This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Which IPS features cause performance loss?

I noticed it in my own network, and have confirmed in the forums that IPS causes some major performance loss. Curious - is it the overall feature being turned on, or particular pieces? Anyone done some testing with this? Example - Can leave anti-portscan and DoS protection on, but turn off all attack patterns?

It just bugs the hell out of me knowing the units I just purchased kill my bandwidth using one of the primary features drawing me to Sophos UTMs.

A number of my sites still run on 1-2 T1s and can't afford to take any hits to their bandwidth.

Thanks!
-Jim

This thread was automatically locked due to age.

Parents

0 William Warren over 11 years ago

I noticed it in my own network, and have confirmed in the forums that IPS causes some major performance loss.  Curious - is it the overall feature being turned on, or particular pieces?  Anyone done some testing with this?  Example - Can leave anti-portscan and DoS protection on, but turn off all attack patterns?

It just bugs the hell out of me knowing the units I just purchased kill my bandwidth using one of the primary features drawing me to Sophos UTMs.

A number of my sites still run on 1-2 T1s and can't afford to take any hits to their bandwidth.

Thanks!
-Jim

which units did you purchase.  Unless you grossly misconfigured them you won't have any issues stuffing t-1's.  There's no one feature of IPS that takes a bandwidth crunch..it's the design of the IPS system coupled with modern cpu architectural design.  I have a client with a 110 w/basicguard and she can still easily stuff her 20 meg pipe with IPS enabled.  It's a matter of hardware and UTM software configuration.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 William Warren over 11 years ago

I noticed it in my own network, and have confirmed in the forums that IPS causes some major performance loss.  Curious - is it the overall feature being turned on, or particular pieces?  Anyone done some testing with this?  Example - Can leave anti-portscan and DoS protection on, but turn off all attack patterns?

It just bugs the hell out of me knowing the units I just purchased kill my bandwidth using one of the primary features drawing me to Sophos UTMs.

A number of my sites still run on 1-2 T1s and can't afford to take any hits to their bandwidth.

Thanks!
-Jim

which units did you purchase.  Unless you grossly misconfigured them you won't have any issues stuffing t-1's.  There's no one feature of IPS that takes a bandwidth crunch..it's the design of the IPS system coupled with modern cpu architectural design.  I have a client with a 110 w/basicguard and she can still easily stuff her 20 meg pipe with IPS enabled.  It's a matter of hardware and UTM software configuration.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Jimstigator over 11 years ago in reply to William Warren

The reduction in speed has been reported at all sites where a UTM was installed.

Sites:
3-6 users, UTM 110
3-6 users, UTM 110
50+ users, UTM 320

My configurations are pretty basic. Turned on IPS, enabled relevant features throughout, nothing wild.

Don't these thread somewhat confirm performance loss using IPS?

https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/41385

https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/41255

-Jim
Cancel
Vote Up 0 Vote Down

Cancel