Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 22 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 35916 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

new pc for home edition

exzR

hi guys, i have a question, now i'm using an apu1d4 with 30gb msata for my sophos utm. it's work perfectly with utm.

now i have a new fiber 100mbps download and 50mbps upload and apu1d4 is slower for new line (with advance  threat and ips i take 30mbps) and i'm searching a new hardware for sophos xg/utm. i'm using openvpn and IPsec, from laptop sometime and i want to you use it always active on my android device

i see many post about this things (saying zbox ci 320 etc but noone ci323) and i want to know if this choose is good for me.

i need an little box fanless, my big problem is that i'm italian (you see from my bad english.. sorry for that xD) and if i buy out europe i will pay too much taxes

i see this Zbox CI323 nano (2 nics, celeron n3150 (with aes encryption) 4 gb 1600mhz and 30gb ssd, does anyone knows if the wifi chipset is compatible?) it take 190euro only box (30euro ssd 35euro 4gb ram), is ti good choise for me?

thanks for your time and sorry again for my english



This thread was automatically locked due to age.
  • 0

    Hi,

    In general, wireless chips are not supported.

    The Celeron n3150 is a Braswell Silvermont chip, which is the new 'Atom' architecture... generally it is designed for very low power rather than performance.
    I don't know if it'll run well at 100mbps. Maybe. (I do know that a fast i3 will work great.)

    Note the IPS is typically the bottleneck for the CPU. Tuning the rulesets and using the ruleset aging can help a bit.

    Barry

  • 0 in reply to BarryG

    thanks for reply Barry, i'm searching a little fanless box because mini itx it seems to much big and more expensive (is it true?) i tryied to contact italian sellers for sophos xg appliance but they don't sell private only businness :(..

    if anyone knows alternatives of this box (or similar for dimensions and price) i apprecciate tips

    thanks for your time

  • 0 in reply to exzR

    You don't want Sophos hardware for this project unless cost is not important.  BarryG's been in these forums for many years - I would take his recommendation about the i3.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Unless you're implementing child filtering, there's no point to having web filtering enabled.  Web Filtering's purpose is to filter web pages to enforce access restrictions, which is necessary in a business, or a home with children that are old enough to use the internet.  If neither of those situations apply, there's no reason for web filtering.

    • It doesn't matter how fast the processor, how much RAM you install, or whether you utilize an SSD... web filtering will always limit bandwidth to ~30mbps due to the process itself.  Web filtering must decrypt packets, scan the packets against the filtering rules, re-encrypt the packets with the Proxy CA, and finally push those packets to the client.  

    • In regards to an SSD, I would recommend one that's 100/120/128GB in size, providing ample space for logging.  While 64GB may do, it's too small for an SSD boot disk since at least 10% of the drive must always remain free, and on a 64GB drive, that's just under 6GB (59GB formatted), which isn't sufficient (I recommend at least 10GB or 10%, whichever is greater) After about a year, I have ~50GB of storage used on my 128GB Samsung 850 Pro, with ~250MB weekly in logs being added.

    Also, with IPS, certain hosts on the local network should be ignored altogether with an exceptions rule. Hosts such as:

    • gaming systems
    • set top (cable/sat) boxes
    • home theater receivers.
    • For example, I have an IPS ignore rule setup to ignore all traffic coming from the internal LAN OR going to game systems, set top boxes, and home theater receivers.
    • I also have an ignore rule configured for the external DNS servers I use, set to ignore Anti-DoS/Flooding UDP / Anti-DoS/Flooding ICMP traffic going to the external DNS servers.

    SilverStone DS380 | AsRock C2750D4I | Alienware 18 In Win Chopin | SuperMicro A1SRi-2758F
    2.4gHz 8C C2750 ; 32GB ECC | 2.5gHz 4C i7 4710MQ ; 32GB 2.4gHz 8C C2758 ; 32GB ECC
    Vantec 4C USB3 PCIe UGT-PCE430-4C | 8GB AMD SLI R9 M290x |
    SSD  | 850 EVO: 120GB | 1TB ; mSATA: 1TB (2) | 850 Pro: 128GB ; 850 EVO: 1TB
    HDD | Seagate: { ST4000VN000 (8) } Z2 ; { HGST HTS721010A (3) } Z2 |
    FreeNAS 11.2 | { PNY Turbo USB3 32GB (2) } Mirror | Win 10 Pro | ESXi 6.7: Sophos UTM 9.6

    Various Wikis, Scripts, & Configs | Prebuilt OpenSSL Config

  • 0 in reply to exzR

    I don't know of much with 2 good NICs in that price range.

    As I said, the CPU might handle 100mbps, or close to it.

    If you don't want to spend much more, and can't find an i3 in your budget, that system should be OK knowing that it might not hit the full 100mbps.

    but 30gb SSD is too small. You want 50-60GB to have space for logs and updates. You don't need an SSD, an old laptop hard drive is fine.

    Barry

  • 0 in reply to BarryG

    guys, thanks very much for reply, i searched for i3 barebone but it is too much expensive, i will buy a zotac ci323 with n3150 if realtek chip is supported (i answered to know correct Ethernet chip, it seems rtl8111) because sophos xg is unsopported by apu1d4.

    if i can, i will buy at least 60gb ssd (much more faster than hd 5200rpm), if i haven't choise i will use and laptop hd xD

    for IPS and web filter i enable it as prpxy http and antivirus because internet is used by my parents and sister and they surfing is much Security XD

    i hope zotac is the way

  • 0 in reply to exzR

    Realtek NICs normally work in the UTM; they're not great but they're usually usable.

    I don't know about the XG.

  • 0 in reply to BarryG

    hi guys, for who want to buy zotac zbox CI323 nano, zotac says that it has:

    The CI323 has a Realtek (RTL8111) G/LAN chip, and an Intel Dual Band Wireless-AC 3160 (3160GW).

    it seems to work from hw compatibility, probability not for wifi

    regards

  • 0 in reply to exzR

    I have the 321 and it works great. I agree Web filtering is an expanse not needed unless kids are an issue and I do not use it. I also tuned IPS for best performance. I have a 60MB download speed and easly get that with about 30% CPU utilization. My Zotec 321 has 2 cores so this one with four cores is a great option

  • 0 in reply to MarkMurphy

    Thanks Mark, that's very helpful.

    I'll also note that anyone wishing to use VLANs with the UTM should be aware that Realtek NICs have had issues; see

    http://blog.metamatt.com/blog/2012/03/19/custom-built-linux-router-no-thanks-to-realtek/

    for some info.

    Looks like driver updates in recent Linux kernels may have resolved the problem.

    Barry

Unfiltered HTML