what traffic can be handled in version 4 core, 6Gb RAM in relation to IPS/IDS
This thread was automatically locked due to age.
Hi Mike,
Thank you for reaching out to Sophos Community.
Sophos Firewall Home will be able to handle the IPS.
For the Traffic, you may refer to IPS Signature categories and documentation.
Erick Jan
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
The answer: it depends. I can only give you an example of ram usage in a particular scenario. In a simple home network (Read: home usage) with about 5-8 devices and all IPS rules enabled for all firewall rules, with TLS inspection on 3 devices, it uses around 4Gb of RAM. This is with most features enabled (app/web/IPS/TLS). Download speeds of 300 Gbps sustainable with no slow down.
As far as CPU, it depends even more.... In my performance history, the CPU usage never hovered above 25% which is very good for what I have, a quad core Xeon (a 2.5GHz variant)
What hardware do you have? What CPU? With a regular household there should be no issue, especially since Android/iOS devices will not be using TLS inspection anyways so you would only be using that for Windows/Linux devices mostly.
Also, with the IPS, which uses most of the CPU, it can be tuned by selecting only the IPS rules that you need, such as a LAN to WAN, or WAN to LAN policy. Ect. I hope this helps.
In summary from my experience you will not run out of processing power ot memory. I am currently using and XG 115W which has 4gb of ram and usage never goes much above 80% before dropping to low 70s. The CPU is a little on the weaker side and cannot proceed my old 1000/50 internet link.
I run dual stack with 40+ rules using a mix of proxy and SSL/TLS, though as Alan advises my Apple devices do not use SSL decrypt and scan. The devices are mix of Apple, IoT and printers.
If you are using Xeon based chip with about +3ghz speed you will not have any real issues.
Ian
XG115W - v20 GA - Home
XG on VM 8 - v20 GA
If a post solves your question please use the 'Verify Answer' button.
The original poster did not say what hardware he has in mind, whether an SG/XG appliance, or otherwise. Hopefully he won't give up. The biggest drawback so far for the newest hardware is the lack of UEFI support from sophos. So, the need to virtualize with a hypervisor is becoming greater all the time as the CPU in these firewall appliances becomes a bottleneck with the rise of faster and faster internet connections.
I am currently using and XG 115W which has 4gb of ram
Have you considered upgrading your memory to 8 GB? There were a few posts about upgrading the RAM in the XG units.
The XG115w is under a 3 year support licence, so upgrading memory is not an option. The box does not have sufficient processing power for a high performance link.
The is a post that provides details on how to get around the UEFI issue without using a VM. The process is messy for a home user unless very experienced.
Ian
XG115W - v20 GA - Home
XG on VM 8 - v20 GA
If a post solves your question please use the 'Verify Answer' button.