This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Will the XG firewall use Snort 3.0? Currently snort is only single threaded and version 2.9.9.0

I currently have the latest release of UTM 9.5. Looking through the logs I see the UTM is using Snort version 2.9.9.0 GRE (Build 56).

I would like to know if version 3.0 will be implemented at all, even on the UTM, because I currently have only a dual core AMD CPU and would gladly upgrade to a quad core if the intrusion detection system was multi threaded.

And also does anyone know how the XG or UTM assign cores? Does it keep one core free for the intrusion detection system and use the remaining core(s) for everything else? Knowing this will help me determine any future upgrade path i.e. a CPU with faster single threaded performance vs. faster mutithreaded performance.

This thread was automatically locked due to age.

0 rfcat_vk over 7 years ago

Hi,

in both UTM and XG you can control the number of snort threads running up to and including the maximum number of cores. By default in the XG a snort thread is created for each core. I can't remember the if the UTM is the same, I suspect so.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 shred over 7 years ago

If your goal is to have maximum bandwidth/throughput on a single connection, you’ll get better performance with a CPU that has higher single core performance. While Sophos does run multiple instances of Snort on each CPU core, this is so it can run dedicated instances of Snort on each connection (i.e. better multi-connection performance). It looks like Snort 3.0 is still in the alpha stage so I’d imagine it’s going to be a while before we see a stable release.
Cancel
Vote Up 0 Vote Down

Cancel