This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Finding newer compatible NIC hardware that is supported by Sophos firewall home is becoming increasingly difficult

This is becoming an exercise in frustration trying to find a newer device on which to run the Sophos UTM or XG.

Years ago when fanless dual NIC PCs used the Intel i211 chipset, it was supported by Sophos, despite them being made for "consumer use".

Now recently there are a plethora of very fast, efficient fanless PCs that have the upgraded Intel i225 chipsets, yet they are not supported due to them being designed for consumers according to what is said on the forums here.

Most home internet connections are becoming fast enough that the much slower CPUs used in these devices with the supported older NICs cannot keep up with the demands of the IPS.

Sophos still will not release the version 3 of Snort which supports multithreading which can take advantage of multiple CPU cores, instead relying on their proprietary  "Xstream Flow" technology which utilizes a separate CPU for just the IPS/DPI in the XGS devices which are marketed towards business.

It would be great if Sophos could simply put out a list of supported NIC chipsets, but they won't, and the hardware compatibility database (I used comic sans on purpose) is more like personal anecdotes of hardware that should work, the "updated" hardware compatibility list (comic sans again) doesn't even exist. support.sophos.com/.../KB-000034600

I suppose the only way to tell is to find out what linux kernel the UTM 9.7 is using and then see what Intel drivers are included in that kernel.



This thread was automatically locked due to age.
Parents Reply Children
  • Glad you found a solution. There are a lot of affordable VPN routers these days. Ubiquity is a good one too. Pihole is also useful but it can be bypassed easily unless you use a NAT rule to direct all DNS requests to the pihole. There are so many ways to do it. Wireguard is also a replacement for OpenVPN and is so easy to setup on the same system as pihole and just set a port forward rule to the VPN.

  • Thanks to your suggestion, I got Pihole up and running on Ubuntu with a few FW rules on the ER605 to lock down the DNS.  In addition, I got WireGuard working on the same machine.  Love the Pihole and Wireguard combo

    Thanks again