[Feedback] Performance 1Gbit Cable Ger.

Hello to all,

I just did a little performance test and have to say this firmware rocks in terms of network speed.

 

How does my network look?

 

PC--->XG--->SW--->Router--->ISP--->Internet

 

The other part I am sadly double NATed... The main Router is a Firtzbox Cable Modem from the ISP (Ill change that in future with a modem from TC4400-EU with Docsis3.1/3.0 support)

In-between my Router and the XG is my DNS Server (Pi-Hole) and all works well. If the Pi-Hole misses something the XG will get it and vice versa.

But back to topic the performance compared to the current 17MR9 is huge! (3x more performance than usual)

The other part is Bufferbloat got very good.

Protections active are: AV - WEB - APP - IPS - NAT with HTTP/s Decryption

The Web Protections has the Default Rules (modified for my needs)

APP Rules are High Risk (Level 4 - 5) 

IPS Rules lantowan general

Scan HTTP and Decrypt HTTPS Traffic plus Scan FTP Traffic

Thats all for now. 

Best regards

Eli.

  • Hello to all,

    a small update from the current situation with the Firewall:

    - ATP is active and running

    - Synchronized Security is Connected to Sophos Central (Firewall Control)

    - But Synchronized Heartbeat and Application Recognition is OFF  

    Reason for them to be OFF is that on my Private PC I do not have Intercept X Adv. (Would love to...) But only have Sophos Home Prem. running. (ATM) -> Have to talk to my Sophos Rep. if there is a way for a Private Person to gain a single Lic. for Testing purposes! -> I would go above and beyond to have a testlab were I can Test Configurations by myself without killing our production setup at work. We are a small company and there is no possibility for me to test out such things in peace and in my own pace...

    That is why I test this at Home were I can break stuff and try to fix it - Have time - Document my findings with the Sophos Community and learn from each-other. (Could never affort a decent XG appliance and that's why I needed to go 3rd party on that) - I love to experiment but an IT Guy is only as good as the equipment I can get... -.- <- (Feedback to Sophos) I use this opportunity to request a License Scheme were Testers (Partners) can apply for in Home use of Corp. Sophos Products! (I know there is the NFR stuff but allot of Company's use that for Production environment use) and it would benefit both Sophos and the IT-Guy that would be capable to setup Sophos Products more efficiently. (I know there is a Training-Portal) But it is designed in an enclosed environment and gets killed after 90 Days (Cloud Lab) - Its about Testing, Finding, Sharing and getting better quality wise for all parties. 

    Best regards

    Eli.

     

    P.s. Thanks for reading and I know it is a little off-topic but since I had the chance for mods to be here... Use it... ^^

  • Hi Eli,

     

    Thank you for your feedback, It's nice to see these number with the J2900.

    There must be something wrong with my setup, I currently have an Intel G5400, which is a much faster CPU than your J2900.

    On a 240Mbit/s connection I'm getting the same CPU usage as you, while your pushing gigabit.

    Anyways, I'm happy to see you can push gigabit with your setup on XG Home.

     

    Thanks,


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • Hi Prism,

    I checked the CPUs on Intel Ark and there are differences.

    As much as I understand the XG Firmware I does not benefit from Hyper-Threading so a (Question-mark from me if Virtual Cores apply)

    - G5400 -> https://ark.intel.com/content/www/us/en/ark/products/129951/intel-pentium-gold-g5400-processor-4m-cache-3-70-ghz.html

    - J2900 -> https://ark.intel.com/content/www/us/en/ark/products/78868/intel-pentium-processor-j2900-2m-cache-up-to-2-67-ghz.html

    I know my GHz count way lower but my physical core count is higher. 

    The Ram on your setup is much better and next-gen. ;) (In terms of services loaded a Huge benefit) Will update my Ram too someday ^^

    The other factor is the Rule-Set on the Firewall and what Services/Modules are loaded and how much Interfaces are used with active clients behind it. 

    My PC is the only client behind the Firewall and my applications that I run are:

    Since I use a third party application Firewall on my Client I already blocked allot of the talkers on my system:

    Potplayer, Winrar, Nvidia Drivers/Apps, Blender, Logitec GHub -> Even got rid of the Provisioned UWP Apps of my Windows 10 Ent. Installation. So my traffic is very streamlined from the client on to the firewall. The less it needs to process the better it gets ;) - The DNS Uplink is my Pi-Hole and that helps with Web-filtering. ^^

    Finally got Discord and Epic-Games Launcher to work and they can RIP the Firewall fast. (Had WAN Port Crashes)

    That is why I am curious how I can setup this with Intercept X Adv. and the XG Application Control and how it would behave.

    Sincerely

    Eli.

  • Hi Eli,

    Thanks for the feedback!

     

    Eli said:
    As much as I understand the XG Firmware I does not benefit from Hyper-Threading so a (Question-mark from me if Virtual Cores apply)

    Yes, by what I heard most of XG doesn't benefit from threads, only real cores, but Snort is one that apparently benefits from it, and It's Snort that's doing IPS. SSL/TLS Decryption, DPI and so on.

     

    Eli said:
    The other factor is the Rule-Set on the Firewall and what Services/Modules are loaded and how much Interfaces are used with active clients behind it. 

    Yes, I currently have 18 Devices on it, but most of them barely consume any throughput, it's mostly my computer that abuses XG.

     

    The only reason I asked those questions has because I through v18 throughput has slower than v17, but It's better to wait for EAP 3, and GA.

    v17:

    v18:

    Anyways, there's already 3 other threads discussing about performance, i don't want this one to be another one.

     

    Again, Thanks for the feedback, I appreciate that :)


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • Hi,

    the issue with hyper threading is you do not get the full processing power of an equivalent real core. 

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • rfcat_vk said:
    the issue with hyper threading is you do not get the full processing power of an equivalent real core. 

    Yes, i know.

    Intel says Hyper-Threading can give 30% performance increase in general.

    I've said that before because on the picture I've sent is establishing a single connection, and using a single real core.

     

    Thanks,


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • Another Update - 15/12/2019

    Optimization of Firewall Services:

    What I did was to turn off Antispam Service - (I do not use E-Mail Clients on my PC System) -> Antispam and IPReputation will shutdown!

    That is a strange but funny Service Call -> So Services show if nothing else is configured:

    Heartbeat = ON

    Enhancedappctrl = ON

    Then I configured "Central synchronization" and turned off "Security Heartbeat" / "Synchronized Application Control" then the Services:

    Heartbeat = Stopped

    Enhancedappctr = Stopped

    Allot of resources got allocated and general performance grew?!

    I also deactivated the "Hotspot" Service since I do not own APs.

    Now a Question:

    Is it by design that the services:

    Heartbeat

    Enhancedappctr

    Always run even if not configured or is it a flag thing that if activated once it will show in services alert?

    Sincerely 

    Eli.

  • Hello to all,

    Small Update - Wanted to show my CPU on load for an hour. 

    Streaming Youtube and Gaming (Destiny2) at the same time. Have to say I am impressed... O.o

    Have seen other Topic were PPL are having performance issues?! (I think it is very configuration HW/SW depended)

    Best regards

    Eli.

  • Thanks for posting this!

    One question, did you installed v18 with the EAP 2 ISO, or you had v17.5.x installed and then upgraded to v18?


    Thanks,


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 GA @ Home

    Sophos ZTNA (KVM) @ Home

  • Hi

    Software.iso direkt install no Upgrade.

    Best regards

    Eli