Hardware specs for DIY appliance

cryptochrome said:

Hi,

I want to build my own appliance for the home edition. Are there any spec sheets or something similar that will tell me what kind of performance I can expect from different processors (Celeron, Atom, i3, i5 etc.)?

Specifically, my home internet uplink has 400 mbits and I run many parallel sessions that I would all like to protect with IPS, AV, SSL-decryption etc. - So I need to build an appliance that can handle the 400 mbit with all features enabled. If I were to buy a Sophos XG appliance, I would probably go for a XG105. Unfortunately Sophos don't tell the hardware specs on their site... 

Right now I am looking at a Zbox MI551 that has a 6th gen Intel i5 quad-core at 2.2 Ghz. Overkill? Good enough? I wouldn't mind some extra breathing room, I just need to avoid having a box that's too slow.

Have a look at this pdf:

http://www.infinigate.at/fileadmin/user_upload/Products/Sophos/Products/Network_Protection/sophos_xg_series_sizing_guide_sgna.pdf

You can find number of CORE and RAM to be used when a certain numbers of users is used. Use the PDF to calculate the type of users (Average, Advanced and Power) and you will find the answer.

[;)]

Excellent, thank you very much! :)

Hi Crypto,

Another thing to take note of is that the core detection for the license is only on physical cores not logical so if you have a CPU with Hyperthreading it won't count any extra cores :)

Also, with that speed of network connection for your internet, you might want to look at a faster processor, this is because Intrusion Prevention and other scanning systems will cause a network overhead if the processor isn't fast enough. That i5 does look pretty good though!

Edit: These metrics may not apply to you but if you look at the XG330 series and above throughput specs, those two boxes are the only two that quote a realworld throughput of above 400mbps. But if you're using it as a proxy, that drops to a 450 series and above! A 330 uses a Quad Core i5 at 2.9GHz and the 400 series uses Quad Core Xeons!

Also, if you're going for a home license, you're only allowed 2 cores and 4GBs of RAM maximum...that may be a stickler as that i5 in the Zbox is a quad core so you wouldn't be able to use all the cores.

Emile

Hi Emile,

that'S very good information, thank you. I haven't even looked at the realworld figures in that document. Now that you are pointing that out, it looks like I might need some more power, as I have a 400/20 (down/upstream) internet connection. And that can have sustained peaks. 

One thing confuses me in your post: You said the Home Edition is limited to 2 cores and 4GB RAM. The official site where you can request the license says it's 4 cores and 6 GB RAM. https://www.sophos.com/en-us/products/free-tools/sophos-xg-firewall-home-edition.aspx

Thanks

Cryptochrome,

your are right. 4 CPU and 6 GB of RAM. If you build a system with more resources, however XG Home License will use only 4CPU and 6 GB of RAM.

Enjoy.

Hurm...apologies for the misinformation, I don't know where I got 2c4GB from, I distinctly remember it being that.

Ignore everything in my post about the 2 core limitation, 4C6GB is correct!

No worries. Maybe the 2C4G is a limit that was enforced on older versions :)   All good. Appreciate you help guys, thank you!

Possibly it was but now i'm quite annoyed at myself as I bought a Zbox CI321 Nano as a miniature box for this and now it's under powered drastically, looks like I may need to dip into the secret account the other half doesn't know about for an upgrade, ha ha!

On a side note, the HDMI port may not work and you will need a Display Port to VGA adaptor. I did for the CI321 as the HDMI uses HDCP which XG and UTM don't have drivers for (last time I checked on Jan 2016).

Good luck and hope you get on with the unit :)

Emile

Possibly it was but now i'm quite annoyed at myself as I bought a Zbox CI321 Nano as a miniature box for this and now it's under powered drastically, looks like I may need to dip into the secret account the other half doesn't know about for an upgrade, ha ha!

On a side note, the HDMI port may not work and you will need a Display Port to VGA adaptor. I did for the CI321 as the HDMI uses HDCP which XG and UTM don't have drivers for (last time I checked on Jan 2016).

Good luck and hope you get on with the unit :)

Emile

Ok, now I can see why you would be annoyed, I would be too :-) 

I've done some more research and decided to not buy the ZBox but go with a complete DIY box based on the Shuttle DH170 barebone. A very nice little machine, supposedly very quiet, supporting 6th generation Core processors. It only comes with two gigabit ethernet ports, but I will do some VLAN tagging. I am going to order the Core i5-6600 for it, which has 4 cores at a base frequency of 3.3 Ghz and can turbo boost to 3.9. This should give me plenty horsepower, equivalent to probably something in the XG330+ range. 

Thanks for the hint with the HDMI port. The Shuttle D170 comes with two DisplayPorts, so I shouldn't have a problem (and I am used to configuring systems through a serial console). 

Now all I need is some time to dig into this :)

Sounds like a nice unit, I was taking a peep at that on my last trawl. As of the latest release, you can now accept the license agreement from the console which you couldn't before. Depending on how much I can get away with I may use the Zbox as a media server which what was going to be my backup configuration for it :)

Looking forward to hearing how it goes!

Emile

So... I built my little machine, but unfortunately, when I boot SFOS for the first time, it tells me it can only detect one NIC and goes into failsafe mode (whatever that means). The mainboard has two NICs installed, both are activated in the BIOS. Is it possible SFOS uses such an old Linux kernel that it is unable to detect common NICs?

These are the NICs (they belong to Intels H170 chipset):

1) Intel i211 Ethernet Controller with MAC, PHY and PCIe interface

2) Intel i219LM PHY connected to the MAC of the processor

What a let down :(