XG Firewall Home edition on Celeron J1900

Hi All

Apologies if this has been asked before

I have a qotom hardware with 4 Intel NICs running on Intel Celeron J1900 processor. I was running OPNSense on it for many months and wanted to try out the XG Home edition version 18.0.1-396. I tried to install it with both UEFI and Legacy boot and could only boot it with Legacy Boot option. 

Post the boot, after 2-3 minutes, it just hangs and I can't ping 172.16.16.16 and no response on the VGA console. What should I do to fix this issue

Following is the CPU details (installed Ubuntu 18.04 recently)

root@pghome-ubnt:~# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 4
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 55
Model name: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
Stepping: 9
CPU MHz: 1332.800
CPU max MHz: 2415.7000
CPU min MHz: 1332.8000
BogoMIPS: 3998.40
Virtualization: VT-x
L1d cache: 24K
L1i cache: 32K
L2 cache: 1024K
NUMA node0 CPU(s): 0-3
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology tsc_reliable nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 movbe popcnt tsc_deadline_timer rdrand lahf_lm 3dnowprefetch epb pti ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid tsc_adjust smep erms dtherm ida arat md_clear



Added TAGs
[edited by: emmosophos at 12:19 AM (GMT -8) on 12 Feb 2021]
Parents
  • Could also be the size of memory.

    Also the hardware encryption is missing. I think OPNSense, pfSense or Sophos SG might better suit to this Hardware.

  • what you mean by that H/W encryption AES?? sure, XG doesn't use it anyway, Sophos XG is fine it's just heavy on resource usage as it applies multiple features on the passing traffic. PFSense may be lightweight, or it was but since it was bought out and no longer free to use it become bloated too..... But i don't even consider PFSense, for me is XG with HW to utilise it properly i.e. XG Home up to 4 cores and 6gb ram.

    Its same reason Sophos suggest disabling some features on rules for their low-end Sophos boxes.....  More Memory may not help in this case depending what this user's ram capacity is they didn't say.  I'd hope it's at least 4gb min, IPS is the CPU hog along with AV scanning on traffic next......

    JK

  • I am talking about AES-NI. This helps with the troughput of VPN connections. If I understand it right it is supported on the bigger XG hardware applicances.
    community.sophos.com/.../hardware-acceleration-aes-ni-isn-t-being-used-on-the-software-version-of-xg-v18

  • Assumed you meant AES but yeah depends if you need, Doubt the j1900 has it but could be wrong as haven't asked google. 

    JK

  • Hi,

    AES-ni is not supported on low end Sophos hardware or the home edition. The j1900 will work but the GUI will be very slow and throughput will depend om your WAN link. Make sure you have the maximum memory installed eg two 4gb sticks and that your NICs are not realtek or i219 series.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Hi john_kennny - i looked into my XG 135w which should be able to handle smaller companies. Contains 6 GByte RAM and a Intel Atom C3538@2.2 GHz Compared to the J1900 Pankay Gupta is using there is not that much difference the J1900 is even faster than the J1900. (Single thread  569 vs. 647 and Passmark 1650 vs.1111). 

    The "feeling" of the webinterface on XG 135w is rather slow.

    However compared with what you are proposing - current 2/4; 4/4 or 4/8 processor this rather slow.

    i3 (i3-1100@3.6 GHz 4/8; single Threas 2645, passmark 8899) /* Did not find a 4/4 i3 */
    Pentium Gold G6500@4.1 GHz 4/4: single Thread 2567, passmark 4213)

    Do you know whether the home version is supporting Hyper-Threading? I know it is 4 cores with 6 GByte RAM but nothing about the Hyper Threading.

  • Im work with XG125 rev 2, XG135 rev 3 and both have slow WEB interface. My old test box with 4GB RAM and Intel Core2DUO CPU(P8600) with old 500G HDD(XG HW have SSD) have a lot of faster GUI... For example on XG135 you need to login and go to network then DHCP to se dhcp leases and you need around 1-2 minutes to do that. On my old test box I can do around half faster(30-60 seconds)... It load pages a lot of faster but on paper is probably same speed or slower...

    Sophos XG v18.0.x - Supermicro CSE-512, X10SLM+F, E3-1220v3 8GB RAM, Intel X520-DA2

Reply
  • Im work with XG125 rev 2, XG135 rev 3 and both have slow WEB interface. My old test box with 4GB RAM and Intel Core2DUO CPU(P8600) with old 500G HDD(XG HW have SSD) have a lot of faster GUI... For example on XG135 you need to login and go to network then DHCP to se dhcp leases and you need around 1-2 minutes to do that. On my old test box I can do around half faster(30-60 seconds)... It load pages a lot of faster but on paper is probably same speed or slower...

    Sophos XG v18.0.x - Supermicro CSE-512, X10SLM+F, E3-1220v3 8GB RAM, Intel X520-DA2

Children
No Data