Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 22 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 35920 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

new pc for home edition

exzR

hi guys, i have a question, now i'm using an apu1d4 with 30gb msata for my sophos utm. it's work perfectly with utm.

now i have a new fiber 100mbps download and 50mbps upload and apu1d4 is slower for new line (with advance  threat and ips i take 30mbps) and i'm searching a new hardware for sophos xg/utm. i'm using openvpn and IPsec, from laptop sometime and i want to you use it always active on my android device

i see many post about this things (saying zbox ci 320 etc but noone ci323) and i want to know if this choose is good for me.

i need an little box fanless, my big problem is that i'm italian (you see from my bad english.. sorry for that xD) and if i buy out europe i will pay too much taxes

i see this Zbox CI323 nano (2 nics, celeron n3150 (with aes encryption) 4 gb 1600mhz and 30gb ssd, does anyone knows if the wifi chipset is compatible?) it take 190euro only box (30euro ssd 35euro 4gb ram), is ti good choise for me?

thanks for your time and sorry again for my english



This thread was automatically locked due to age.
Parents
  • 0

    Unless you're implementing child filtering, there's no point to having web filtering enabled.  Web Filtering's purpose is to filter web pages to enforce access restrictions, which is necessary in a business, or a home with children that are old enough to use the internet.  If neither of those situations apply, there's no reason for web filtering.

    • It doesn't matter how fast the processor, how much RAM you install, or whether you utilize an SSD... web filtering will always limit bandwidth to ~30mbps due to the process itself.  Web filtering must decrypt packets, scan the packets against the filtering rules, re-encrypt the packets with the Proxy CA, and finally push those packets to the client.  

    • In regards to an SSD, I would recommend one that's 100/120/128GB in size, providing ample space for logging.  While 64GB may do, it's too small for an SSD boot disk since at least 10% of the drive must always remain free, and on a 64GB drive, that's just under 6GB (59GB formatted), which isn't sufficient (I recommend at least 10GB or 10%, whichever is greater) After about a year, I have ~50GB of storage used on my 128GB Samsung 850 Pro, with ~250MB weekly in logs being added.

    Also, with IPS, certain hosts on the local network should be ignored altogether with an exceptions rule. Hosts such as:

    • gaming systems
    • set top (cable/sat) boxes
    • home theater receivers.
    • For example, I have an IPS ignore rule setup to ignore all traffic coming from the internal LAN OR going to game systems, set top boxes, and home theater receivers.
    • I also have an ignore rule configured for the external DNS servers I use, set to ignore Anti-DoS/Flooding UDP / Anti-DoS/Flooding ICMP traffic going to the external DNS servers.

    SilverStone DS380 | AsRock C2750D4I | Alienware 18 In Win Chopin | SuperMicro A1SRi-2758F
    2.4gHz 8C C2750 ; 32GB ECC | 2.5gHz 4C i7 4710MQ ; 32GB 2.4gHz 8C C2758 ; 32GB ECC
    Vantec 4C USB3 PCIe UGT-PCE430-4C | 8GB AMD SLI R9 M290x |
    SSD  | 850 EVO: 120GB | 1TB ; mSATA: 1TB (2) | 850 Pro: 128GB ; 850 EVO: 1TB
    HDD | Seagate: { ST4000VN000 (8) } Z2 ; { HGST HTS721010A (3) } Z2 |
    FreeNAS 11.2 | { PNY Turbo USB3 32GB (2) } Mirror | Win 10 Pro | ESXi 6.7: Sophos UTM 9.6

    Various Wikis, Scripts, & Configs | Prebuilt OpenSSL Config

Reply
  • 0

    Unless you're implementing child filtering, there's no point to having web filtering enabled.  Web Filtering's purpose is to filter web pages to enforce access restrictions, which is necessary in a business, or a home with children that are old enough to use the internet.  If neither of those situations apply, there's no reason for web filtering.

    • It doesn't matter how fast the processor, how much RAM you install, or whether you utilize an SSD... web filtering will always limit bandwidth to ~30mbps due to the process itself.  Web filtering must decrypt packets, scan the packets against the filtering rules, re-encrypt the packets with the Proxy CA, and finally push those packets to the client.  

    • In regards to an SSD, I would recommend one that's 100/120/128GB in size, providing ample space for logging.  While 64GB may do, it's too small for an SSD boot disk since at least 10% of the drive must always remain free, and on a 64GB drive, that's just under 6GB (59GB formatted), which isn't sufficient (I recommend at least 10GB or 10%, whichever is greater) After about a year, I have ~50GB of storage used on my 128GB Samsung 850 Pro, with ~250MB weekly in logs being added.

    Also, with IPS, certain hosts on the local network should be ignored altogether with an exceptions rule. Hosts such as:

    • gaming systems
    • set top (cable/sat) boxes
    • home theater receivers.
    • For example, I have an IPS ignore rule setup to ignore all traffic coming from the internal LAN OR going to game systems, set top boxes, and home theater receivers.
    • I also have an ignore rule configured for the external DNS servers I use, set to ignore Anti-DoS/Flooding UDP / Anti-DoS/Flooding ICMP traffic going to the external DNS servers.

    SilverStone DS380 | AsRock C2750D4I | Alienware 18 In Win Chopin | SuperMicro A1SRi-2758F
    2.4gHz 8C C2750 ; 32GB ECC | 2.5gHz 4C i7 4710MQ ; 32GB 2.4gHz 8C C2758 ; 32GB ECC
    Vantec 4C USB3 PCIe UGT-PCE430-4C | 8GB AMD SLI R9 M290x |
    SSD  | 850 EVO: 120GB | 1TB ; mSATA: 1TB (2) | 850 Pro: 128GB ; 850 EVO: 1TB
    HDD | Seagate: { ST4000VN000 (8) } Z2 ; { HGST HTS721010A (3) } Z2 |
    FreeNAS 11.2 | { PNY Turbo USB3 32GB (2) } Mirror | Win 10 Pro | ESXi 6.7: Sophos UTM 9.6

    Various Wikis, Scripts, & Configs | Prebuilt OpenSSL Config

Children
No Data
Unfiltered HTML