Hardware Limitations In Home version

C'mon mate, lets imagine that sophos has to pay salaries, developing new solutions, ideas maintain current activities, infrastructure etc etc. We can be glad that sophos is allowing us a home users to using their product just for free with all features. Beside that, for home usage 4 cores and 6 gb is a overkill. With all features on you can gain 1GB/s. look how Fortigate(and other solutions) are expensive, what the are offering etc. With sophos you've got it for free with great community :) appreciate it ^^ and if you wanna use it for commercial just support it - buying it ;)

I understand this logic, but there is no reason to limit hardware if it is proven that the UTM is in a home location.  There are tons of other UTM packages out there that don't have hardware limitations.  I don't mind paying the annual license, but to pay the annual license with a hardware restriction is weak.  I guess I'll just stay on PFsense until they finally decide to remove the limitations.  Thanks

There is a thing of cutting off your nose to spite your face - by all means stick with PFSense if you so wish - just to ask....you are aware of the security vulnerabilities that exist in the product?

If not, pass me your IP address and I'll give you a demonstration...

Hi Michael,

you can use the fastest intel processor money can buy, nothing stops you building a system around it, but you need a special mother board, big power supply and lots of heatsinks. But you gain nothing in performance eg my e3 is the same processor Sophos use in their topend models.

Also it is not a developer issue it is a marketing issue.

Please let Tim demonstrate PFSense to you.

Ian

As a company, before we take on support of clients networks we put things through a PEN test, PFsense has always produced interesting results to say the least, it's good for a "home" protection and better than the NAT based solutions you had with the standard routers provided, but no where near good enough for the enterprise.

You have to think, what would you prefer?  An enterprise solution for home, albeit with some hardware limitations, or an open-source experiment for the home market.

@Michael Caplan

Sophos don't want your $50. More hassle than it is worth and I can well understand why they dropped it for UTM. One of the things I don't miss moving to XG is the 50 IP limit. In itself it was OK for a home network but as it is my 'playground' I quite often exceeded it testing new network setups. Ended up having to reinstall UTM each time it happened.

I don't agree it is 'easy' to verify whether Home is genuinely being used at 'Home' - which would also require more time and effort (which means money). Sophos put a cap on to prevent people using it illegally in large commercial environments.

I am grateful to be able to use it free at home. It also benefits Sophos (which is why they do it). From being able to use it and evaluate it at home, I have since become a Sophos partner and have several installations planned for customers.

I also really can't understand your view point. The current cap should allow you to use it in a home environment, even with 1Gb connections, for the forseeable future as long as you have the right spec hardware. What is the problem?

@Mike Scott

I've installed the home edition on both a 125 rev2 and a 430 (my current home kit). It can be tricky getting it to install on the installed SSD so I just replaced it with a new SSD and then installation was easy. A small SSD is cheap and I got the 430 for £300 which is cheaper than anything I could buy new of similar spec and it fits nicely in my rack (yes, I'm sad enough to have a rack at home). The only thing you lose is hardware specific support (for instance the LCD display doesn't show anything meaningful).

Makes sense and the best way of understanding what you're taking on.  Many years ago when I worked in the MSP space we walked away from a big customer as so many issues were identified during the pre-onboarding process.  They refused to have items address or money spent, so the contract never moved forward.  I visited their rented datacentre space in Canary Wharf and it was horrific.

Interesting re pfsense, particularly as I've seen large orgs using it.  Going to google it a bit more, even with version 2.4.5?  Problem with any vendor is getting past the marketing blurb.  Take Unifi for example, awful edge products imho

I've worked with Fortigate, Cisco (PIX/ASA), Microsoft ISA (shudder)..  My main skills though is infra, vmware, Wintel, networking and so forth.

Only exposure to Sophos XG at the moment is at home and I like it.  The problem with any solution installed at home is are they left in the default setup.

