Jump to content
RESET Forums (homeservershow.com)
itGeeks

Sophos UTM is getting a new version and guess what? No more 50 IP Limit.

Recommended Posts

schoondoggy

 

Whats the numbers been for the CPU & Memory usage? Are you using IPS and Country Block?

IPS yes, country block no.

CPU and Memory are both under 50%

Share this post


Link to post
Share on other sites
itGeeks

IPS yes, country block no.

CPU and Memory are both under 50%

Same here, Sounds like you and I have matched that hardware well for our Sophos system. I just don't see any added benefit of going with a Core i3, i5 with 6 or 8GB of memory in our use case. How much of a hit does your internet bandwidth take using IPS?

 

Thanks for taking the time...

Share this post


Link to post
Share on other sites
itGeeks

That one is probably geared for point-of-sale systems, hence all the legacy ports.  However, those can be good with a router/firewall, and there are other versions in roughly the same price range.

 

The server versions with dual-NIC ports cost far more, so better off getting a basic and a PCIe x1 dual-NIC, or a quad-port if you need multi-WAN.

Thanks for the info. I tend to spend the extra on motherboards if its main use is a server because that's just how I like to do things. I just found this box and it looks like it would make a fantastic router/firewall or HTPC, The only thing I can see bad about it is those LAN ports: 2 x RJ-45 port - "Realtek" RTL8111E 10/100/1000 Controller and not Intel

http://www.amazon.com/Qotom-serial-trail-j1900-Windows/dp/B0148K0QSS/ref=cm_wl_huc_item

Edited by itGeeks

Share this post


Link to post
Share on other sites
itGeeks

Thanks.  My test box is actually an I3-2120 with 8 gigs so it sounds like that should do the trick.  I plan on trying to put this together this weekend to see how this runs.  Are you using this as your primary router or did you configure a test connection?

Yes it sounds like you should be fine with your hardware, Once Sophos goes GA and you get your home license according to Sophos it will only use 6 of the 8GB of memory. I am using this as my primary router, I have most all the protection enabled the only things that are not enabled at this time is country blocking or traffic shaping.

Share this post


Link to post
Share on other sites
LoneWolf

Thanks for the info. I tend to spend the extra on motherboards if its main use is a server because that's just how I like to do things. I just found this box and it looks like it would make a fantastic router/firewall or HTPC, The only thing I can see bad about it is those LAN ports: 2 x RJ-45 port - "Realtek" RTL8111E 10/100/1000 Controller and not Intel

http://www.amazon.com/Qotom-serial-trail-j1900-Windows/dp/B0148K0QSS/ref=cm_wl_huc_item

 

Anything within a reasonable price will likely be Realtek in the ITX segment.  Anything Intel will probably be wildly expensive sadly, at least if it's onboard dual NICs.

 

That system looks like an interesting one.  I'd probably want a slightly larger mSATA SSD, but the fact that it comes with one indicates that shouldn't be difficult to change.  It would also make boot and response time quite good.  The price is right too.  Hard to tell the quality control until you get one, but on the surface, doesn't look bad at all.

Share this post


Link to post
Share on other sites
itGeeks

Anything within a reasonable price will likely be Realtek in the ITX segment.  Anything Intel will probably be wildly expensive sadly, at least if it's onboard dual NICs.

 

That system looks like an interesting one.  I'd probably want a slightly larger mSATA SSD, but the fact that it comes with one indicates that shouldn't be difficult to change.  It would also make boot and response time quite good.  The price is right too.  Hard to tell the quality control until you get one, but on the surface, doesn't look bad at all.

But sadly its going to be a deal breaker for a Sophos box I think because of those "Realtek" NIC's, They are the worst. To bad it was not at least Broadcom.

Edited by itGeeks

Share this post


Link to post
Share on other sites
LoneWolf

But sadly its going to be a deal breaker for a Sophos box I think because of those "Realtek" NIC's, They are the worst. To bad it was not at least Broadcom.

 

Broadcom has plenty of odd issues.  I wasn't able to avoid them for the Microserver Gen8, but I've worked with too many Dell PowerEdge servers with Broadcom NICs to ever want to use them.  Firmware issues, issues where TCP chimney and other settings cause problems, etc.  My worst involved having the Broadcom NIC teaming software break an entire network stack, requiring opening a ticket with Microsoft Networking support, whose tier one support helped break my server worse.  I ended up doing a repair install of Server 2008R2 on a primary domain controller at 2AM in the morning for that one --boy am I glad that one is in my rear view mirror.  That and  as of Server 2012, I'd never deal with Broadcom's teaming software again when you can just use Microsoft's built-in teaming features.  As any Dell servers above entry level are customizable, we spec Intel NICs whenever we can for clients (at the place I'm at now) and only use Broadcom when we don't have a choice.

 

Realtek isn't great, mind you, but it has improved quite a bit from what it once was.  If they are supported by the Sophos UTM, I'd probably try using the above box; I can't see problems being likely at the home-user level.

Share this post


Link to post
Share on other sites
itGeeks

Broadcom has plenty of odd issues.  I wasn't able to avoid them for the Microserver Gen8, but I've worked with too many Dell PowerEdge servers with Broadcom NICs to ever want to use them.  Firmware issues, issues where TCP chimney and other settings cause problems, etc.  My worst involved having the Broadcom NIC teaming software break an entire network stack, requiring opening a ticket with Microsoft Networking support, whose tier one support helped break my server worse.  I ended up doing a repair install of Server 2008R2 on a primary domain controller at 2AM in the morning for that one --boy am I glad that one is in my rear view mirror.  That and  as of Server 2012, I'd never deal with Broadcom's teaming software again when you can just use Microsoft's built-in teaming features.  As any Dell servers above entry level are customizable, we spec Intel NICs whenever we can for clients (at the place I'm at now) and only use Broadcom when we don't have a choice.

 

Realtek isn't great, mind you, but it has improved quite a bit from what it once was.  If they are supported by the Sophos UTM, I'd probably try using the above box; I can't see problems being likely at the home-user level.

I understand your pain and yes Intel NICs 100% for stuff like this as for broadcom, Sophos supports it as 2nd best but realtek is a no go even to this day Sophos advises to stay away from them.

Share this post


Link to post
Share on other sites
nrf

I understand your pain and yes Intel NICs 100% for stuff like this as for broadcom, Sophos supports it as 2nd best but realtek is a no go even to this day Sophos advises to stay away from them.

good to know. fortunately I had a pile of Intel NICs on hand when I started down the Sophos path....

Share this post


Link to post
Share on other sites
nrf

So in line with the above, what is the 'recommended' limit for cpu usage before one should investigate the option of a faster CPU? I am much happier with a CPU that averages 3% busy than one that averages 30% busy. Rule of thumb?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...