This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

new pc for home edition

hi guys, i have a question, now i'm using an apu1d4 with 30gb msata for my sophos utm. it's work perfectly with utm.

now i have a new fiber 100mbps download and 50mbps upload and apu1d4 is slower for new line (with advance  threat and ips i take 30mbps) and i'm searching a new hardware for sophos xg/utm. i'm using openvpn and IPsec, from laptop sometime and i want to you use it always active on my android device

i see many post about this things (saying zbox ci 320 etc but noone ci323) and i want to know if this choose is good for me.

i need an little box fanless, my big problem is that i'm italian (you see from my bad english.. sorry for that xD) and if i buy out europe i will pay too much taxes

i see this Zbox CI323 nano (2 nics, celeron n3150 (with aes encryption) 4 gb 1600mhz and 30gb ssd, does anyone knows if the wifi chipset is compatible?) it take 190euro only box (30euro ssd 35euro 4gb ram), is ti good choise for me?

thanks for your time and sorry again for my english



This thread was automatically locked due to age.
Parents
  • Hi,

    In general, wireless chips are not supported.

    The Celeron n3150 is a Braswell Silvermont chip, which is the new 'Atom' architecture... generally it is designed for very low power rather than performance.
    I don't know if it'll run well at 100mbps. Maybe. (I do know that a fast i3 will work great.)

    Note the IPS is typically the bottleneck for the CPU. Tuning the rulesets and using the ruleset aging can help a bit.

    Barry

  • thanks for reply Barry, i'm searching a little fanless box because mini itx it seems to much big and more expensive (is it true?) i tryied to contact italian sellers for sophos xg appliance but they don't sell private only businness :(..

    if anyone knows alternatives of this box (or similar for dimensions and price) i apprecciate tips

    thanks for your time

  • You don't want Sophos hardware for this project unless cost is not important.  BarryG's been in these forums for many years - I would take his recommendation about the i3.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I don't know of much with 2 good NICs in that price range.

    As I said, the CPU might handle 100mbps, or close to it.

    If you don't want to spend much more, and can't find an i3 in your budget, that system should be OK knowing that it might not hit the full 100mbps.

    but 30gb SSD is too small. You want 50-60GB to have space for logs and updates. You don't need an SSD, an old laptop hard drive is fine.

    Barry

  • guys, thanks very much for reply, i searched for i3 barebone but it is too much expensive, i will buy a zotac ci323 with n3150 if realtek chip is supported (i answered to know correct Ethernet chip, it seems rtl8111) because sophos xg is unsopported by apu1d4.

    if i can, i will buy at least 60gb ssd (much more faster than hd 5200rpm), if i haven't choise i will use and laptop hd xD

    for IPS and web filter i enable it as prpxy http and antivirus because internet is used by my parents and sister and they surfing is much Security XD

    i hope zotac is the way

  • Realtek NICs normally work in the UTM; they're not great but they're usually usable.

    I don't know about the XG.

  • hi guys, for who want to buy zotac zbox CI323 nano, zotac says that it has:

    The CI323 has a Realtek (RTL8111) G/LAN chip, and an Intel Dual Band Wireless-AC 3160 (3160GW).

    it seems to work from hw compatibility, probability not for wifi

    regards

  • I have the 321 and it works great. I agree Web filtering is an expanse not needed unless kids are an issue and I do not use it. I also tuned IPS for best performance. I have a 60MB download speed and easly get that with about 30% CPU utilization. My Zotec 321 has 2 cores so this one with four cores is a great option

  • Thanks Mark, that's very helpful.

    I'll also note that anyone wishing to use VLANs with the UTM should be aware that Realtek NICs have had issues; see

    http://blog.metamatt.com/blog/2012/03/19/custom-built-linux-router-no-thanks-to-realtek/

    for some info.

    Looks like driver updates in recent Linux kernels may have resolved the problem.

    Barry

  • I also have (had as it's currently with Sophos in Germany for XG testing) a Zotac Zbox CI321 Nano which I was testing for mini boxes for our company and it's a great little unit however I had a 100mbps link and with all features turned on it throttled the internet to just shy of 60-70mbps. My upload is only 15mbps so that wasn't affected.

    When I turned off all the features and just had transparent web filtering turned on with single scan AV it hovered around the 90mbps mark. For high throughput I don't advise getting this box as you will be disappointed!

