Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 3 subscribers
  • Views 15027 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC site-to-site perfomance spoiled by IPS (UDP Flood), exception not working

Reintke

Hi folks!

We have a site-to-site VPN via IPSec between an SG210 (600/40MBit) and an SG105 (70/25MBit) (both 9.705-3).

If I enable IPS UDP Flood Protection (SMB-)traffic through the tunnel drops to about 270 kB/s, if disable it's about good 3,5 / 2 MB/s, depending on direction.
I created an exception for the local networks and services IPSec, but that does not change anything.

The log does not show anything about UDP flood events. Any idea how to keep performance while having enabled the UDP flood protection?



This thread was automatically locked due to age.

Top Replies

  • in reply to Reintke +2 verified

    Hallo Frank,

    "Limited" logging doesn't prevent logging issues, it just limits the number of times the issue is logged.  If you're seeing Anti UDP Flooding lines, show us several of them.

    If you see nothing related in the IPS log, then we would have to guess which IPS Exception might help.  Best guess would be a 'UDP Flood Protection' Exception for traffic "Coming from" the public IPs of the two UTMs and "Going to" those two IPs.  I've not seen a UDP flooding issue like this where the endpoints of the VPN are the UTMs - only ones where one of the VPN endpoints was behind a UTM.

    Cheers - Bob

    Jump to answer
Parents Reply Children