This is becoming an exercise in frustration trying to find a newer device on which to run the Sophos UTM or XG.
Years ago when fanless dual NIC PCs used the Intel i211 chipset, it was supported by Sophos, despite them being made for "consumer use".
Now recently there are a plethora of very fast, efficient fanless PCs that have the upgraded Intel i225 chipsets, yet they are not supported due to them being designed for consumers according to what is said on the forums here.
Most home internet connections are becoming fast enough that the much slower CPUs used in these devices with the supported older NICs cannot keep up with the demands of the IPS.
Sophos still will not release the version 3 of Snort which supports multithreading which can take advantage of multiple CPU cores, instead relying on their proprietary "Xstream Flow" technology which utilizes a separate CPU for just the IPS/DPI in the XGS devices which are marketed towards business.
It would be great if Sophos could simply put out a list of supported NIC chipsets, but they won't, and the hardware compatibility database (I used comic sans on purpose) is more like personal anecdotes of hardware that should work, the "updated" hardware compatibility list (comic sans again) doesn't even exist. support.sophos.com/.../KB-000034600
I suppose the only way to tell is to find out what linux kernel the UTM 9.7 is using and then see what Intel drivers are included in that kernel.
UTM version 9.712-13 has Linux kernel 3.12.74-0 which has support for the following Intel chip[sets:
82575/6, 82580, I350, I354, and I210/I211 based gigabit network connections
Intel® PRO/1000 PCI-E (82563/6/7, 82571/2/3/4/7/8/9, or 82583) I217/I218/I219
Intel® PRO/1000 PCI and PCI-X family of gigabit network connections according to their website.
So any Intel NIC listed here should work, right?
I totally agree. I was in the same boat when my Dell PowerEdge SC 440 stop working after more than 15yrs of running UTM. I have since abandoned UTM and gone with the traditional route buying a new router (ER605) and WAP supporting multiple SSID. Also adding a DNS filter like Pihole is sufficiently protect all my devices on the network.
Glad you found a solution. There are a lot of affordable VPN routers these days. Ubiquity is a good one too. Pihole is also useful but it can be bypassed easily unless you use a NAT rule to direct all DNS requests to the pihole. There are so many ways to do it. Wireguard is also a replacement for OpenVPN and is so easy to setup on the same system as pihole and just set a port forward rule to the VPN.
You can look into using a light weight KVM service, which will resolve such problems.
alan weir said:Intel PRO/1000 PCI-E (82563/6/7, 82571/2/3/4/7/8/9, or 82583) I217/I218/I219
Uh yeah, I would say no to that. I have an i217 and it works like utter garbage in UTM. This is the result with an i217 using UTM.
UTM - 9.713-19 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz 16GB Memory | 500GB SATA HDD | GB Ethernet x5
Is that a dual port card? I went from a dual port Pro/1000 PT (EXP 19402PT) to using two single port 82574L
network cards and it works OK. When I was using the Pro/100 card I was getting "Uplink is down" warnings all the time.
So I purchased two of the Intel 82574L NICs and they have been working fine. I recommend these if you have the slots
It's the onboard NIC for the SuperMicro 1U I have, and it works just fine - as long as UTM isn't using it.
That might be something I consider. I have all but abandoned the idea of a fanless PC due to slow IPS performance, but will look at some refurbished Dell and Lenovo desktops that have the quad core i5 CPUs.
I'm already considering KVM or VMWare on it along side Pihole. So, I think this might be the way to go.
Thanks to your suggestion, I got Pihole up and running on Ubuntu with a few FW rules on the ER605 to lock down the DNS. In addition, I got WireGuard working on the same machine. Love the Pihole and Wireguard combo
Why is this post only showing like the first 10 or so posts? We have so much more below this, and I can't get further down the page to see it. It conveniently stops after a Sophos employee post.