Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 2011 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bandwidth hit from IPS

NewImage
Hi
I have a UTM 220 running 9.108-23 and just got a 100Mb line for internet access and noticed I was only getting about 40% of the bandwidth through it. I then discovered turning off the IPS gave me back the missing bandwidth.

I tried turning off all but a few rules ( Operating system specific attacks (451 attacks, 2169 warnings) and got about 60% of my bandwidth.

Is there any way to improve bandwidth performance with the IPS on? Mem usage looks like around 50% and CPU is at 5% or less. Or is this normal with the 220


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to BarryG
    Thansk BarryG, know if there was any truth to that rumor about an improved snort in 9.2?
  • 0 in reply to NewImage
    Suricata (a more advanced SNORT-like IPS) is present in the new release, but it is not active -- I expect over time it will eventually be enabled in a future release as the new IPS engine as the bugs and tuning get worked out.  For now, 9.2xx will be running SNORT just like previous versions, but with better-tuned settings (they have made some improvements to the tuning parameters in 9.2).