This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Qotom/ProtectLI FW2B appliance? (Fitlet2 J3455 purchased)

Curious if anyone has used one of these for Sophos?

https://protectli.com/product/fw2b/

  • Intel Celeron® J3060 Dual Core at 1.6 GHz (Turbo 2.48 GHz)
  • 2 Intel® Gigabit i211-AT Ethernet NIC ports
  • AES-NI

I'd think it could handle gigabit speeds, with IPS/Snort, disabled that is.

Thoughts?

 

...am looking for a replacement for my Realtek NIC failing Zotac...but my requirements remain the same.  Fanless, small form factor.  I don't want a server or anything like that, so keep landing on these Qotom style appliances.  I did however find a fitlet2 that has a J3455 cpu that is also probably an option.



This thread was automatically locked due to age.
Parents
  • I have a FW2B, chosen specifically for its mostly generic Intel hardware.

    When you install XG1 on it, the NICs are selected "backwards" - the WAN is LAN and vice versa. This will cause no end of confusion until you realize this.

    I've also been trying to sort out a USB keyboard oddity (Protectli case number 12073) where the keyboard works just fine during the installation process, but isn't recognized after the first boot. The console login is displayed, but there's no keyboard response, and typing into the login prompt produces no response at all.

    Console login and the NIC reversal issues aside, the FW2B and XG1 Home (17.5.1 MR1) seem to work just fine. Traffic flows, and I can manage it from the web UI or SSH console. I've only had it online for a few days, so I can't comment on its stability yet. I mounted to the back of my main monitor using the supplied VESA monitor mount, and it doesn't generate a whole lot of heat.

    The ProtectLi support folks are good and straightforward, and are sending me a new box to test.

    I'll repost here when I know more.

    Sophos XG1 (SFOS 17.5.9 MR-9) on ProtectLi FW2B

  • Thanks for your reply.

    At this time I have already made the decision to move forward with the Fitlet2 from fitpc.com (US local reseller so didn't have import duties or VAT). The Fitlet2 is an Israeli product, not Chinese.  I purchased the J3455 Celeron, barebones version.  I've now had it up and running for awhile and can report I have had no issues related to it.  The SSD installation was a bit unclear, mostly due to the instructions, but once figured out it made sense and wasn't difficult.  It is a slick little appliance, and I recommend it.

    The fins do get a little warm, but that is to be expected, and its nothing out of the ordinary for a fanless appliance.

    The Fitlet2 J3455 I found to be the most cost effective appliance/CPU option available.  I looked long and hard at all the ProtectLi, Qotom, Shuttle, etc., and it just seemed to be a notch above the rest in my analysis.  The J3455 is a relatively newer more powerful Celeron then what I found on other appliances, and is currently handling my 300Mbps fiber connection w/o problems.  Some have reported it can handle a 1Gbps connection, and based on what I'm seeing I would think it could.

    So......I did not install my prior UTM configuration on it. I wanted to try to get Intrusion  Detection going without throughput being impacted materially, and as most know that is not possible with UTM (Snort).  I am under the impression XG uses Snort as well.  So, I decided to try somethign new...OPNSense.  I'm not going to get into much else as this is a Sophos forum.  I had few gripes about the UTM product, used it for a few years with success, and have recommended/installed their appliances to small businesses, I just wanted to try somethign else at home for awhile.  I'm confident the Fitlet2 would handle either UTM or XG with little to no issue.

  • Oh...one last note that might help some...

    If you have noticed a marked decrease in your throughput using ATT Fiber with their Pace gateway using your Firewall in the DMZ PinHole IP Passthrough configuration...and like I was thought it was your RealTek NICs failing, check out the ATT forums.

    They pushed a firmware update awhile ago that impacted throughput in that configuration, and everyone's dropped to around 50Mbps.  It took a long time to figure that out, but it wasn't my Zotac.  Unfortunately I figured that out after I had purchaed the Fitlet2 and got it up and running, when throughput through the Pace was still 50Mbps.  Frustration!

