Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 22 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 35928 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

new pc for home edition

exzR

hi guys, i have a question, now i'm using an apu1d4 with 30gb msata for my sophos utm. it's work perfectly with utm.

now i have a new fiber 100mbps download and 50mbps upload and apu1d4 is slower for new line (with advance  threat and ips i take 30mbps) and i'm searching a new hardware for sophos xg/utm. i'm using openvpn and IPsec, from laptop sometime and i want to you use it always active on my android device

i see many post about this things (saying zbox ci 320 etc but noone ci323) and i want to know if this choose is good for me.

i need an little box fanless, my big problem is that i'm italian (you see from my bad english.. sorry for that xD) and if i buy out europe i will pay too much taxes

i see this Zbox CI323 nano (2 nics, celeron n3150 (with aes encryption) 4 gb 1600mhz and 30gb ssd, does anyone knows if the wifi chipset is compatible?) it take 190euro only box (30euro ssd 35euro 4gb ram), is ti good choise for me?

thanks for your time and sorry again for my english



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    In general, wireless chips are not supported.

    The Celeron n3150 is a Braswell Silvermont chip, which is the new 'Atom' architecture... generally it is designed for very low power rather than performance.
    I don't know if it'll run well at 100mbps. Maybe. (I do know that a fast i3 will work great.)

    Note the IPS is typically the bottleneck for the CPU. Tuning the rulesets and using the ruleset aging can help a bit.

    Barry

Reply
  • 0

    Hi,

    In general, wireless chips are not supported.

    The Celeron n3150 is a Braswell Silvermont chip, which is the new 'Atom' architecture... generally it is designed for very low power rather than performance.
    I don't know if it'll run well at 100mbps. Maybe. (I do know that a fast i3 will work great.)

    Note the IPS is typically the bottleneck for the CPU. Tuning the rulesets and using the ruleset aging can help a bit.

    Barry

Children
  • 0 in reply to BarryG

    thanks for reply Barry, i'm searching a little fanless box because mini itx it seems to much big and more expensive (is it true?) i tryied to contact italian sellers for sophos xg appliance but they don't sell private only businness :(..

    if anyone knows alternatives of this box (or similar for dimensions and price) i apprecciate tips

    thanks for your time

  • 0 in reply to exzR

    You don't want Sophos hardware for this project unless cost is not important.  BarryG's been in these forums for many years - I would take his recommendation about the i3.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to exzR

    I don't know of much with 2 good NICs in that price range.

    As I said, the CPU might handle 100mbps, or close to it.

    If you don't want to spend much more, and can't find an i3 in your budget, that system should be OK knowing that it might not hit the full 100mbps.

    but 30gb SSD is too small. You want 50-60GB to have space for logs and updates. You don't need an SSD, an old laptop hard drive is fine.

    Barry

  • 0 in reply to BarryG

    guys, thanks very much for reply, i searched for i3 barebone but it is too much expensive, i will buy a zotac ci323 with n3150 if realtek chip is supported (i answered to know correct Ethernet chip, it seems rtl8111) because sophos xg is unsopported by apu1d4.

    if i can, i will buy at least 60gb ssd (much more faster than hd 5200rpm), if i haven't choise i will use and laptop hd xD

    for IPS and web filter i enable it as prpxy http and antivirus because internet is used by my parents and sister and they surfing is much Security XD

    i hope zotac is the way

  • 0 in reply to exzR

    Realtek NICs normally work in the UTM; they're not great but they're usually usable.

    I don't know about the XG.

  • 0 in reply to BarryG

    hi guys, for who want to buy zotac zbox CI323 nano, zotac says that it has:

    The CI323 has a Realtek (RTL8111) G/LAN chip, and an Intel Dual Band Wireless-AC 3160 (3160GW).

    it seems to work from hw compatibility, probability not for wifi

    regards

  • 0 in reply to exzR

    I have the 321 and it works great. I agree Web filtering is an expanse not needed unless kids are an issue and I do not use it. I also tuned IPS for best performance. I have a 60MB download speed and easly get that with about 30% CPU utilization. My Zotec 321 has 2 cores so this one with four cores is a great option

  • 0 in reply to MarkMurphy

    Thanks Mark, that's very helpful.

    I'll also note that anyone wishing to use VLANs with the UTM should be aware that Realtek NICs have had issues; see

    http://blog.metamatt.com/blog/2012/03/19/custom-built-linux-router-no-thanks-to-realtek/

    for some info.

    Looks like driver updates in recent Linux kernels may have resolved the problem.

    Barry

  • 0 in reply to BarryG

    I also have (had as it's currently with Sophos in Germany for XG testing) a Zotac Zbox CI321 Nano which I was testing for mini boxes for our company and it's a great little unit however I had a 100mbps link and with all features turned on it throttled the internet to just shy of 60-70mbps. My upload is only 15mbps so that wasn't affected.

    When I turned off all the features and just had transparent web filtering turned on with single scan AV it hovered around the 90mbps mark. For high throughput I don't advise getting this box as you will be disappointed!

    Apparently this unit is pretty snazzy and with intel nics: http://www.amazon.co.uk/Shuttle-DH170-barebone-workstation-barebones/dp/B016B6B6PO

    Another user on the forums is looking into getting one for the XG and looking forward to his testing and remarks.

    With the Zbox and XG I can state for my own unit it installed but could not complete Firstboot, it freezes on the SwapOn stage so if you're looking for it for the XG right now, I'd advise not to :)

    Emile

  • 0 in reply to Emile Belcourt

    thanks for your reply, seems that barebone in your link sell without cpu and its to much expensive for me...

    your zbox ci321 nano has celeron 2961y dual core 1,1ghz right? at the end i bought a zbox ci323 that has celeron n3150 quad core 1,6 GHz boost to 2,03... it comes next week :D, if i have a problem i see i Can install esxi or xen and virtualize sophos xg, is not the best way but i hope it works with physical hardware

    regards

Unfiltered HTML