Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VM or Dedicated for Sophos Home Edition

I am seeking professional guidance on choosing between two hardware options: virtual machines or dedicated servers.

1 - Dedicated system:
Intel Celeron J4125 Processor - 2.00 GHz, 4 Cores, 4 Threads, 4 MB Cache
8G RAM DDR4 2400 MMHz
4 x Intel i210/i211 10/100/1000 NICs


2 - VM on Proxmox with 4 cores 6GB RAM on
12th Generation Intel Core i7 Processors - 3.50 GHz, 14 Cores, 20 Threads, 24 MB Intel Smart Cache
64G RAM DDR4 3200 MHz
2 x intel i225-V B3 100/1000/2500M NICs



This thread was automatically locked due to age.
  • #1, because #2 alone would not work - the i225-V NIC is trash, and neither UTM nor XG support that card.  While the hardware in #2 is great, your compatibility in #1 is better.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • The Hardware in option (2) is much faster and compability wont matter for Sophos Firewall since you can run it virtualized.

    Then, since you're a Home user stick with option (2) and virtualize Sophos Firewall with Proxmox.

    Also, use Virtio NIC. There's no need to do PCI pass-through since the Firewall doesnt have the driver support for I225-V or I226-V.


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 MR1 @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • This hasn't been working for a setup that we've been trying to do with PCI Passthrough in Proxmox, it's been shutting down the connectivity and the VM has to be rebooted for it to work.  Then an hour, day, or even week later it's done it again.  Then again.  I've not had anyone with success with that NIC in either environment for Sophos.  Don't know about the i-226, the 225 however has ultimately failed.

    Using the Virtio NIC set without PCI Pass has been a big hit in link speeds.  Is there a way around this that you know of?  Like, it brings things down to a crawl with speed.  

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Using the Virtio NIC set without PCI Pass has been a big hit in link speeds.

    How big of a hit? I can push 10G with IPS on Virtio on my local network, stable 1 Gbit/s with TLS Decrytion over the Internet.

    PCI Passthroguh won't work at all with Sophos Firewall, that's because the Kernel is too old and doesn't have driver support for those NIC's.

    The only issue I've encountered yet was Sophos Firewall will always use a single core independendly on how many IRC Queues the NIC have. Unless you manually change over SSH the cores which each IRQ uses, you will hit a wall on network throughput.

    But that modificaiton is always overwriten on reboot.


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 MR1 @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • Sophos community is great and thank you all for your advice. I already purchased Server #2 for eHone automation and security applications. I will install Proxmox on it and use virtual servers for all my eHone automation and security applications.

    Do you think buying a second dedicated system for Sophos Home Edition is worth it or will a VM on the same #2 server suffice?

  • In that case buy a quad core card with supported nics. The box has plenty of capacity to run e home and XG. It will get hot and suck lots of power.

    ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.