Sophos xg home build9/25/2023 ![]() ![]() I'll admit the idea of just splitting the bandwidth in half is borne out of laziness and not wanting to set up all the per-service QoS rules. ![]() W/re: 2) I'll have to keep that in mind and look into it further. I can always try to get better processors than what's in it if they don't quite do the job. With the network reconfigurations I may break that back out and see if it'll do a better job virtualized on that. I have an old Dell R210 II that I threw VMware on and had started building a Sophos VM on a long time ago but wanted something less noisy after testing, hence going with the thin client. I will have to compare CPU performance with what I have lying around, may have to rebuild the appliance to push better throughput. I've seen CPU usage get pretty high on the unit under heavy packet load so I'm probably approaching the limit. W/re: 1) Yeah, I had a feeling that might be the case. ![]() Someone else might have better and more accurate input here. Traffic shaping I have very little experience with though - my go-to logic is to give clients as much throughput as possible to get them off the high network use as soon as possible and only traffic shape essential services as guarantees. In regards to 2) - You might be able to achieve this by using traffic shaping per FW rules and using shared limits for all FW rules out of a specific subnet. It did about 7-8Gb/s on just FW with no protection. Personally I use a virtual Sophos FW appliance right now running on a Ryzen 3100 and it achieves 1Gb/s in some tests I ran, though my uplink is not that high so I only have limited experience and my tests were not exhaustive. The 4 core/6gb RAM limitations apply as per the home licensing.Īs a point of comparison you could look up the exact CPUs the XG Firewall (not XGS due to added NPUs) appliances use and see the throughputs they can achieve as per the datasheet, the knowledge will be limited to older gen CPUs, v18 firmware and from what I remember public datasheet don't expose the lower "real life" throughputs. Also, generally the better cores you can throw at it, the better the throughput. Just FW with no protection should be very easy to reach. Though it really depends on the feature set you have enabled protection wise. From experience it struggled to reach 250Mbps throughput with IPS enabled. In regards to 1) - I used to run Sophos Firewall on a similar grade of CPU in an old Cyberoam appliance. r/talesfromtechsupport - Support stories from the trenches r/sysadmin - General Sysadmin topics and rants r/aww - For your support-related relief needs Sophos XG - Official How-to videos for the XGĭavid Okeyode - XG/UTM Cloud How-to videos Naked Security - Award-winning computer security news Posts from your own blog are welcome, as long as disclosure is made, they are relevant to the sub, and follow Reddit rules regarding self-promotion Posts should be related to Sophos as a company or its productsģ. Members are expected to follow the basic rules of ReddiquetteĢ. Community members shall conduct themselves with professionalism ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |