Hardware recommendations for Home license - exaggerated?

Hi,

The thing is, I have been going through some of the threads here and elsewhere and it seems that if one really wants to use what Sophos UTM can offer, people recommend beefy hardware, nothing short of an Core i3 to run the system on. I wonder why this is. A quick check of Sophos' own offers indicates, an up to date Atom or BayTrail should do just fine.  For example: 


  • SG105 --> Intel Atom E3826 1.46GHz | 2GB RAM
  • SG135 --> Rangeley C2558 2.4GHz | 6GB RAM
  • SG210 --> Celeron 2.7GHz | 8GB RAM
  • SG 310 --> Core i3 3.5GHz | 12GB RAM


when I look at what throughput Sophos rates these babies at (including VPN, IPS, all >>100Mbit/s) I can't fathom how even a PowerUser at home would have the need to get beefier hardware to run this. 
I didn't think I'd open a new thread since there is tons on home user hardware already but the fact that so many posts claim one needs an Intel core i3 processor to run the full feature-set of UTM buffles me a bit. Are Sophos' hardware appliances running on some different version, somehow way more optimized to the hardware, multi-threaded... while the home user edition is not?

I have been running an astaro and now Sophos UTM at home for four years now on an Atom Dualcore N450 with 2GB of RAM. Switching on all the gimmicks slows things down substantially ( WAN & LAN) for a DMZ/guest net and a Cloudserver but VLANs could do the trick too. 
We constantly use IPsec and SSL VPN on our private laptops, phones and tablets. We might upgrade our provider bandwith to 100Mbit/s down and hopefully >10Mbit/s up at some point but I doubt it could get any faster anytime soon.

I'm happy for any tips and recommendations.

My current pick for a new setup (excluding SSD & 8GB RAM) would be:

  • Supermicro J1900 board (X10SBA) 2x Intel NIC  180€
  • Supermicro C2558 board (A1SRi-2558F ) 4x Intel NIC - 350€ (cheapest I could find with >2 NICs [:(]

would that not suffice?
Parents
  • I have a Rangeley C2758F (8 cores at 2.4Ghz). When in the firewall I exclude lots of countries (africa, arab countries, north korea etc), I keep rules against windows, linux and FTP attacks 24 months old and I put in the blacklist a list of domains taken from malwaredomainlist.com, my speedtest sign 50Mbps. On wireless I have 30Mbps.

    I have 2 lines of 100Mbps each + 1 backup line on VDSL with 5Mbps. My sophos UTM 9 do load balancing between the 2 lines 100Mbps and failover on the 5Mbps.

    my network is composed by a 48 port Gigabit Switch UBIQUITI + a 48 port Gigabit POE Switch Ubiquiti interconnected at 10Gbps through SFP+ multimode and a patch cord OM4 

    Access points are Ubiquiti AC AP PRO directly connected on the ubiquiti switches through cable CAT 7A 1500Mhz at an average distance from the switches of 30 metres.

    The poor speed is due to the fact that Sophos UTM use SNORT which is single threaded and require lots of GHz in the CPU to allow good transfer rate. (good = 100Mbps and more)

    Unfortunately when I built my appliance I had in mind to install pfSense which take advantage of an elevated number of cores and doesn't care much about clock speed.

    i like Sophos UTM better, but I will need to change soon my mainboard and CPU if I want to use a lot of rules and in the same time not be forced to use just the 15% of the bandwidth that I pay.

     

    If you are happy with a J1900 good for you....I work as telecom engineer, routers and hardware are my passion and for me is normal to have 30000 euros of equipment at home and I want great performances....Other give 10.000 euros for a bike made of carbon and are happy with 256Kbps internet and 50 euro android phones...

     

  • Hello,

    I have been reading through most of this post from the beginning.  From the time of the original post to now we have had a few years and many new CPUs have come on the market, for both home systems and the server world. 