    I was able to get a new NVG599 modem from ATT, put the Fitlet2 in its IP Passthrough, and it all works fine now.

    The Zotac has been re-purposed for Pi-Hole and my Plex server.

  • Good notes, indeed!

    Unfortunately, I'm stuck in rural DSL-land, and barely see 12Mb/S on a bonded pair, so I seriously doubt that I'll push the performance limits of either the hardware or the XG software.
    My replacement arrives today (weather allowing), so perhaps I'll have better news to report...

    Sophos XG1 (SFOS 17.5.9 MR-9) on ProtectLi FW2B

  • Yeah, your system won't get taxed with those speeds.

    Check out Pi-hole, it s a DNS sinkhole. It should help a little with your throughput as it blocks all sorts of ads at the DNS level.

    pi-hole.net

  • Thanks - I may just do that.

    I also found in the process of troubleshooting my migration to XG that the DHCP options don't translate.
    You have to re-enter any custom settings you've defined manually via CLI or admin console.

    Sophos XG1 (SFOS 17.5.9 MR-9) on ProtectLi FW2B

  • I'd recommend using Pi-hole also for DHCP...

  • Does Pi-hole support DNS registration (not DynDNS)?
    That's one of my gripes in UTM & XG...

    Sophos XG1 (SFOS 17.5.9 MR-9) on ProtectLi FW2B

  • No, I don't believe so.

    It is a DNS sinkhole, that you can also have run your DHCP server on your network.

  • Hi RobertBurri,

    I just purchased a J3455 with a 64 m.2 SSD. I can’t boot the UTM 9.605 iso. Tried Rufus with multiple USB drives (bios sees the USB key media as a boot option), and even a USB DVD drive (again bios sees the USB mass storage for the drive). I’m lost why I can boot the installer.

    I can boot usb to pfSense an Arch Linux so I know the system will boot an installer off of USB.

    Any custom BIOS settings I might be missing?

    Thanks

Reply
  • Hi RobertBurri,

    I just purchased a J3455 with a 64 m.2 SSD. I can’t boot the UTM 9.605 iso. Tried Rufus with multiple USB drives (bios sees the USB key media as a boot option), and even a USB DVD drive (again bios sees the USB mass storage for the drive). I’m lost why I can boot the installer.

    I can boot usb to pfSense an Arch Linux so I know the system will boot an installer off of USB.

    Any custom BIOS settings I might be missing?

    Thanks

Children
  • Hey - 

    I never tried UTM actually, went straight to OPNSense actually to test first, and just stuck with it.  Once I entered the hints as outlined, and made them permanent in the tunables section, I haven't had a problem.

    Here is the post on the OPNSense forum about how to get it running.

    https://forum.opnsense.org/index.php?topic=7247.msg44892#msg44892

    It might be old, but probably still generally valid.  I've had mine running since I got it going, and haven't felt the need to try anything different.  There are a few BIOS steps, but if I did them I've just forgotten.

    Good luck.

  • Hi Eric and welcome to the UTM Community!

    You might check the last few pages of *Unofficial* Hardware Compatibility List (HCL).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I too have the same concern and haven’t found much on the compatibility although some suggested turning on legacy mode?  Any update would be appreciated since I have an order in the pipeline!  

    If it did work, any details on steps would be appreciated.

    Thanks

  • Eric, AlphaTango,

    I've also just ordered the Fitlet J3455 to use the Sophos XG Home. Did you end up succeeding in getting the device to work? If so, are there any idiosyncrasies / tips / issues I should be aware of?

     

    Thanks,

  • Hi Rudy,

    I did get Sophos UTM installed (XG didn't work but didn't try to hard, I like UTM).

    I'm doing this from memory but, in the BIOS, you need to assure legacy boot, then enable CPU compatibility, finally when the installer runs it may not see the install directory on the USB drive. So at a particular step of the install, you switch to the console and run a mount command to make the install available to the installer, switch back and proceed (someone has a thread out there on this last step, search and you should find it).

    Again all from memory but this should point you in the right direction if you choose UTM.

    Eric