This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro upgrade - slow network performance

Hi guys,

Last friday we proceeded to upgrade our ASG320 from v7 to v8.

Does anyone have experienced slow performance since the upgrade ?
The firmware version is 8.102, I´m waiting 6 pm to upgrade the next version until 8.300.

Thanks...

This thread was automatically locked due to age.

0 William Warren over 13 years ago in reply to samuel.lao85

This is my asg320 hardware specifications....

I deactivated IPS service and guess what...responses were 1ms.

Please, do not tell me that my hardware specifications are not sufficient to support all services

100 users for a 320 on v8 is quite a bit. You did not mention ips when i asked what features you were using..[:)]

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel
0 samuel.lao85 over 13 years ago

On the LOCAL NETWORKS tab for IPS I have:
- DMZ Network (which is created by default with 1 interface configuration in Astaro)
- Guess Network (It has Internet, and also is created by 1 interface config in Astaro)
- Nat interfaces (for mail server, web server, etc ).
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 13 years ago

Here's the weekly CPU graph for my customer with 85 employees and 111 active IPs running Web Proxy (AD-SSO & some Transparent) and Intrusion Prevention. This is a 220, not a 320, but is V7.511.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 13 years ago in reply to samuel.lao85

On the LOCAL NETWORKS tab for IPS I have:
- DMZ Network (which is created by default with 1 interface configuration in Astaro)
- Guess Network (It has Internet, and also is created by 1 interface config in Astaro)
- Nat interfaces (for mail server, web server, etc ).

with ips off what is your cpu usage now?

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 13 years ago in reply to samuel.lao85

On the LOCAL NETWORKS tab for IPS I have:
- DMZ Network (which is created by default with 1 interface configuration in Astaro)
- Guess Network (It has Internet, and also is created by 1 interface config in Astaro)
- Nat interfaces (for mail server, web server, etc ).

Your NAT'd interfaces shouldn't be in the IPS 'Local Networks'. Those servers should already be covered by including the DMZ.

I assume Guess should read Guest.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 William Warren over 13 years ago

yeah the natted inclusions mean you are scanning the same traffic twice..take them out and re-enable ips.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel
0 samuel.lao85 over 13 years ago

Sorry, it is guest network.

When I disable IPS, CPU performance decrease to 7, 10, 15 %. It increase at the moment I proceed enabling IPS....
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 13 years ago

One other thing that you should look at with IPS is proper tuning. On the Advanced Tab, have you added your internal server to the applicable boxes? Also, on the Attack Patterns Tab, have you disabled (unchecked) rule sets for services/software that don't exist in your environment?

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 13 years ago

Yup. I've made that mistake! As Barry says, stop scanning the NATted interfaces. As it is, you are lucky that you had a 320 - that's the only reason that you didn't cause a complete lock-up!

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 bvj over 13 years ago in reply to William Warren
That should be fine depending on your environment. Full stats on your astaro and environment please.

Is there a report I should run to get the full stats, or should I provide a general description of the environment?

BTW, this is new behavior without any manual changes in configuration. The coincidental uptick in snort reporting gave me the idea of checking performance with IPS disabled. With IPS off, performance is great. With it back on, poor performance and stateful connection loss.

Also, is the follow pattern of snort initialization summary normal? I made no changes to artaro at any point during (or recently prior) to the time reference in this log summary:
2012:02:15-01:00:28 artemis snort[26789]: Snort initialization completed successfully (pid=26789)
2012:02:15-01:15:37 artemis snort[28327]: Snort initialization completed successfully (pid=28327)
2012:02:15-01:16:39 artemis snort[28428]: Snort initialization completed successfully (pid=28428)
2012:02:15-01:18:38 artemis snort[28555]: Snort initialization completed successfully (pid=28555)
2012:02:15-01:22:37 artemis snort[28779]: Snort initialization completed successfully (pid=28779)
Cancel
Vote Up 0 Vote Down

Cancel