to a 50/20. The downloads on either one were capable of pushing the links to maximum speed. Current speed tests show the link is running around 48mb/s and that is what the latest MBP update showed yesterday. I went with the e3 because the J1900 was so slow in updating the GUI on v17.5 and even slower on v18.

    After the BIOS upgrade the XG is much faster in starting and performing GUI updates.

    The power usage varies from 15w when idle to 30w under load.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.