Hi together,
I'm experiencing a strange issue since the upgrade from SFOS 16.05.3 MR3 to SFOS 16.05.4 MR4:
I've created several specific IPS policies to optimize the performance for each FW rule. E.g. I'm using a LAN-to-WAN policy with ~1400 patterns for my non-Windows clients.
The performance with MR3 was great and I could easily reach 100mbit/s download speeds while snort used up to 70% of a single core cpu. (XG was much faster than UTM 9 on the same hardware at this time!)
However after the upgrade to MR4 the performance dropped to 60mbit/s download while the snort process goes up to 100% cpu core utilization.
I started to experiment with my IPS policies and found out that the count of patterns within a policy doesn't seem to affect this behaviour at all.
It doesn't matter if the policy has a total of 3 patterns or over 8000 when selecting everything. The poor performance is present with the first pattern.
The only way to get back the full speed is to choose no IPS policy for this firewall rule.
It would be great if someone could help me with this issue. :-)
Thanks and best regards
DomNik
This thread was automatically locked due to age.