    Just thought to give you some other ideas you might want to think about for your UTM configuration. I still run the UTM version 9.7. I have it running as a VM machine on VMWare ESXi 6.7. Running on an old Dell R510. UTM VM given 4 CPUs, and 6gig RAM with 4 network ports. It runs well for my Home network. I do I.T. work so I need a reliable system for remote access into my employer's network.  I am planning to go back to a physical box just because I want it as it's own appliance. No issues or any performance issues with the VM. I can take snapshots and also back up the VM image.  If you do use several computers at home, and or for a "Learning Lab" if they can be VM Machines, it might be worth the money to build a single larger machine and VM  some of your systems as well as UTM or XG. One System to run production as well as test machines. You might want to look into VMWare, Virtual Box or similar hypervisor and maybe on E-bay or other sources find a used well equipped server  with Dual CPU (6 or 8 cores) and and run UTM/XG virtually and add resources to the VM as needed. So as your network / firewall needs grow you can easily add CPU and Ram to the UTM VM. You need to have 4 to 8 Physical network ports on the VM Server because depending on your WAN,LAN, DMZ or other networks on the UTM you will want a interface for each to assign to the UTM / XG.

    I have 6 VMs on my ESXi system, dual 6 core CPUs, hyper threading and 48 gigs ram, and plenty of disk storage. VMWare offers a free ESXI license that has most features / functions you would need. Beside that I run several Windows 2016 servers and some Linux systems on the ESXi server.  Saves space, and maybe in the log run power, since having one well equipped machine. And can have many computer systems in one box. So just a thought.

    I use to run the UTM on old Servers, again my VM  configuration of Sophos UTM is using only 3% CPU 44% of the 6 Gig ram. Firewall, Intrusion Prevention, Web Filtering, SMTP & POP3 Proxy, Wireless Protection, Antivirus Antispam, Antispyware, DHCP, DNS are currently enabled. My ISP provider is  MediaCom with their fastest Internet package, I think it is up to 1 gig download and 100 meg upload. I do alot of streaming and large file sync transfers with my web site on GoDaddy.

    Hope this idea is of some use, best of luck finding the best hardware solution for your firewall.

    My home Network / Computer system looks more like what you would find in a small to medium business. I.T. is my profession and I use what one would find in a business more than a typical home or small home office. I do this to keep my I.T. skill set current.

    Chad

  • Hi,

    there a re many MBs out there that run low power. If you are using MS products on VMs then you are not really saving much in the way of power because they don't allow the server to sleep. A VM should  have dedicated cores and memory running at close to max speed if you are planning on any decent performance or throughput. SNORT will not ramp up the CPU unless there are multiple users and will then become your bottle next.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with AP55/c - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Hello,  Yes I agree. At this point, Power with the ESXi is not as much of a concern for me. I can see for others it is a good factor to look at. I live alone so there are not multi users, maybe at times between all the VMS hitting Microsoft for updates all at the same time, while I am streaming or working on some VMS that need Internet access, it is a little hard for me to really tax the Sophos I suppose. My HP Gen 7 server should be arriving in a week's time, that will pull more power Than the UTM VM on that server. For my home use and lab use, I try to configure and run do things as one might find in the average to medium business, and do run of sorts my own small data center.  I know I am more of the exception than the norm. So in that respect, as far as power goes, I am not saving. But thought to just put that idea out there for anyone who might not have thought about such a possible configuration. I am thinking of doing more with the ESXi system and the VMs on it where they are getting used more and are Internet facing for e-mail and web server.  I Appreciate your thoughts and thank you for the post.

     

    Chad

Reply
  • Hello,  Yes I agree. At this point, Power with the ESXi is not as much of a concern for me. I can see for others it is a good factor to look at. I live alone so there are not multi users, maybe at times between all the VMS hitting Microsoft for updates all at the same time, while I am streaming or working on some VMS that need Internet access, it is a little hard for me to really tax the Sophos I suppose. My HP Gen 7 server should be arriving in a week's time, that will pull more power Than the UTM VM on that server. For my home use and lab use, I try to configure and run do things as one might find in the average to medium business, and do run of sorts my own small data center.  I know I am more of the exception than the norm. So in that respect, as far as power goes, I am not saving. But thought to just put that idea out there for anyone who might not have thought about such a possible configuration. I am thinking of doing more with the ESXi system and the VMs on it where they are getting used more and are Internet facing for e-mail and web server.  I Appreciate your thoughts and thank you for the post.

     

    Chad

Children
No Data