The Core 2 quad which is only a 45 watt CPU (no hyperthreading) will be fine for XG Home. It will be even better if you don't use HTTPS decryption, and limit your IPS rules. You would have nothing to worry about. It would be on an older motherboard supporting legacy mode BIOS, so you could run the firewall bare-metal without needing to virtualize it with Proxmox, ect. If you have between 4 to 8Gb or RAM, you will be fine, the home version is limited to 6Gb or RAM even if you have more. Any Intel CPU 9th gen or lower will be OK as long as you are using a retail motherboard (not HP) since it can be supported by the firewall, otherwise any current or older gen CPU would be fine if you want to virtualize through Proxmox, VMware, ect.

Also, the older server-grade single/dual/quad port Intel NICs are well supported especially for use in bare metal installation. Realtek NICs are not recommended,. The newer Intel NICs (i219+) would almost certainly need to be virtualized.

Hi, Thanks for sharing.

I am going to run Sophos Firewall on a dedicated PC, so Proxmox is not applicable to my case.

Yes, I was thinking about using Core 2 CPU but did not proceed due to the following reasons:

1) This platform does not have built-in GPU, meaning I will have install a cheap VGA card and that is going to drive up the wattage usage.
2) This CPU does not support AES-NI, so running it will be slow when I have VPN server set up.
3) I need to use PCI-E express bus X16 slot to install my quad port INTEL NIC which uses X4 PCI-E lanes, how am I going to install a cheap VGA card?

Thanks, may I know but where did find this information from Sophos ?

Yes, correct your idea is workable, but I personally just wouldn't going to that route

when AES-NI is supported in Sophos Firewall v20.

If you just want to run bare-metal and not worry about specs and working hardware, I honestly would just buy a used Sophos appliance like the XG or SG 125/135, slap a new SSD in it and install Sophos home version on it. For 2-6 users it would be more than good enough.

You can find a ton on eBay for around $100. There are also the fanless Qotom PCs with the Intel i211 network cards that will work and are available for around $150 on Amazon/Alibaba.

Most people would recommend these as working with Sophos firewall without needing to build a custom PC if you don't already have the parts.

Thanks for sharing.

Yes, I just noticed yesterday. I can buy an old XG appliance from ebay and install Sophos Firewall Home on it.

But I already had my custom built hardware last time when testing out pfSense. So I am sticking with my custom built PC.

You only have one PCI-e slot. How are you going to fit both a GPU and a NIC card in it??

Hi,

Let me explain again, to sort out the confusion.

At the beginning, I have a very old custom PC using Core2 Quad CPU, it has a separate VGA card. 

I decided not to use it because of the following reasons:

1) VGA card will draw more power

2) The Core2 Quad CPU does not supports AES-NI. 

3) Snice the VGA card already occupied the PCI-E x 16, I cannot use my Intel Quad NIC card which is using PCI-E x4 slot.

4) My motherboard does not comes with any PCI-E x4 slot, only PCI-E x1 slot.

On another hardware, I already have custom PC which is all- in- system, an AMD motherboard, which has built-in gpu + cpu. This motherboard has a PCI-E x16 slot. So this system can support my Intel Quad NIC and I was running pfSense, until I made a switch to Sophos Firewall yesterday.

My mistake. Then please take a look at a dual port X1 PCI-e NIC card, such as the Intel 82575/82576 PCI-e X1 NIC

which supports 1000mbps. This card is on Amazon for around $30 and is a dual port PCI-e X1 slot card.

Alternatively you could look into a x1 to x4 converter riser cable.

The ADT-Link PCI Express 4.0/3.0 X1 to X4 Riser Vertical for PCIe

which is around $13 on Amazon.

hi,

be careful. with SFOS21 bare metal SG or XG hardware should not run anymore.

Thank you for your suggestion. Yes, buying an Intel dual port NIC will solve the problem.
But, the Core2 Quad CPU platform is getting very old nowadays and not to mention the high power usage when running 24/7, compares to the modern CPU.

If I have a chance to build a custom PC to run Sophos Firewall, I would not built it, just buy from ebay, a 2nd hand XGS appliance will do.  

Sorry, I very new to this platform, what is SF0S21 ? Sophos Firewall OS version??

Sorry, I very new to this platform, what is SF0S21 ? Sophos Firewall OS version??

correct SFOS 21 =  Sophos Firewall OS version21

Oh, you mean the next version of Sophos Firewall v21, ok thanks for the heads-up.