Maximum throughput of Virtual Sophos

Hi,

from previous posts you are using a home licence

1/. assign 4 real CPUS and lock them to the XG

2/. assign 6gb of RAM and lock that to the XG

3/. make sure the disks are assigned to the XG

4/. make sure the NICs are correctly configured and assigned exclusively to the XG

5/ tune the IPS and DOS settings, the default settings will limit your throughput.

If you tune the IPS settings then you should not loose much if any on an individual connection and if you have many connections then you should attain the 10gb/s throughput.

These are my settings which are way from standard on the DOS part of IPS>

Use these as a starting point.

Ian

Hi,

Jonas Keller said:

The Sophos VM has 40 vCPUs and 100 GB RAM. What kind of throughput can I expect. Or differently... how much of my 10Gb/s speed am I going to loose.

If you actually have a license that's capable of utilize 40 vCPUS and 100GB RAM, then you wouldn't even bee worrying about it not reaching 10Gbit/s.

In a modern CPU, with IPS/WebProxy/ATP, on v17.5.x you can reach around  >820Mbit/s on a single core.

The only problem you would face over a 10Gbit/s connection is: XG currently uses Snort, any application which uses a single connection for transferring anything, you will be forced to use only a single core of your VM.

If you disable IPS on v17.5.x you will be getting line-rate throughput over it. Well, a 4vCore with 6GB RAM has capable of it*, then I don't see why 40vCore wouldn't be.

*With VIrtiO Drivers, not vmxnet3.

Ian said on the post above - your currently using the Home License, so your limited with 4Cores/6GB RAM, if that's true then you will only archive 10Gbit/s without IPS on v17.5.x.

Currently on v18 EAP there's no Core/RAM limit on it*, you should try it out when EAP 3 Refresh comes out.

*EAP 3 Refresh should have performance improvements, since it's currently.... "weird"...

Thanks,