Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Maximum throughput of Virtual Sophos

I want to setup a virtual Sophos XG on VMware ESXi 6.7 which is running on a Cisco C220 M4 Rackserver (2x E5-4660 2.30Ghz | 128 GB RAM | OS is running an SSD) It has a 10Gb/s Connection for WAN and LAN.

The Sophos VM has 40 vCPUs and 100 GB RAM. What kind of throughput can I expect. Or differently... how much of my 10Gb/s speed am I going to loose.



This thread was automatically locked due to age.
  • Hi,

    from previous posts you are using a home licence

    1/. assign 4 real CPUS and lock them to the XG

    2/. assign 6gb of RAM and lock that to the XG

    3/. make sure the disks are assigned to the XG

    4/. make sure the NICs are correctly configured and assigned exclusively to the XG

    5/ tune the IPS and DOS settings, the default settings will limit your throughput.

    If you tune the IPS settings then you should not loose much if any on an individual connection and if you have many connections then you should attain the 10gb/s throughput.

    These are my settings which are way from standard on the DOS part of IPS>

    Use these as a starting point.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I thought that the CPU limits your bandwidth because it has to analyze all of the packets passing through it...

     

  • Hi,

     

    Jonas Keller said:
    The Sophos VM has 40 vCPUs and 100 GB RAM. What kind of throughput can I expect. Or differently... how much of my 10Gb/s speed am I going to loose.

    If you actually have a license that's capable of utilize 40 vCPUS and 100GB RAM, then you wouldn't even bee worrying about it not reaching 10Gbit/s.

    In a modern CPU, with IPS/WebProxy/ATP, on v17.5.x you can reach around  >820Mbit/s on a single core.

    The only problem you would face over a 10Gbit/s connection is: XG currently uses Snort, any application which uses a single connection for transferring anything, you will be forced to use only a single core of your VM.

    If you disable IPS on v17.5.x you will be getting line-rate throughput over it. Well, a 4vCore with 6GB RAM has capable of it*, then I don't see why 40vCore wouldn't be.

    *With VIrtiO Drivers, not vmxnet3.

     

    Ian said on the post above - your currently using the Home License, so your limited with 4Cores/6GB RAM, if that's true then you will only archive 10Gbit/s without IPS on v17.5.x.

    Currently on v18 EAP there's no Core/RAM limit on it*, you should try it out when EAP 3 Refresh comes out.

    *EAP 3 Refresh should have performance improvements, since it's currently.... "weird"...

     

    Thanks,


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • Is v18 available for free... and where can I download it?


  • If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • There are limits on V18 EAP3 if you are using the home licence. When you first install EAP3 from the ISO you will get access to all available resources, but at first reboot after you synchronise your licence you will be restricted to the home licence maximums.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • rfcat_vk said:
    There are limits on V18 EAP3 if you are using the home licence. When you first install EAP3 from the ISO you will get access to all available resources, but at first reboot after you synchronise your licence you will be restricted to the home licence maximums.

    Well, I didn't knew about that, I'll be checking it later, I believe It must be a issue in my end.

    Thanks,


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • Hi Prism,

    I think the config change was missing from one of the earlier v18 EAPs and only returned when an ISO was used to build EAP3.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • rfcat_vk said:
    I think the config change was missing from one of the earlier v18 EAPs and only returned when an ISO was used to build EAP3.

    You're sure about it?

    Thanks,


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • I am quite sure, because my XG was using 8gb of ram for sometime until I restarted it, then it reverted to 6gb. I only have 4 real CPUs so I can't tell whether the CPU limit has ben applied.

    I could for the fun  of it later today rebuild the box with 8 cpus to see what happens. The weather has gone from very hot, dry and smokey to cold and wet.

    ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.