Hi All.
I am running a software UTM (9.304-9) on VMware for a K-12 school district. It is running on a fairly robust piece of hardware and usually runs at about 25-38% CPU utilization during the day. We just rolled out over 150 ipads to 9th grade and now we are hitting 75-80% (!). When I checked, SNORT is maxing out two of my four virtual CPUs. If I switch off IPS, it drops back down to about 32%, but I would rather not turn it off.
I am guessing all that new traffic to apple is the bulk of it. I want to try to exclude any traffic to/from apple from IPS scanning (we trust apple).
I made a definition for the entire apple class A network and popped that into the IPS exclusion - is it as simple as that? I put it in with our internal network as "from", apple's network as "to" and services "all". That didn't seem to make a dent in the CPU utilization though, so i don't think I have it quite correct. Any ideas / help?
Thanks in advance
This thread was automatically locked due to age.
