UTM: Sophos and Supermicro

[jonobk]

Build’s Name: Portico
Operating System/ Storage Platform: Sophos UTM 9
CPU: Atom C2558
Motherboard: Supermicro A1SRM-2558F
Chassis: SuperChassis 512L-200B
Drives: TBD
RAM: 2 x (Kingston KVR16E11S8/4G 4GB DDR3 1600MHz ECC CL11 DIMM Sr X8 W/TS Memory)
Add-in Cards: N/A
Power Supply: 200watt supermicro
Other Bits: N/A

Usage Profile: UTM for home network with 6-8 devices, and VPN for 2-4 devices.

Other information…

Current:

Planning this build to provide malware scanning, web filtering, and routing services to approximately six to eight devices on our local home network. As well, to provide VPN for cell phones, and laptops when away from the home.

Storage is on FreeNAS server with six WD Red drives in ZFS Z2. WAN goes to a DSL 50Mbps/5Mbps service, LAN goes to Netgear GS724T 24 port switch.

Future:

Will add app server on another piece of hardware to run mail server, and Owncloud. UTM will provide filtering and scanning for the mail server, and Owncloud server.

Suggestions?

Will this hardware be robust enough to handle four VPN connections, while providing filtering for both the VPN and local traffic?

Will this hardware work for the next six years?

 

[Patrick]

This is very similar to what I use. I have a A1SAi-2550F (C2550 based) running pfsense with a similar speed cable connection. The one difference is that I am using Hyper-V Server 2012 R2. Absolutely no issues in terms of network performance.

I also run a Ubuntu MAAS server off of the same C2550 so there is plenty of power. Gaming, no way. But decent in terms of performance.

You may also want to see if there is a C2558 version in the event you can ever can use QuickAssist

 

[jonobk]

@Patrick

Thank you for the feedback. I had originally decided against the C2558 as I didn't want to loose the extra 200MHz that the Turbo Boost would have provided. However, with the Sophos UTM potentially using Snort with QuickAssist API's enabled, it looks like I may be better off with the c2558 as you suggested.

I'll likely end-up using the Supermicro A1SRM-2558F board in the same Supermicro CSE-512L-200B case that the pre-built Supermicro 5018A-MLTN4 1U comes in.

Some changes on the SSD front as well. Initial testing will be with an older Crucial m4 SSD. If performance appears to be affected by this I will consider changing to an Intel s3500

 

[Patrick]

@jonobk great points. The other side is that the extra MHz are an easy way to improve performance while the communications chipset may require work (unsure with the current Sophos though).

One thing I will tell you is that you will likely want the PCIe x8 riser and a set of 40mm fans + fan holders with that case. I think the pre-built one has them but they are important to keep things cool.

 

[spyrule]

Did you buy the UTM, or is there a cheaper home license version?

 

[jonobk]

@spyrule Sophos offers a free version for home users, which comes with a three year license.

Did you buy the UTM, or is there a cheaper home license version?

 

[spyrule]

Odd, I cannot seem to find it...

 

[spyrule]

nvm, found it:
Free Firewall for Home Users | UTM Firewall Home Edition | Sophos

 

[CreoleLakerFan]

So how is the build going? I have UTM project in the works myself, just not nearly as powerful as the one you are rolling.

 

[jonobk]

@CreoleLakerFan

Sorry for the late reply. I just recently ordered the parts, which should arrive this week. I will update this post during the build phase, and provide some feedback on how the system is working.

In the end I ordered the following:
Build’s Name: Portico
Operating System/ Storage Platform: Sophos UTM 9
CPU: Atom C2550
Motherboard: Super A1SAM-2550F
Chassis: SuperChassis 512L-200B
Drives: Intel 730 (240GiB)
RAM: 2 x (Kingston KVR16E11S8/4G 4GB DDR3 1600MHz ECC CL11 DIMM Sr X8 W/TS Memory)
Add-in Cards: N/A
Power Supply: 200watt supermicro
Other Bits: N/A

The Intel 730 is a bit of overkill, but the price was reasonable at the time, and I'm trying to shoot for reliability on this build.

The board and case are part of the pre-built Superserver 5018A-MLTN4 offering.

I decided against the 2558 chip, as I wasn't convinced that the 'magic' Intel had thrown into it would be used to effect any real world performance improvements on my chosen software. Furthermore, if this machine is ever re-purposed as a file server, the CIFS performance would be negatively effected by the slower single thread performance of the 2558 over the 2550.

 

[jonobk]

Good news: The parts for this build arrived this week.

Bad news: Unfortunately, the power supply that came with the SuperMicro case was DOA.

 

[TangoWhiskey9]

Did you buy the case and the mobo separately? I'd buy the combo if you can. You'll want the fan partition.

And yea....... 240GB Intel 730 is overkill!

 

[jonobk]

Did you buy the case and the mobo separately? I'd buy the combo if you can. You'll want the fan partition.

And yea....... 240GB Intel 730 is overkill!

I bought the case, power supply, and motherboard together, which also came with a blower fan, and fan partition. However, it did not come with a drive mounting bracket.

 

[spyrule]

Do any of you have a good source for compatible Memory with the A1SAi-2550F motherboard in Canada? (sodimm with ecc).

I've placed two seperate orders now, and both times they indicated with ECC, when in fact the item received didn't have ECC. This lack of non-ecc memory support is really irksome.

 

[Entz]

I use the Kingston KVR16LSE11/8 (x2) in mine (2758 version) .

Where I got it from (exact product link) but OOS right now: Kingston 8GB 1600MHz DDR3L ECC CL11 SODIMM 1.35V
Another link : Kingston 8GB 204-Pin DDR3 SO-DIMM ECC Unbuffered DDR3 1600 (PC3 12800) Server Memory Model KVR16LSE11/8 - Newegg.ca

 

[spyrule]

Awesome, I literally have the second link in my cart on neweggs website right now. At least I know it will work, which is 1/2 the battle it seems.

 

[CreoleLakerFan]

I have my two 2758 SM boards populated with KVR13E9K2/8. Sorry can't provide a Canada link, I ordered mine from Amazon (US).

 

[spyrule]

Thx guys, ordered a single stick for now, will do a second in a few moths

 

[spyrule]

So I finally got my ram, and its booting up, but it seems when I attempt to boot ESX 5.5 installer, I lose my keyboard once I get to the initial install screen. Is there a specific BIOS setting I need to retain my USB keyboard?

Here's my current USB settings:

Enabled:
USB Legacy Support
USB3.0 Support
XHCI Hand-Off
USB Mass Storage Driver Support

Disabled:
EHCI Hand-Off
Port 60/64 Emulation

I'm currently booting my installation from a USB key on the internal USB 3 header, and my keyboard is plugged into one of the onboard external USB ports on the back of the motherboard.

Any suggestions?

 

[Entz]

make sure that the keyboard is plugged into the USB 2.0 ports (may be a 3.0 driver issue). I did my install over IPMI and that worked fine. Might be worth a try.