Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 4379 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.4 - With IPS turned on gets only 1/2 of Total Internet Bandwidth ???

DavidBowman

Sophos UTM 9.4 - With IPS turned on gets only 1/2 of Total Internet Bandwidth ???

I have installed Sophos UTM 9.4 on the latest APU2C4 with 1Ghz Quad Cores with 4Gig DDR 3 Ram

When I turn on IPS, I get only Half the total internet bandwidth which is exactly 50Mbps 

When I turn off IPS, I get the Full 100Mbps total internet bandwidth

May I please kindly ask if there is anything I can do to be able to Turn On the IPS and still get Full Internet bandwidth at 100Mbps ?

And it seems like its a software issue and not a hard ware issue ... 

The reason being ... if I turn on IPS but "Un-Check" all the IPS Rules, I still get half the full internet bandwidth ???

Why is this so ?

I mean IPS is on but there is not even 1 IPS rule to process and I get half the internet bandwidth 

Secondly ... why is it a round figure ???  from 100 mbps to a 50 mbps ??? which is exactly half ???

If it is a hardware issue ... and meaning that I do not have a fast enough CPU ... it should not be 1/2 the bandwidth ... 

It would be a figure like 60 or 70 or 80mbps ... how come it is a straight 50 mbps ... or "EXACTLY HALF" ???

I have read on the internet of folks who have core i3 and i5 and with 8 gig ram ... and these folks too get exactly half their total internet bandwidth ... again a round figure ->>> "Exactly Half"

Now this is very odd ... it should not be this case ... 

something is wrong with the IPS module ...



This thread was automatically locked due to age.
Parents
  • 0

    Hello DavidBowman,

    From my own work on developing my own UTM, I would assume that the reason you are getting lower bandwidth is that the fact that you are using 1Ghz cores in your UTM and Snort, which is the engine behind the Sophos UTM is single threaded, meaning at most, only 1 Ghz is being using to process your network traffic, unless AMD added something similar to Intel's Turbo Boost, which I am unaware of.

    Also, I am unable to tell what kind of Nics the board is using. Intel nics reduce overhead, if it is using other nics, ie., Realtek, it would increase the processing power needed, although one of your other 4 cores would likely handle that issue.

    I am at a loss why your bandwidth has been cut in 1/2, very strange.  But the usual bottleneck with IPS is the process.

    In an effort to troubleshoot, I would play with the number of IPS patterns and see if that has an effect. If the bottleneck is indeed the processor, that should help to narrow the issue. If adding a substantial number of patterns does not affect the bandwidth, I would guess that your issue is not related to the normal cpu processing bottleneck and would likely be a different issue.

    Not a solution, but it is the first place I would start looking in an effort to troubleshoot.

Reply
  • 0

    Hello DavidBowman,

    From my own work on developing my own UTM, I would assume that the reason you are getting lower bandwidth is that the fact that you are using 1Ghz cores in your UTM and Snort, which is the engine behind the Sophos UTM is single threaded, meaning at most, only 1 Ghz is being using to process your network traffic, unless AMD added something similar to Intel's Turbo Boost, which I am unaware of.

    Also, I am unable to tell what kind of Nics the board is using. Intel nics reduce overhead, if it is using other nics, ie., Realtek, it would increase the processing power needed, although one of your other 4 cores would likely handle that issue.

    I am at a loss why your bandwidth has been cut in 1/2, very strange.  But the usual bottleneck with IPS is the process.

    In an effort to troubleshoot, I would play with the number of IPS patterns and see if that has an effect. If the bottleneck is indeed the processor, that should help to narrow the issue. If adding a substantial number of patterns does not affect the bandwidth, I would guess that your issue is not related to the normal cpu processing bottleneck and would likely be a different issue.

    Not a solution, but it is the first place I would start looking in an effort to troubleshoot.

Children
No Data