Thread Info
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 3439 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is older Xeon E5-2650 enough for home network?

Olan Wilson

I've been playing with Sophos UTM in an ESXi VM for a bit now and am currently using it for NAT and port forwarding to a couple lightweight DMZ guests.  I am thinking I want to try it out as my primary firewall in place of my ASA 5505.  I'd really like to build a new ESXi host for a new Sophos VM and also move my existing DNS/DHCP/RADIUS, etc guests to it as well.  Kind of an infrastructure host that's not dependant on my home lab in any way.  

I have a spare E5-2650 8c/16t @ 2.00Ghz and plenty of DDR3 ECC RDIMMs for such a machine. Intel ARK E5-2650

My internet is a 50Mb/5Mb cable modem connection right now but I may upgrade to the 100/10 service in the near future.  There are 4 or 5 human users at any time and I have a pretty healthy complement of VMs and such going on as well.  I plan to use the basic NAT firewall functionality as well as IPS and web filtering.  I intend to demo the end-point protection and may use VPN as well.

I know that IPS in particular is single threaded and thus very Mhz dependant.  Does the E5-2650 have enough single threaded performance for my use case?  If that Xeon won't get it done I also have an earlier 1366 socket X5670 6c/12t @ 2.93 Ghz Intel ARK X5670 but I'd prefer to use the slightly newer E5.

 

TIA.



This thread was automatically locked due to age.

  • put 4 cores on it and have more than 2 users at once and you'll hit 100 megs easily with ips.  each user might see 75-100 megabits per stream but they will easily see 50 megs per stream.  The ghz is a bit low but for 100 megs two users will definitely saturate the wan link with IPS active.  

     

    In my case I have dual x5570's and I have 4 cores assigned to the vm.  I briefly had 105/15 with it before I went to business class 50/10.  I am getting ready to put in 2 x L5640 cpu into that same machine to lower my power bill.  Once I do that I'll raise the VM up to 6 cores(for the extra snort instance) just to make sure I have plenty of threads available to snort.  I currently use hyper-v for my hypervisor but the concepts in terms of how to build your vm's for UTM are the same..:)

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • i think its enough for your needs.. i would use the newer E5... 

    i use a zotac ci 321 at home with latest utm on it and all security features enabled (ips / av scanning / 1 ipsec-tunnel / http-proxy...) no problem with it..

    just give it enough ram, minimum should be 8GB RAM.

     

    will you build a esxi host only to host sophos on it? try to install utm directly without vmware... maybe runs better... if the hardware is supported.

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • in reply to William Warren

    I had hoped it would be enough just wanted additional opinions.

    I have enough RAM on hand to max out whatever motherboard I get so that won't be a problem.

    I do plan to host other VMs but nothing intensive.  Likely one running DNS/DHCP/RADIUS and also my kids Minecraft and chat servers. I'd thought about putting together a little i3-6100 box just for Sophos bare metal but I am space limited in my wiring closet so a single box would be ideal.

    Thanks for the replies.

Unfiltered HTML