XG Firewall Home edition on Celeron J1900

Hi All

Apologies if this has been asked before

I have a qotom hardware with 4 Intel NICs running on Intel Celeron J1900 processor. I was running OPNSense on it for many months and wanted to try out the XG Home edition version 18.0.1-396. I tried to install it with both UEFI and Legacy boot and could only boot it with Legacy Boot option. 

Post the boot, after 2-3 minutes, it just hangs and I can't ping 172.16.16.16 and no response on the VGA console. What should I do to fix this issue

Following is the CPU details (installed Ubuntu 18.04 recently)

root@pghome-ubnt:~# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 4
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 55
Model name: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
Stepping: 9
CPU MHz: 1332.800
CPU max MHz: 2415.7000
CPU min MHz: 1332.8000
BogoMIPS: 3998.40
Virtualization: VT-x
L1d cache: 24K
L1i cache: 32K
L2 cache: 1024K
NUMA node0 CPU(s): 0-3
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology tsc_reliable nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 movbe popcnt tsc_deadline_timer rdrand lahf_lm 3dnowprefetch epb pti ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid tsc_adjust smep erms dtherm ida arat md_clear



Added TAGs
[edited by: emmosophos at 12:19 AM (GMT -8) on 12 Feb 2021]
  • With that CPU you're going to need to disable features on your Firewall rules IPS, or even Traffic AV scanning too depending on how the removal of IPS on your rules works??

    Ive always gone for Intel Core I3 (dual core with HT) min I5 (Dual Core with HT or Quad Core) recommended or I7 (Quad core) best practice those can be Mobile editions too.   If your machine was to be Fast Path Compat then maybe but as far as Ive been able to tell that's Sophos HW realm only??

    Hope that helps IPS can be CPU intensive depending on how your IPS rules are set also but J1900 id think IPS would need disabling to get any decent throughput out XG V18 Home ed.....

    JK

  • Could also be the size of memory.

    Also the hardware encryption is missing. I think OPNSense, pfSense or Sophos SG might better suit to this Hardware.

  • what you mean by that H/W encryption AES?? sure, XG doesn't use it anyway, Sophos XG is fine it's just heavy on resource usage as it applies multiple features on the passing traffic. PFSense may be lightweight, or it was but since it was bought out and no longer free to use it become bloated too..... But i don't even consider PFSense, for me is XG with HW to utilise it properly i.e. XG Home up to 4 cores and 6gb ram.

    Its same reason Sophos suggest disabling some features on rules for their low-end Sophos boxes.....  More Memory may not help in this case depending what this user's ram capacity is they didn't say.  I'd hope it's at least 4gb min, IPS is the CPU hog along with AV scanning on traffic next......

    JK

  • I am talking about AES-NI. This helps with the troughput of VPN connections. If I understand it right it is supported on the bigger XG hardware applicances.
    community.sophos.com/.../hardware-acceleration-aes-ni-isn-t-being-used-on-the-software-version-of-xg-v18

  • Assumed you meant AES but yeah depends if you need, Doubt the j1900 has it but could be wrong as haven't asked google. 

    JK

  • Hi,

    AES-ni is not supported on low end Sophos hardware or the home edition. The j1900 will work but the GUI will be very slow and throughput will depend om your WAN link. Make sure you have the maximum memory installed eg two 4gb sticks and that your NICs are not realtek or i219 series.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with AP55c -20w. 
    2 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Hi john_kennny - i looked into my XG 135w which should be able to handle smaller companies. Contains 6 GByte RAM and a Intel Atom C3538@2.2 GHz Compared to the J1900 Pankay Gupta is using there is not that much difference the J1900 is even faster than the J1900. (Single thread  569 vs. 647 and Passmark 1650 vs.1111). 

    The "feeling" of the webinterface on XG 135w is rather slow.

    However compared with what you are proposing - current 2/4; 4/4 or 4/8 processor this rather slow.

    i3 (i3-1100@3.6 GHz 4/8; single Threas 2645, passmark 8899) /* Did not find a 4/4 i3 */
    Pentium Gold G6500@4.1 GHz 4/4: single Thread 2567, passmark 4213)

    Do you know whether the home version is supporting Hyper-Threading? I know it is 4 cores with 6 GByte RAM but nothing about the Hyper Threading.

  • Im work with XG125 rev 2, XG135 rev 3 and both have slow WEB interface. My old test box with 4GB RAM and Intel Core2DUO CPU(P8600) with old 500G HDD(XG HW have SSD) have a lot of faster GUI... For example on XG135 you need to login and go to network then DHCP to se dhcp leases and you need around 1-2 minutes to do that. On my old test box I can do around half faster(30-60 seconds)... It load pages a lot of faster but on paper is probably same speed or slower...

    Sophos XG v18.0.x - Supermicro CSE-512, X10SLM+F, E3-1220v3 8GB RAM, Intel X520-DA2

  • Yes Home version can utilize HT as its done by the Motherboard not the OS......  As i mentioned all I try to do is max out Home Ed's max spec 4 cores whether physical or logical its no different really and then 6gb Ram + SSD for good measure.

    See I use Partaker 1U machines for my DIY XG home ed builds..  Come in I3, I5 & I7's plus SSD and 8gb ram as long as you double check the HW specs to confirm its HT or quad physical core and they run a treat, get em off amazon.....

    Along this line: -

    www.amazon.co.uk/.../ref=sr_1_1

    Just keep in mind some items have multiple models other than the CPU & RAM buttons selected and previewed from hover over with the small Icon pics under the price sections, took me while to clock that but thats where you will find the various model CPU units.. Just takes time to find the perfect model but that url should be for I5 and then just use the 8GB RAM, 64GB SSD button and your Golden... (FYI This is only for XG Home ed usage not to be used in production!!!)

    Also Atoms same issues as Celerons fine for low throughput but for decent throughput u really need XG2XX or XG 3XX models as there CPU's are XEON's if you read up on the specs but as mentioned the Partaker 1U units ive been using I5 or I7 run like bats out hell lol and multiple NIC's too.....

    JK

  • Hi,

    there's a difference between a real and a hyper thread core. Real cores uses memory  and provide 100% CPU, hyperthreads rely o ethereal core to provide IO etc and provide a lot less processing power. So for home use the recommendation is 4 real cores at the highest speed you can get at a reasonable cost and power consumption eg the unit in my signature.

    Ian

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with AP55c -20w. 
    2 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.