Sophos UTM is getting a new version and guess what? No more 50 IP Limit.

[Drashna Jaelre 157]

So in line with the above, what is the 'recommended' limit for cpu usage before one should investigate the option of a faster CPU? I am much happier with a CPU that averages 3% busy than one that averages 30% busy. Rule of thumb?

I'd guess that power consumption would play a factor in that decision.

Personally, I'd recommend something like the Celeron J1900 (it's a quad core celeron, that clocks in at a TDP of 10W), otherwise, the Core i3 4130T is a nice, lower powered CPU (dual core with hyperthreading). 

 

Or you can go overboard. It really depends on your needs. 

But if you're doing a lot of downloading, especially of scan-able files, then a better CPU makes sense. Otherwise, a lower powered one should work fantastically and not cost you an arm and a leg on your power bill.

[nrf 134]

Cool. Based on the download delays I am seeing, it seems like after scanning the download it then makes you re-download from the site, otherwise I would expect an extremely fast local download. Can anyone confirm?

[Poppapete 104]

I think it makes a big difference to CPU usage depending on your web filtering. Decrypt and scan is very secure and scans all traffic which must be CPU intensive. URL filtering just checks the connection address against your category list which is not so CPU intensive. It obviously helps to reduce this cpu load by letting devices (xbox, TV, Phones) bypass the decryp and scan.

 

I have a Xeon E3-1230V3 3.3Ghz and as soon as I tick decrypt and scan the browsing slows noticeably and cpu usage climbs.

[itGeeks 186]

Cool. Based on the download delays I am seeing, it seems like after scanning the download it then makes you re-download from the site, otherwise I would expect an extremely fast local download. Can anyone confirm?

In there new version still in beta you now have the option of download 1st scan 2nd or scan first download 2nd, This is very nice to have these options now.

[itGeeks 186]

I think it makes a big difference to CPU usage depending on your web filtering. Decrypt and scan is very secure and scans all traffic which must be CPU intensive. URL filtering just checks the connection address against your category list which is not so CPU intensive. It obviously helps to reduce this cpu load by letting devices (xbox, TV, Phones) bypass the decryp and scan.

 

I have a Xeon E3-1230V3 3.3Ghz and as soon as I tick decrypt and scan the browsing slows noticeably and cpu usage climbs.

From what I understand "Snort" is the problem with all of this because it does not make use of multiple cores so a fast dual core i3 is better then a slower quad-core at least that's the advice if you have a small user base because you simply wont have enough users to ramp up all those extra cores from idle so throughput would be worse. From what I here there is development going on now with "Snort" for multi-core support but know one knows when its going to be released. As for bypassing devices like TV's, Phones, Ect. I agree 100% I make groups for all my devices so I can easy add to my rules where needed, The Groups that I created are as follows-

 

Computers & Laptops

Gaming Consoles

IP Cameras

Phones & Tablets

Picture Frames

Printers

Servers

Switches & Access Points

TV & DVD & Blu-Ray Players 

[itGeeks 186]

Sorry I wanted to edit my post abouve to add this but could not.

I am currently running Sophos on a Atom D525 with 4GB of memory and overall I am happy with the performance but the one thing I can say is when I enable IPS my internet speed drops allot but the end user does not notice it. I am now in the process of setting up a new Supermicro Server with an Intel Xeon E3-1231V3 Haswell 3.4 GHz 8MB L3 Cache  I am going to try my shot with my first ever VM and see how Sophos runs on it.

 

This is also a pretty good read for anyone interested-

Installing Sophos UTM Home, Virtualized or Bare Metal https://www.astaro.org/gateway-products/hardware-installation-up2date-licensing/55462-installing-sophos-utm-home-virtualized-bare-metal.html

Edited September 29, 2015 by itGeeks

[nrf 134]

The Groups that I created are as follows-

 

Computers & Laptops

Gaming Consoles

IP Cameras

Phones & Tablets

Picture Frames

Printers

Servers

Switches & Access Points

TV & DVD & Blu-Ray Players 

another member of the 'too many gadgets' squad!

Edited September 29, 2015 by nrf

[itGeeks 186]

another member of the 'too many gadgets' squad!

Its beats playing pool

[itGeeks 186]

I'd guess that power consumption would play a factor in that decision.

Personally, I'd recommend something like the Celeron J1900 (it's a quad core celeron, that clocks in at a TDP of 10W), otherwise, the Core i3 4130T is a nice, lower powered CPU (dual core with hyperthreading). 

 

Or you can go overboard. It really depends on your needs. 

But if you're doing a lot of downloading, especially of scan-able files, then a better CPU makes sense. Otherwise, a lower powered one should work fantastically and not cost you an arm and a leg on your power bill.

I would be really interested in how Sophos would run on a Celeron J1900, My gut tells me it probably would run well based on how it ran on my Atom D525 but I don't use Decrypt and Scan at this time but I do use IPS.

Edited September 29, 2015 by itGeeks

[Taffeys 22]

From what I understand "Snort" is the problem with all of this because it does not make use of multiple cores so a fast dual core i3 is better then a slower quad-core at least that's the advice if you have a small user base because you simply wont have enough users to ramp up all those extra cores from idle so throughput would be worse.

Exactly why I chose to run an i3-4170 in my box.