Thanks for you time I just wanted a simple answer; no the limitation is still present.  No clue why you guys argue that the limitation is acceptable; it’s not for me.  I’ve stated it multiple times, but you guys seem programmed that limitations are okay.  Cool; it’s not for me...

No point in continuing this post any longer.   Thanks again for your time.  Please mark this post as closed or delete it.

Not arguing, I just accept what Sophos offer as do I accept what the other vendors offer.

Each individual's requirement is different and enjoy whatever fits your requirements best.  I'm still determining what's meets my needs best, but then I also like to explore vendors offerings.

Was in reply to the others not you; as you seem to be in a similar boat of testing new packages.  Good luck on figuring out what works best for you.  

The only times I've seen large organisations using PFSense is for internal VLAN segregation, and where QoS is required - not for permitter use - they normally seem to leave that to the commercial side of things.

Open Source has been a big no-no for a lot of the companies I support - it's the fear of the source code being available and therefore being examined by hackers for exploits - with closed source you have to take a longer route to find them.

And agree, the problem is that most things at home have been left in the default setup, and that usually is not hardened enough...how many home users would just have an any>any rule, rather than just allow what's needed and block everything else?

Any>Any kind of defeats the object of having a firewall - and a lot of people while they are happy to control what comes in, they forget about securing what goes out.

Flyncalpoly said:

No clue why you guys argue that the limitation is acceptable; it’s not for me.

It isn't about limitations. It's about "is it sufficient to satisfactorily do the job I need doing".

Every solution has limitations. You can always specify more cpu, more memory, more bandwidth etc. If Sophos limited you to 100 CPUs and 1TB memory would you be happy or would it still be 'limited'? If you were going to provide an XG solution to a customer would you specify the biggest possible (at enormous cost) because it has the least limitations? Of course not, you specify what will do the job.

Will the free solution that Sophos offer do the job for a home user? Yes. That's what matters!

Flyncalpoly said:

No clue why you guys argue that the limitation is acceptable; it’s not for me.

It isn't about limitations. It's about "is it sufficient to satisfactorily do the job I need doing".

Every solution has limitations. You can always specify more cpu, more memory, more bandwidth etc. If Sophos limited you to 100 CPUs and 1TB memory would you be happy or would it still be 'limited'? If you were going to provide an XG solution to a customer would you specify the biggest possible (at enormous cost) because it has the least limitations? Of course not, you specify what will do the job.

Will the free solution that Sophos offer do the job for a home user? Yes. That's what matters!

With the limitations I wouldn’t offer it as an option to home based clients.  With being unable to fully test the software to its full capacity no I wouldn’t spec out to my business clients.  Again it’s a choice the company makes.

Flyncalpoly said:

With the limitations I wouldn’t offer it as an option to home based clients.  With being unable to fully test the software to its full capacity no I wouldn’t spec out to my business clients.  Again it’s a choice the company makes.

I'm sure Sophos will be sad to lose your business.

Thanks for trolling.  If people like you are representing the company then I have no desire to be part of this community. Have a nice day troll

Flyncalpoly said:

Thanks for trolling.  If people like you are representing the company then I have no desire to be part of this community. Have a nice day troll

I'm sorry, but, What the fsck? Seriously?

I can't believe I'm wasting my time writing this. This really looks like a weak troll post from you.

In the beginning of the thread you said;

Flyncalpoly said:

there is no reason to limit hardware if it is proven that the UTM is in a home location.

How in the world will you prove to Sophos that  your currently only running XG on a Home environment? Do you really think they will put a lot of people and money just to inspect all Home users 24/7/365 to know if their running the Home version within their homes, instead of a small office? Just so the home users can have no hardware limit.

You should be grateful there even is a home license from the beginning.

No other else NGFW vendor in the market does this.

Flyncalpoly said:

There are tons of other UTM packages out there that don't have hardware limitations.

And all of them doesn't even come close to what Sophos XG is currently capable off. Most of them are half baked solutions, and open source packages that have no interconnection between themselves.

