SFOS 16.01.0 known IPS issue - Work arounds?

Question

Hey all,

Anyone have any other work around for the known IPS issue (NC-8238 [IPS] IPS Service drops legitimate traffic in very high load average conditions)? The IPS service seems to constantly fail to start and causes this issue from what I can see (CPU usage and memory usage spike all over the place). As my work around, I set the IPS service to Stop, performance and traffic return to normal. Obviously this isn't a great solution... Anyone have anything better?

I'd like to know when this will be resolved too, seems to me to be a rather big problem. I may actually just roll back to 15 if this is going to be a thing for a while.

Thanks !!

This thread was automatically locked due to age.

Aditya Patel · Answer

HI All 
 I may have a Work aournd by changing the IPS settings , As this is a Workaround 
 Default IPS settings 
 stream on lowmem off maxsesbytes 0 maxpkts 100 enable_appsignatures on http_response_scan_limit 65535 
 Run Commands on Console 
 set ips maxsesbytes-settings update 8192 set ips maxpkts 8 
 IPS settings after changes 
 -------------IPS Settings------------- stream on lowmem off maxsesbytes 8192 maxpkts 8 enable_appsignatures on http_response_scan_limit 65535 
 This should help..

lferrara · Answer

Dave, 
 first download and apply the 16.05 gpg package and then move to MR1. You can download the gpg from community or from your Sophos Account.