Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 40 subscribers
  • Views 3601 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VM or Dedicated for Sophos Home Edition

Muhammad Iqbal

I am seeking professional guidance on choosing between two hardware options: virtual machines or dedicated servers.

1 - Dedicated system:
Intel Celeron J4125 Processor - 2.00 GHz, 4 Cores, 4 Threads, 4 MB Cache
8G RAM DDR4 2400 MMHz
4 x Intel i210/i211 10/100/1000 NICs


2 - VM on Proxmox with 4 cores 6GB RAM on
12th Generation Intel Core i7 Processors - 3.50 GHz, 14 Cores, 20 Threads, 24 MB Intel Smart Cache
64G RAM DDR4 3200 MHz
2 x intel i225-V B3 100/1000/2500M NICs



This thread was automatically locked due to age.
Parents
  • +1

    The Hardware in option (2) is much faster and compability wont matter for Sophos Firewall since you can run it virtualized.

    Then, since you're a Home user stick with option (2) and virtualize Sophos Firewall with Proxmox.

    Also, use Virtio NIC. There's no need to do PCI pass-through since the Firewall doesnt have the driver support for I225-V or I226-V.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 MR1 @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • 0 in reply to Prism

    This hasn't been working for a setup that we've been trying to do with PCI Passthrough in Proxmox, it's been shutting down the connectivity and the VM has to be rebooted for it to work.  Then an hour, day, or even week later it's done it again.  Then again.  I've not had anyone with success with that NIC in either environment for Sophos.  Don't know about the i-226, the 225 however has ultimately failed.

    Using the Virtio NIC set without PCI Pass has been a big hit in link speeds.  Is there a way around this that you know of?  Like, it brings things down to a crawl with speed.  

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin
    Amodin said:
    Using the Virtio NIC set without PCI Pass has been a big hit in link speeds.

    How big of a hit? I can push 10G with IPS on Virtio on my local network, stable 1 Gbit/s with TLS Decrytion over the Internet.

    PCI Passthroguh won't work at all with Sophos Firewall, that's because the Kernel is too old and doesn't have driver support for those NIC's.

    The only issue I've encountered yet was Sophos Firewall will always use a single core independendly on how many IRC Queues the NIC have. Unless you manually change over SSH the cores which each IRQ uses, you will hit a wall on network throughput.

    But that modificaiton is always overwriten on reboot.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 MR1 @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

Reply
  • 0 in reply to Amodin
    Amodin said:
    Using the Virtio NIC set without PCI Pass has been a big hit in link speeds.

    How big of a hit? I can push 10G with IPS on Virtio on my local network, stable 1 Gbit/s with TLS Decrytion over the Internet.

    PCI Passthroguh won't work at all with Sophos Firewall, that's because the Kernel is too old and doesn't have driver support for those NIC's.

    The only issue I've encountered yet was Sophos Firewall will always use a single core independendly on how many IRC Queues the NIC have. Unless you manually change over SSH the cores which each IRQ uses, you will hit a wall on network throughput.

    But that modificaiton is always overwriten on reboot.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 MR1 @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

Children
No Data
Unfiltered HTML