This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to optimize Home Software UTM 9

I switched ISP's and went from cable to FiOS. The promo price for Gig worked out to be same as 150Mbps so I took it. I was getting 60Mbps with cable. Now that I have Gig FiOS, I still get 60Mbps!!!

If I disable Intrusion Prevention, I get mid 900Mbps up and down.

I have Sophos UTM installed on an Intel box with a Core2 DUO processor and 8Gigs of RAM. When I check CPU and memory usage, CPU is very low with occasional spikes at 50% when testing bandwidth. Memory never goes above 25% usage.

What are the "best practice" optimization settings for UTM 9? I've never tweaked any IPS settings.

What speed should I expect to see with my current UTM? I do have another box with an older i5 processor I can try if someone tells me it will make a noticeable, worthwhile difference.



This thread was automatically locked due to age.
Parents
  • Thought I'd make one final post in this thread.

    I ended up canceling the Verizon service, altogether. I got nothing but a runaround from them. My first bill was NOT what they promised and I got contradictory information each time I called. I currently have a Comcast Business connection rated at 75/15 Mbps but it never drops below 90/17 Mbps (w/o IPS). I upgraded the CPU in my trusty, old Optiplex XE ($10) so it's now a little faster @ 3.33GHz.

    I now get...

    SPEED TEST (Mbps)

    Core 2 Duo @3.33GHz

    With IPS – SpeakEasy

    72 Down, 17 Up

    ... so now I'm satisfied with the hardware performance since I'm getting all of the bandwidth that I'm paying for with IPS enabled.

    --------------------------------------------------------------------
    Sophos UTM 9.719-3 - Home User
    Virtual machine on Dell Optiplex 3070
    i3-9100 @ 3.60 GHz, 16 GB RAM
    --------------------------------------------------------------------

  • Yeah, so according to clockspeed is king solution you could implement / use a Intel Core i9-9900 by default or OC round about 6Ghz. ;)

    Nope, but I think your Core2Duo would slow down much other parts and features. I think a little bit newer CPU would be the better choice....even so watching for a higher clock speed. more than 4 cores would not give you the ultimate joker and boost, but I would look for a i5 or i7 >3Ghz and a generation of i5/i7-3000 or -4000....it will also depend on the money you willing be spend to...

Reply
  • Yeah, so according to clockspeed is king solution you could implement / use a Intel Core i9-9900 by default or OC round about 6Ghz. ;)

    Nope, but I think your Core2Duo would slow down much other parts and features. I think a little bit newer CPU would be the better choice....even so watching for a higher clock speed. more than 4 cores would not give you the ultimate joker and boost, but I would look for a i5 or i7 >3Ghz and a generation of i5/i7-3000 or -4000....it will also depend on the money you willing be spend to...

Children
  • The first box I used for a couple of years had a newer i5 CPU. I acquired two Optiplex XE boxes at no cost and decided to try them. I saw no difference in performance (other than bench-marking) so I  repurposed the i5 box.

    The difference between the Core2Duo and the i7-3770 that I tested was also not noticeable with my usage. I'll stick with the old Optiplex XE boxes until they go kaput. They are built like tanks.

    --------------------------------------------------------------------
    Sophos UTM 9.719-3 - Home User
    Virtual machine on Dell Optiplex 3070
    i3-9100 @ 3.60 GHz, 16 GB RAM
    --------------------------------------------------------------------

  • optiplex or hp elitedesk - they would survive a nuclear war.

    but why do so much people criticise the old utm120 boxes that they aren´t able to handle newer utm software versions especially in handling ips, av proxy, webprotection, etc?

    the sg115 for example has an atom e3827 with 1,74ghz - the old utm120 an atom n270 (?) with 1,6ghz...yes, the e3827 has two physical cores and the n270 only one with HT - but I think especially VPN and de-&encryption your better choice would be a newer cpu...clock speed has a big impact also for the performance overall.

    also it would depend if you have many clients behind your firewall...for home usage maybe a dual core would be enough. :) how many clients and traffic are behind yours?

  • The UTM is in a home-lab environment. There are never more than four local or VPN users. I do host a few websites on different servers along with a FTP server and an email server; all of which are behind the UTM.

    I use the following UTM services & protections:

    • DNS
    • DHCP
    • VPN
    • Network Protection
      • Firewall
      • NAT
      • IPS
    • Web Protection
    • Email Protection
    • Advanced Threat Protection
    • Webserver Protection

     Here is a typical day for the Core2Duo E8600:

    --------------------------------------------------------------------
    Sophos UTM 9.719-3 - Home User
    Virtual machine on Dell Optiplex 3070
    i3-9100 @ 3.60 GHz, 16 GB RAM
    --------------------------------------------------------------------

  • A bit of history, please search the forums for posts by William (at least 5 years ago but still relevant), he did a lot of research into the IPS on on the UTM.

    For home users :-

    1/ remove all unused IPS patterns

    2/. the fastest multi-core CPU you can get

    3/. turn  off power saving eg so the CPU is going flat out otherwise the IPS does not ramp up the CPU processor speed.

    4/. set IPS instances to be CPU cores -1

     

    The IPS in the UTM is still single threaded. If you have a number of users running speed tests you will cause the CPU to ramp up and the link run at full or close to full speed.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.