Look at pfsense, you can't have an IPS such as Suricata or Snort inspecting decrypted content from Squid, just because both of them inspect traffic direct from the interface.

Flyncalpoly said:

The limitation could be removed with the annual plan of $50/yr for the home premium.

As stated by rfcat_vk, the old astaro had a home license for $50, but the administration cost has way too high to maintain, It's much simpler giving it out for free to the home users.

Flyncalpoly said:

What you see is fair is your opinion; what I see is fair as a power home user / home lab is different.

If you were a Home lab user, or a power users you would know exactly the performance you can get from XG. Even for today standards you can get 1Gbit/s of inspected traffic with XG fairly easy.

The only problem here are people running CPU's from 2010 and expecting to push 1Gbit on their old dual core celeron that even on 2010 standards has already too weak.

Flyncalpoly said:

The limitation isn't necessary, and pushes people away from the product, which it has done to me.

The limitation is necessary, so companies don't abuse it.

Flyncalpoly said:

It doesn't seem this product is in primetime for power users.

Complete the opposite, just give yourself a time and learn what XG is capable of.

Flyncalpoly said:

Would you use a faster computer if there were no hardware limitations?  If you had a 7th generation intel with 16gb of ram, a 3 year old computer, would you want hardware limitations on it? You don't see a problem; I do.  No argument in the world will change my mind that there shouldn't be hardware limitations built into the software..

Why do you even want a i5, i7 just wasting energy and being loud as fsck while a 2018 Celeron that barely uses 20W can do 1Gbit with SSL/TLS Decryption?

Flyncalpoly said:

Any who this seems pointless at this time; as the developers will not unlock the software package for users.  Therefore, I will continue to use PFSense rather than giving the Sophos developers a yearly subscription fee.  Good luck to others; maybe they will finally realize this is the right thing in V20.

https://www.enterpriseav.com/SFv-4C6.asp

The current price for a 4C6GB license, with the same features of the home version will cost you $7000 USD/Year, do you really want more as a home user?

Flyncalpoly said:

With the limitations I wouldn’t offer it as an option to home based clients.  With being unable to fully test the software to its full capacity no I wouldn’t spec out to my business clients.  Again it’s a choice the company makes.

One thing, Home Users here are the minority. And if you really wanted to offer XG for your clients, you could simply become a partner and get NFR licenses for demonstration.

“you could simply become a partner and get NFR licenses for demonstration.“

Thank you had I known this I would have gone this route in the beginning.

If and when I can get Vodafone Gigafast etc.  I'm mulling a £500 budget for a device, I spent £300 on a UDM-Pro before selling it a month later.  They're now going for crazy money for what is such a flawed edge device.

Tempted to sell the Pondesk unit I bought and get the i3 back into service.  The SFF PC with 4 port Intel NIC is just sat in the spares pile at the moment.  Not sure the total power consumption of the unit.

This is a comparison between the two units I have atm re CPU - http://cpuspecs.com/E3845-vs-i3-6100T

Look at a Dell OptiPlex 3070 with i3-9100 - that's currently less than £500 with more than enough SSD storage, 8GB RAM.

Install a PCIe network card, and you'll have the ultimate machine, that's reasonable on power, and also enough throughput.

Shame the SFF offering from Dell doesn't have the ability to install a SFF PCI-E NIC.

The Intel I3-9100T has a lower TDP rating too.  Will look into options further etc.

I thought the SFF does - or do you mean the Micro - as I presume the later and yes would be nice if that had a PCI-e slot on it - would be perfect...

BLS said:

I thought the SFF does - or do you mean the Micro - as I presume the later and yes would be nice if that had a PCI-e slot on it - would be perfect...

 

Sorry, yes I was referring to the Micro.

Currently on a 70/20 Vodafone ADSL connection, just wanting Vodafone to pull their finger out for rolling out Gigafast more.