Hi Bobby,

You will get >1Gbit/s throughput with the 3400G on Threat Prevention Traffic (IPS+AppCtrl+AV), but I'm not sure if you will get 1Gbit/s with SSL/TLS Decryption. (There are issues with AMD Ryzen on things related to encryption/decryption in v18)

If your not doing SSL/TLS Decryption, then even a Intel G5400, a 2C/4T CPU can handle 1Gbit/s.

But my recommendation if your going to decrypt your traffic, is go with Intel, or if you can, get a Ryzen 3300x instead of the 3400G, since It's a really good value CPU; And can handle 1Gbit/s of Threat Prevention with SSL/TLS Decryption. (I'm currently using it.)

Thanks!

Thanks for the response. I'm only doing ssl decryption on the DMZ and guest wireless. If the Ryzen 3300 can give me the same performance without any issues I will go with that. 

However, you mention issues as it pertains to encryption / decryption. Can you give some examples? I dont want to purchase new hardware only to have issues. 

Also, if I decided to go the Intel route what chip would you recommend besides the G5400? Just curious.

Thanks for all responses.

BobbyDigital said:

However, you mention issues as it pertains to encryption / decryption. Can you give some examples? I dont want to purchase new hardware only to have issues. 

There are a lot of issues, primarily with Ryzen Gen 1, which is the 1X00 Series and Gen 2 which is 2X00, there are some relates of both 3400G and 3400G also having issues; For some unknown reason anything related to encryption/decryption is absurdly slow.

I'm talking about 200Mbit/s over a single x86 core at 3.8Ghz. but you will only suffer this issue while doing SSL/TLS Decryption - Interested enough the throughput with Threat Prevention is really high for those CPU's.

BobbyDigital said:

Also, if I decided to go the Intel route what chip would you recommend besides the G5400? Just curious.

Get a >7th Gen or above, primarily 4 Cores CPUs, one that I can recommend, (If you find used) is the I3-8100.

BobbyDigital said:

If the Ryzen 3300 can give me the same performance without any issues I will go with that. 

Yes, you will be able to do >1Gbit/s with SSL/TLS Decryption on the 3300X with a imix traffic. (I know this from personal experience.)

Also,

BobbyDigital said:

I'm only doing ssl decryption on the DMZ and guest wireless.

Just to clarify this, how you will do decryption on your guest network? It's not possible to do it without importing the XG Certificate Authority on the client.

Thanks!

Thank you for the response. My guest wireless is really just devices at my home network that are untrusted so I have the cert installed on them. 

Thank you for your response. I will purchase the 3300. I see a new one on Amazon for $90. 

Again, thanks for your assitance. 

Just a reminder, the 3330X don't have graphics, so there are two ways to install XG on it, or you can put a graphics card and remove it after the installation (Sophos XG will boot without any issues - without a graphics card.), or get a motherboard such as the ASRock X470D4U.

Thanks!

Prism

would the AMD Ryzen 3 3100 4-Core, 8-Thread or AMD Ryzen 3 3200G 4-Core Unlocked Desktop Processor with Radeon Graphics work just as good? I'm not seeing a lot of 3330X readily available.

Again, thanks for all responses. 

It's better to get the AMD Ryzen 3100.

Prism

Just wanted to say thanks for the recommendation. This build is exactly what i was looking for. I'm getting about 780mbs down and over 900mbs up. My old AthlonXP processor I was getting about 150mbs down and like 250mbs up. 

Once again. Thanks for all the responses. I appreciate it.

That's awesome!

One tip for even better throughput.

SSH in your XG or open the Console from the Admin Page, and go to Option (4) which is Device Console.

In there execute: "set ips search-method hyperscan".

Hyperscan is a regex matching library from Intel, which is around 4x faster than ac-bnfa - that Sophos set as default on the Software Installations. This will increase your IPS throughput by around 3x in the Ryzen 3100.

Thanks!

will do. Again, many thanks