Hello,
I was wondering if anyone knows if there is a throughput limitation from WAN to LAN in place with QOS off and IPS enabled, with appropriate rule sets for a Windows installation, in the most current version of the Beta?
My current cable connection is capable of 180 Mb/sec down and 30 Mb/sec up. I have throughput from WAN to LAN of 180 Mb/sec (wire speed) with IPS off. I am attempting to realize single stream WAN to single client LAN throughput as close as possible to wire speed.
With IPS enabled, throughput falls to the 90 Mb/sec range with a test system comprised of an Asus P8Z77-V Deluxe motherboard with i7 (Ivy Bridge 3770K), 32 GB 1600 MHz RAM, 7200 rpm HD, and an Intel dual NIC GbE on PCIe. I have tried changing the number of IPS instances running, increasing all cores from on demand to performance mode (1.6 GHz to 3.5 GHz), and have not been able to improve performance. I previously tried a Core2Duo at 1.8 GHz with still lower throughput.
This has been discussed in general, outside the question of the Beta version, in the following thread: https://community.sophos.com/products/unified-threat-management/astaroorg/f/52/t/28805. Page 8 of the thread specifically discusses concerns regarding IDS, IPS, and Snort: https://community.sophos.com/products/unified-threat-management/astaroorg/f/52/t/28805.
I thought this might be more of an issue in the Beta setting, given the QOS that has been added, and the fact that cable and fiber speeds to average home and business users are rapidly increasing at previous price points.
Thank you.
Guest User!
You are not Sophos Staff.
