Jump to content
RESET Forums (homeservershow.com)

Sophos UTM is getting a new version and guess what? No more 50 IP Limit.

itGeeks

By itGeeks,
in Networking

 Share

Recommended Posts

Drashna Jaelre HSS Legend

Drashna Jaelre

Posted
Posted

So in line with the above, what is the 'recommended' limit for cpu usage before one should investigate the option of a faster CPU? I am much happier with a CPU that averages 3% busy than one that averages 30% busy. Rule of thumb?

I'd guess that power consumption would play a factor in that decision.

Personally, I'd recommend something like the Celeron J1900 (it's a quad core celeron, that clocks in at a TDP of 10W), otherwise, the Core i3 4130T is a nice, lower powered CPU (dual core with hyperthreading). 

 

Or you can go overboard. It really depends on your needs. 

But if you're doing a lot of downloading, especially of scan-able files, then a better CPU makes sense. Otherwise, a lower powered one should work fantastically and not cost you an arm and a leg on your power bill.

Link to comment
Share on other sites
  • Replies 144
  • Created
  • Last Reply

Top Posters In This Topic

  • pcdoc

    15

  • itGeeks

    40

  • Jason

    24

  • nrf

    16

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

itGeeks
itGeeks

That's right, its great news for those of us that have lots of devices on our network.   https://www.astaro.org/beta-versions/project-copernicus-public-beta/58630-answered-question-about-home-licenc

nrf
nrf

another member of the 'too many gadgets' squad!

azcoyote
azcoyote

It is installed in an Antec ISK110 which appears to work great.   I am using Sophos UTM 9.3  My RAM won't be upgraded at this point since 4 GB seems sufficient. My network should come in well under

nrf HSS Elite

nrf

Posted
Posted

Cool. Based on the download delays I am seeing, it seems like after scanning the download it then makes you re-download from the site, otherwise I would expect an extremely fast local download. Can anyone confirm?

Link to comment
Share on other sites
Poppapete HSS Advanced

Poppapete

Posted
Posted

I think it makes a big difference to CPU usage depending on your web filtering. Decrypt and scan is very secure and scans all traffic which must be CPU intensive. URL filtering just checks the connection address against your category list which is not so CPU intensive. It obviously helps to reduce this cpu load by letting devices (xbox, TV, Phones) bypass the decryp and scan.

 

I have a Xeon E3-1230V3 3.3Ghz and as soon as I tick decrypt and scan the browsing slows noticeably and cpu usage climbs.

Link to comment
Share on other sites
itGeeks HSS Master

itGeeks

Posted
  • Author
Posted

Cool. Based on the download delays I am seeing, it seems like after scanning the download it then makes you re-download from the site, otherwise I would expect an extremely fast local download. Can anyone confirm?

In there new version still in beta you now have the option of download 1st scan 2nd or scan first download 2nd, This is very nice to have these options now.

Link to comment
Share on other sites
itGeeks HSS Master

itGeeks

Posted
  • Author
Posted

I think it makes a big difference to CPU usage depending on your web filtering. Decrypt and scan is very secure and scans all traffic which must be CPU intensive. URL filtering just checks the connection address against your category list which is not so CPU intensive. It obviously helps to reduce this cpu load by letting devices (xbox, TV, Phones) bypass the decryp and scan.

 

I have a Xeon E3-1230V3 3.3Ghz and as soon as I tick decrypt and scan the browsing slows noticeably and cpu usage climbs.

From what I understand "Snort" is the problem with all of this because it does not make use of multiple cores so a fast dual core i3 is better then a slower quad-core at least that's the advice if you have a small user base because you simply wont have enough users to ramp up all those extra cores from idle so throughput would be worse. From what I here there is development going on now with "Snort" for multi-core support but know one knows when its going to be released. As for bypassing devices like TV's, Phones, Ect. I agree 100% I make groups for all my devices so I can easy add to my rules where needed, The Groups that I created are as follows-

 

Computers & Laptops

Gaming Consoles

IP Cameras

Phones & Tablets

Picture Frames

Printers

Servers

Switches & Access Points

TV & DVD & Blu-Ray Players 

Link to comment
Share on other sites
itGeeks HSS Master

itGeeks

Posted
  • Author
Posted (edited)

Sorry I wanted to edit my post abouve to add this but could not.

I am currently running Sophos on a Atom D525 with 4GB of memory and overall I am happy with the performance but the one thing I can say is when I enable IPS my internet speed drops allot but the end user does not notice it. I am now in the process of setting up a new Supermicro Server with an Intel Xeon E3-1231V3 Haswell 3.4 GHz 8MB L3 Cache  I am going to try my shot with my first ever VM and see how Sophos runs on it.

 

This is also a pretty good read for anyone interested-

Installing Sophos UTM Home, Virtualized or Bare Metal https://www.astaro.org/gateway-products/hardware-installation-up2date-licensing/55462-installing-sophos-utm-home-virtualized-bare-metal.html

Edited by itGeeks
Link to comment
Share on other sites
nrf HSS Elite

nrf

Posted
Posted (edited)

The Groups that I created are as follows-

 

Computers & Laptops

Gaming Consoles

IP Cameras

Phones & Tablets

Picture Frames

Printers

Servers

Switches & Access Points

TV & DVD & Blu-Ray Players 

another member of the 'too many gadgets' squad! :)

Edited by nrf
  • Like 1
Link to comment
Share on other sites
itGeeks HSS Master

itGeeks

Posted
  • Author
Posted (edited)

I'd guess that power consumption would play a factor in that decision.

Personally, I'd recommend something like the Celeron J1900 (it's a quad core celeron, that clocks in at a TDP of 10W), otherwise, the Core i3 4130T is a nice, lower powered CPU (dual core with hyperthreading). 

 

Or you can go overboard. It really depends on your needs. 

But if you're doing a lot of downloading, especially of scan-able files, then a better CPU makes sense. Otherwise, a lower powered one should work fantastically and not cost you an arm and a leg on your power bill.

I would be really interested in how Sophos would run on a Celeron J1900, My gut tells me it probably would run well based on how it ran on my Atom D525 but I don't use Decrypt and Scan at this time but I do use IPS.

Edited by itGeeks
Link to comment
Share on other sites
Taffeys HSS Pro

Taffeys

Posted
Posted

From what I understand "Snort" is the problem with all of this because it does not make use of multiple cores so a fast dual core i3 is better then a slower quad-core at least that's the advice if you have a small user base because you simply wont have enough users to ramp up all those extra cores from idle so throughput would be worse.

Exactly why I chose to run an i3-4170 in my box.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...