SFOS 16.01.0 known IPS issue - Work arounds?

We have similar problem - with IPS service turned ON and even if its not configured on any of firewalls rules its constantly eating 1 cpu core (on XG115) and causing latency spikes with real-time traffic degradation (VOIP)

Already opened a case about this issue, waiting for an answer.

p.s. is it really a "known" issue? Where I can find it?

Hi, It is a known issue - release notes: https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-16-01-1-released

"NC-8238   [IPS]              IPS Service drops legitimate traffic in very high load average conditions"

To me its pretty awful that its taken so long to get a fix out. I had to disable the IPS service on one installation. It seems fin on my Cyberoam Cr300 ing XP though, which is production so I am happy its not causing issues there.

I'm interested to hear the answer you are given :)

Our situation is nowhere near "in very high load average conditions" ))

We have XG115 and 2-5mbit of traffic with no spikes (+1-2 SSL VPN clients)

Im sorry to say that but im starting to understand why palo-alto cost x5-10 times more (because they have separate management and traffic boards in one box + FPGA, and of course better quality control)

Hi AleksandrIvanov, 

The Issue on this BUG is resolved with V16.01.1 , check if the issue persist

I think you are mistaken, as the issue is definately not resolved on 16.01.1 for me. I still have to disable IPS, or it drops all packets. 

It's still listed under "Known Issues" here: 

https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-16-01-1-released

Known Issues

NC-6315 [Clientless Access(HTTP/HTTPS)] Script based web forms of Web Server is not accessible with Clientless VPN

NC-12079 [Galileo Heartbeat] No heartbeat status displayed on control center with MAC End point

NC-13480 [Galileo Heartbeat] Heartbeat service taking High CPU due to same multiple UUID of End Point

NC-8238 [IPS] IPS Service drops legitimate traffic in very high load average conditions

NC-13538 [UI] Control center page is not properly displayed with IE 11

NC-13282 [Wireless] AP Deployment over IPsec VPN is not working

I think you are mistaken, as the issue is definately not resolved on 16.01.1 for me. I still have to disable IPS, or it drops all packets. 

It's still listed under "Known Issues" here: 

https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-16-01-1-released

Known Issues

NC-6315 [Clientless Access(HTTP/HTTPS)] Script based web forms of Web Server is not accessible with Clientless VPN

NC-12079 [Galileo Heartbeat] No heartbeat status displayed on control center with MAC End point

NC-13480 [Galileo Heartbeat] Heartbeat service taking High CPU due to same multiple UUID of End Point

NC-8238 [IPS] IPS Service drops legitimate traffic in very high load average conditions

NC-13538 [UI] Control center page is not properly displayed with IE 11

NC-13282 [Wireless] AP Deployment over IPsec VPN is not working