Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 4 replies
  • Subscribers 40 subscribers
  • Views 1320 views
  • Users 0 members are here
Options
Suggested

v21 XG Home VPN Hardware acceleration

MikeyS

Good evening,

Back testing XG Home, does v21 support hardware acceleration for IPsec and SSL VPN tunnels?  I have XG Home installed on a XG230 R2 at mo, I have a XG135 R3 that has pfsense + on it atm, so pending successful testing, planning on dropping pfsense and such.  The XG135 R3 has QAT too



Added TAGs
[edited by: Erick Jan at 12:12 AM (GMT -8) on 11 Nov 2024]
Parents
  • +1

    Hello!

    Yes, Sophos Firewall Home Edition does support hardware acceleration for cryptographic stuff.

    Both IPsec and SSLVPN (OpenVPN) utilizes AES-NI.

    MikeyS said:
    The XG135 R3 has QAT too

    The Home Edition doesn't support QAT, but it will use AES-NI.

    Also, I don't think QAT was ever used by Sophos.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

Reply
  • +1

    Hello!

    Yes, Sophos Firewall Home Edition does support hardware acceleration for cryptographic stuff.

    Both IPsec and SSLVPN (OpenVPN) utilizes AES-NI.

    MikeyS said:
    The XG135 R3 has QAT too

    The Home Edition doesn't support QAT, but it will use AES-NI.

    Also, I don't think QAT was ever used by Sophos.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

Children
  • 0 in reply to Prism

    Many thanks.  Will see what unit I end up keeping, the XG135 R3 also has the rack mount kit.

    Hoping to be on a Toob 900/900 connection next year.  Use VPNs for s2s to family members.  Got openvpn cloud IPsec working too for the 4G failover.

    Need to look at ZTNA for client access at some point.

    Lets encrypt limited, so will either install something on another box or buy a 3rd party cert.

    i life XG, but pfsense is also very flexible.

Unfiltered HTML