This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New small passiv Home Build UTM QOTOM-Q190G4

Hi guys,

I want to migrate my virtuell UTM to a small, passiv (needs to be completely silent) hardware device.

I did some research and found this little barebone device which looks really nice to me and is often used by others with pfsense:

QOTOM-Q190G4 S02

Pros:

- 4 Intel NICs
- 10 Watt
- 4-8GB RAM
- The S02 model supports 2,5 SATA SSD (S01 only mSATA)
- quad core with 2 GHz
- VGA and 2 USB (nice for installation)

Cons:

- Intel Celeron Processor J1900 does not support AES (don't know how this will affect vpn and https scanning performance?)
- No ECC RAM


Is this box enough for an VDSL50 uplink for around 10 devices with Firewall, IPS, Web Filtering, Network Visibility, SMTP and POP3 Proxy, WLAN, Endpoint, Remote Accces and WAF enabled? (Mail Protection and WAF will most likely not be needed in the near future)

So what do you guys think about it? Will UTM run smoothly on it? Or do you have any other devices which will saturate my requirements? Suggestions highly welcome :)

 



This thread was automatically locked due to age.
Parents
  • I'm pretty sure the system will struggle on IPS alone with let alone all the other services enabled. The Celeron is not fast enough, you should best arrange for a high MHz i3 processor. I don't know what this processor will do to your VPN-connections.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Some more research about the processor performance concerns and missing AES-NI instruction set:

    As I told, at the moment, my Sophos runs virtuell on an 2008 R2 Hyper-V Server. This Server uses an Intel i5-2500T processor. This processor does have the AES-NI instuction set, is a quad core with 2,3 GHz and has an benchmark CPU score of 4594.

    The VM only got two cpu cores attached. So I would cut the benchmark score in half, so around 2300, which is nearly the cpumark of the J1900 from the barebon box. Also the Trubo Speed of 3,3 GHz of the i5-2550T is disbaled on my server, so always running at 2,3 GHz and therefore single thread performance will actually be less than what http://www.cpubenchmark.net claims.

    Furthermore, I checked whether the AES instruction set is also mapped into the VM with "cat /proc/cpuinfo | grep aes" with no output. So it seems that the Sophos VM is not aware and does not make use of the cpu capabilitys. But WAF and VPN and also HTTPS scanning runs smoothly with this setup right now.

    On top of that, my server does not use ECC RAM since more than 5 years...and never had problems..so I think not really that nessescary.

    All in all I guess that the performance will nearly be equal. But some more opinions or recommendations of other barebones etc. would be really nice.

  • Don't look too hard on the numbers you find. When using IPS you will need a fast processor or you will find IPS the reason your maximum bandwidth may be capped under your real bandwidth you get from your ISP.

    With your 50Mbps connection it might however be enough, be sure to test it upfront or get information from others with about the same bandwidth. I once builld an atom c2550 but it was not enough for a 100 Mbps line with IPS switched ON. I cannot recall exactly, but it was either capped at around 60 or somewhere around 80 Mbps.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • Don't look too hard on the numbers you find. When using IPS you will need a fast processor or you will find IPS the reason your maximum bandwidth may be capped under your real bandwidth you get from your ISP.

    With your 50Mbps connection it might however be enough, be sure to test it upfront or get information from others with about the same bandwidth. I once builld an atom c2550 but it was not enough for a 100 Mbps line with IPS switched ON. I cannot recall exactly, but it was either capped at around 60 or somewhere around 80 Mbps.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
  • I've compared the spec of this little j1900 box to a few of the sg1xx series and on paper the j1900 appears to out perform, would one of these little qotom boxes with 8gb ram and 250gb ssd not be a pretty quick little box for a home sophos user??

    I'm looking at this little box to run 2x 80/20mb fttc connections for around 10-20 devices, it will be doing dhcp, dns, port forwarding, load balancing the 2 wan connections and a 24/7 IPSec tunnel to my office.

    Or can anyone recommend a similar unit that can do the job?? Needs to have 4gb lan ports and be wall mountable.

  • Hi guys,

    so in the meantime I ordered this littel box, set it up and got it running for a few days.
    Want to share my experience :)


    Installed it with 4GB RAM and an older 250GB SATA SSD which was laying around.
    Setup was very easily with 9.408-4 iso, an usb cd drive and a vga monitor.

    Performance is really nice with around 15 device and a couple of users and nearly every service turned on.
    The small box gets slightly warm, but not hot. (Checked with an burn in test first)

    Really nice device :)

  • So a nice device for your 50Mbps connection. Thanks for sharing your experience!

    Did you also happen to check the real power usage? 10W as is stated in the specs would be really really nice.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Hi

     

    I just bought one.

     

    Is there any trick with the BIOS to get the USB ISO to load?? (ACDI command or something?)

     

    I read that some QOTOM boxes have the Ethernets mislabled. Are they correctly labelled on the 1904??

     

    Thanks!