    Apparently this unit is pretty snazzy and with intel nics: http://www.amazon.co.uk/Shuttle-DH170-barebone-workstation-barebones/dp/B016B6B6PO

    Another user on the forums is looking into getting one for the XG and looking forward to his testing and remarks.

    With the Zbox and XG I can state for my own unit it installed but could not complete Firstboot, it freezes on the SwapOn stage so if you're looking for it for the XG right now, I'd advise not to :)

    Emile

  • thanks for your reply, seems that barebone in your link sell without cpu and its to much expensive for me...

    your zbox ci321 nano has celeron 2961y dual core 1,1ghz right? at the end i bought a zbox ci323 that has celeron n3150 quad core 1,6 GHz boost to 2,03... it comes next week :D, if i have a problem i see i Can install esxi or xen and virtualize sophos xg, is not the best way but i hope it works with physical hardware

    regards

  • Yes, the smaller nano has a 2961y and annoyingly the n3150 quad core version came out shortly after purchasing (much annoyance!) so hopefully you get a much better throughput than me :)

    Emile

Reply Children
  • ehehe i'm sorry for your bad luck :(

    i will say if it works great!

    regards

  • i do some test with xenserver (vmware doenst work yet, i must check for workaround for relocating modules) and physically installation on hd. my hd is 320gb 5200 rpm.

    if i use xen server and install utm 64bit with ips/advance threat and webfilter activated or not speed is lock @ 30/40 mbps i used 4 gb ram

    if i use xen server and install utm 32bit same result but only 3,7gb ram (:D)

    if i install physical utm 64 bit with all services speed is limited @ 50mbps i can see 8 gb ram

    if i install physical utm 32 bit with all services speed is 97mps! but i can see only 2gb ram instead 8gb (6gb with home licence)

    for all install (xen and physical) secondary ethernet is not recognized, i must add it manually in interfaces section and then i can see eth1

    one another question, now im using 32bit with ram limit, but if i want to retest 64bit version can i use the backpu maded on 32bit?

    thanks

  • Hi,

    "one another question, now im using 32bit with ram limit, but if i want to retest 64bit version can i use the backpu maded on 32bit?"

    the backup file should work on either 32-bit or 64-bit.

    "physical utm 32 bit with all services speed is 97mps! but i can see only 2gb ram instead 8gb (6gb with home licence)"

    What do you mean by "6gb with home license"

    Which UTM version # did you use?

    Barry

  • i know that sophos utm home license has 4 core and 6gb of RAM limit.. am i wrong?

    do you know why i see only 2gb instead 8 of RAM on utm 32bit?

  • exzR said:

    i know that sophos utm home license has 4 core and 6gb of RAM limit.. am i wrong?

    do you know why i see only 2gb instead 8 of RAM on utm 32bit?

    My understanding is that limit applies to XG, not the UTM.

    No, I don't know why you only see 2GB. Maybe a PAE problem?

    You didn't answer which version you're using.

    It may be more productive to try to figure out why you're not getting good performance on the 64-bit version... can you take screenshots of 'top' on the linux console while doing your bandwidth tests on both the 32 & 64-bit versions?

    Barry

  • hi Barry,

    sorry i dont see it, i'm using the last Sophos utm software version: 9.401-11.1 (both 32 and 64bit).

    today if i can, i will try to reinstall 64bit and load my acutally configuration by backup.

    this is first speed test and top from download and upload with 9.401-11.1 32bit version

    i tried to install XG but i think chipset is not supported yes, i cant boot

    UPDATE: i have tried sophos xg and now it works, see screenshot

    this is second speed test and top from download and upload with SW-SFOS_15.01.0_MR-1.1-407 64bit version

    some times in download i take 60/65 mbps (maybe wrong xg config),i have advance threat, webfilter allow all, firewall rules empty, ips general policy and application contro allow all.

    but i think i'll back to utm because now i dont have time to learn how xg works... i will install utm 64 bit and send screenshot, i must understand why it doesn't work properly

    thanks

  • Did you tune Snort for your needs. The average Home user does not need all the settings and with a lot of rules SNRT will be a larger burden on that system then it can take. On my Zbox I have tuned Snort for what I have in my home as you can see in the screen shot. We also stated in the beginning of the thread that using Web filtering unless you have young kids is a waste of resources on this small build.

  • thanks for reply,

    yes, i tuned it, i need all features without exchange (i dont have mail server) and backup section. for web filter i used it as anviritus for my parents