Hi,
I could not find any information about the CPU to run Sophos Home Firewall v20.
All I know is that FW v20 only can run on Intel CPUs and supports 4 cores.
Given that I have an old Intel Core2 Quad 8XXX, which does not supports Intel AES instruction,
would the CPU be running slow as an VPN server?
If not, what kind of Intel CPU is recommend? Intel 3rd Gen CPUs?
The home firewall will be used at home catering about 2-6 people.
Thank you.
Regards,
Marcus
Hi,
the fastest 4 (real) cores you can find, something like a xeon is better and more power efficient. The overall load will depend on fthe number of firewall rules and policies you put in place. There is no benefit from using PC type CPUs because none of the functions are used.
Ian
XGS118 - v21.0.1 MR1
XG115 converted to software licence v21.0.1 MR-1
If a post solves your question please use the 'Verify Answer' button.
Hi, thanks for replying. I am bit confused on your last statement:
There is no benefit from using PC type CPUs because none of the functions are used.
Can you elaborate more on your last statement? Are you recommending me to look for server type CPUs?
I have a Xeon at home, I can't remember the model number, it is a socket 1150, 4 cores 4 threads CPU.
The intel PC CPU come with a number of built in functions eg maths coprocessors which are not used by the XG firmware.
My VM is running a XEON, one of the newer versions. My previous home hardware used XEON 4 core. XEONs ar usually cheaper than the i series CPUs.
Ian
XGS118 - v21.0.1 MR1
XG115 converted to software licence v21.0.1 MR-1
If a post solves your question please use the 'Verify Answer' button.
Hi, thanks for replying. I am bit confused on your last statement:
There is no benefit from using PC type CPUs because none of the functions are used.
Can you elaborate more on your last statement? Are you recommending me to look for server type CPUs?
I have a Xeon at home, I can't remember the model number, it is a socket 1150, 4 cores 8 threads CPU.
If the software is running on this hardware, it may be enough.
I run the Sophos Firewall onto "old" SG210 and an additional hypervisor. It is enough for 100MBit full protection and 5-10 people.
Only a few 25% CPU spikes.
I would just try it if the hardware is there. At home, you can migrate to newer/more performant hardware later.
Dirk
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Hi, my Fibre internet connection at home currently is 30/30 Mbps.
I dug out old forum link with the help from Google and I found this:
That post gave some idea of what kind of CPU need to buy to give extra headroom in the future, when more people will be using the internet and upgrade my internet connection to 100Mbps.
Thank you.
The Core 2 quad which is only a 45 watt CPU (no hyperthreading) will be fine for XG Home. It will be even better if you don't use HTTPS decryption, and limit your IPS rules. You would have nothing to worry about. It would be on an older motherboard supporting legacy mode BIOS, so you could run the firewall bare-metal without needing to virtualize it with Proxmox, ect. If you have between 4 to 8Gb or RAM, you will be fine, the home version is limited to 6Gb or RAM even if you have more. Any Intel CPU 9th gen or lower will be OK as long as you are using a retail motherboard (not HP) since it can be supported by the firewall, otherwise any current or older gen CPU would be fine if you want to virtualize through Proxmox, VMware, ect.
Also, the older server-grade single/dual/quad port Intel NICs are well supported especially for use in bare metal installation. Realtek NICs are not recommended,. The newer Intel NICs (i219+) would almost certainly need to be virtualized.
Hi, Thanks for sharing.
I am going to run Sophos Firewall on a dedicated PC, so Proxmox is not applicable to my case.
Yes, I was thinking about using Core 2 CPU but did not proceed due to the following reasons:
1) This platform does not have built-in GPU, meaning I will have install a cheap VGA card and that is going to drive up the wattage usage.
2) This CPU does not support AES-NI, so running it will be slow when I have VPN server set up.
3) I need to use PCI-E express bus X16 slot to install my quad port INTEL NIC which uses X4 PCI-E lanes, how am I going to install a cheap VGA card?
Someone asked the same thing about AES-NI support 6 years ago, but no one answer.......
community.sophos.com/.../aes-ni-require-in-future
rfcat_vk
After further digging from Google I found this post:
https://community.sophos.com/sophos-xg-firewall/f/discussions/119782/hardware-acceleration-aes-ni-isn-t-being-used-on-the-software-version-of-xg-v18?pifragment-2944=3
It seems that AES-NI is only supported in Sophos Hardware Appliance.
Is this information still valid in 2024?
Is this information still valid in 2024?
It isn't.
Currently at v20 MR2, AES-NI is supported for Software/VM installations. (Including home licenses.)
If a post solves your question use the 'Verify Answer' button.
Ryzen 5600U + I226-V (KVM) v21 MR1 @ Home
Sophos ZTNA (KVM) @ Home
If you just want to run bare-metal and not worry about specs and working hardware, I honestly would just buy a used Sophos appliance like the XG or SG 125/135, slap a new SSD in it and install Sophos home version on it. For 2-6 users it would be more than good enough.
You can find a ton on eBay for around $100. There are also the fanless Qotom PCs with the Intel i211 network cards that will work and are available for around $150 on Amazon/Alibaba.
Most people would recommend these as working with Sophos firewall without needing to build a custom PC if you don't already have the parts.