Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 30 replies
  • Subscribers 2 subscribers
  • Views 61576 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS Performance Problem with 100Mbit Fiber

chumbri
Hi there,

We have an ASG220 with Firmware-Version: 9.105-9 and a very strange behavior with the IPS (4507 of 15947 patterns).
Last week we did a fiber upgrade from 30Mbit to 100Mbit.

With IPS enabled we only get around 50Mbit throughput. (Tested with speedtest.net, cifs sharing and iperf)
With IPS disabled we get around 95Mbit, which is good. (Tested with speedtest.net, cifs sharing and iperf)

It makes no difference if I remove the LAN from the Local networks option in the Global IPS Settings. The problem persists.
The only solution is to disable IPS globally with the On/Off Button, to get an acceptable throughput rate.

The snort process uses around 10-20% CPU. There are no special warnings or error messages in the IPS Log.

Does anybody have an idea or recommendation?


This thread was automatically locked due to age.
Parents
  • 0
    Hi, what I've seen myself is that indeed IPS needs A LOT of processor power to be able to get high-speed WAN connections.
    I had a Celeron D2500CC (2x 1,86 GHz) and a 150mbps internet line. This celeron was not able to reach 100 Mbit (even with IPS off and only webfiltering it only got to about 80mbps, with IPS on it's a lot less).

    Now I use a i5 4670 (quad-core 3,4 GHz) and that can use the full 150mbps with IPS and web filtering on.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0
    Hi, what I've seen myself is that indeed IPS needs A LOT of processor power to be able to get high-speed WAN connections.
    I had a Celeron D2500CC (2x 1,86 GHz) and a 150mbps internet line. This celeron was not able to reach 100 Mbit (even with IPS off and only webfiltering it only got to about 80mbps, with IPS on it's a lot less).

    Now I use a i5 4670 (quad-core 3,4 GHz) and that can use the full 150mbps with IPS and web filtering on.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Cookie Information Banner