(English and preferred German :))
Hello all,
i encountered an error a few times right now.
When IPS is enabled (or even if its not) and you have multiple cores added via the admin console (cli), than after a while the complete routing will fail. It is not possible to send traffic betweens zones, LANS or to the internet.
Replicable? Yes, kinda.
My Virtual machine got 8 CPUS (i read somewhere it only supports 6, is it correct?) and maybe thats the fault, that ips will use 2 cpu's which are not supported. I cannot replicate it for a specific timing, it comes and goes after a few minutes or sometimes days. Workaround: Disable IPS in services tab of the xg.
Version: SFVH (SFOS 18.0.1 MR-1.HF050520.2)
IPS Settings:
console> show ips-settings
-------------IPS Settings-------------
stream on
lowmem off
maxsesbytes 0
maxpkts 80
enable_appsignatures on
http_response_scan_limit 65535
search_method ac-bnfa
sip_preproc enabled
sip_ignore_call_channel enabled
inspect untrusted-content
-------------IPS Instances------------
IPS CPU
1 0
2 1
3 2
4 3
5 4
6 5
7 6
8 7
Why did i increase the IPS-Instances? I only get about 40Mbyte/s when copying files through network zones on Gig-Link speed. Sadly it's not better after the change, i guess because it won't "share" those instances. My CPU is doing nothing with 20% load. Disabling IPS for the Rule helps (but i want to have ips enabled ;)). Tweaked around some IPS-Settings though, for example disable Windows IPS Signatures when im connecting to Linux Machines.
I hope someone can relate :)
This thread was automatically locked due to age.
