Supermicro E100-9APP as a silent firewall

DaddyGrant

Active Member
Jul 14, 2016
165
48
28
40
Hey Guys,

Right now I'm living in a coop so I don't have the space for dedicated equipment. I just upgraded my FIOS to gigabit-ish speeds and I'm looking to replace my Meraki MX65 with something capable. Temporarily, I'm running Sophos XG as a VM on a SM Xeon-D and it can max out my connection without a fuss. But I also use the host for labs and my woman needs youtube available ALWAYS. I noticed Supermico has some new fanless products that might fit the bill.

Has anyone have any experience with the CPU that comes with this "IOT" server in a PFSense or Sophos build?

Supermicro | IoT | E100-9APP
 

mikesm

New Member
Mar 3, 2013
22
1
3
Do you have IPS turned on with Sophos XG on your setup and still can run at max speed?

Not sure that SM CPU is powerful enough if you turn on all the XG features.

thx
Mike
 

DaddyGrant

Active Member
Jul 14, 2016
165
48
28
40
Do you have IPS turned on with Sophos XG on your setup and still can run at max speed?
@mikesm No. The sophos has two built in IPS profiles. General and Strict. The sophos VM has 2 vCPUs and 6GB of memory.
The host is a SYS-5028D-TN4T - 8 CPUs x Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz

IPS OFF



IPS General


IPS Strict



Here is the CPU for the 3 speed tests. You'll see the bumps on the end.

I should really change it to 4 vCPUs (Max for free license) and see what I get.
 

Evan

Well-Known Member
Jan 6, 2016
3,310
575
113
With a speed test the traffic mix if not anything like normal traffic so that's hard to tell, most firewall will route anything through fast even with IPS fast if the traffic is simple. Not that in doubt it should do those results the Xeon-D cores should be up to the task.
(An example of the physical firewall I was looking to get Fortinet FG-61E, does IPS with straight HTTP @ 1300Mbps and exterprise mix is only 350Mbps)
How often do you really use 1G as a single user ?? Downloading patch updates each month maybe or backups if you do to cloud maybe ?)

Back on topic those little fabless machines look great and power consumption minimal... but they miss IPMI (remote management) which I think is sort of important in any firewall device.