This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS bring internet speed to its knees.

Dell 610 with Soft release UTM.
IPS on or off - there are hardly any impact on the CPU or Memory.
IPS don't apply to anything but one work station.
Whenever applying IPS, all internet speed in my net drops down, no matter where.
1Gb internet line.

Testing Speed for the seeing the impact of intrusion prevention on Sophos UTM:

Workstation 1 with intrusion prevention off:
Download speed:780
Upload speed:900

Workstation 1 with intrusion prevention on:
Download speed:188
Upload speed:159

Workstation 2 with intrusion prevention off:
Download speed:509
Upload speed:433

Workstation 2 with intrusion prevention on:
Download speed:153
Upload speed:129

Workstation 3 with intrusion prevention off:
Download speed:392
Upload speed:439

Workstation 3 with intrusion prevention on:
Download speed:169
Upload speed:143

From these tests, you can see clearly the negative impact of the "Intrusion prevention" on the network speed.

Right now - IPS is OFF.

Any idea how to resolve this?

Thanks,
Goldy



This thread was automatically locked due to age.
Parents
  • Sorry, not the best news but buy an right sized SG system or abandon this feature.
    You can find a lot of threads here regarding IPS and the speed impact.

    Best regards 

    Alex 

    -

  • Hi Alex.

    Explain "buy an right sized SG system"

    For my opinion it should be enough:

    Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz

    32 DDR-3 RAM

    2 SSD 150 GB Raid 1


    Where is the bottle neck?

  • Generally, IPS bottlenecks are at the CPU.  I believe your CPU is also a discontinued Sandy Bridge processor.  The E-series Xeon were not all that great (only in their time), I run a couple of them myself for VMWare which doesn't even support them in my configuration anymore.

    There is a lot of work at the IPS level to the point it will choke out your UTM, unfortunately.  I'm sure there would be some room for improvement, but it's been an issue for a long time with UTM.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • The bottleneck is the per core cpu speed. The higher the better because IPS don’t benefits from more cores.
    Besides that the image for the hardware version is performance optimized for the SG hardware. I don’t have experience with Gbit WAN, but I think under SG3xx won’t give you such speed.

    Like I said look for similar threads.

    -

  • Hi Amodin and thanks.

    1. If the CPU was an issue, I would expect to see higher CPU usage.
    Am I right?
    (So far, this machine not even start sweating.)

    2. Can you explain why IPS effect all my LAN, even though it's not apply to my LAN?

     

    Thanks

     

    Goldy.

  • Hi Alexander.

    Pleas notice i'm not using an appliance.
    I'm using Soft UTM, which seats on a quit big Dell server.

    Thanks.

  • Hi Goldy - good to see you around again - Your Astaro useful shell commands from 2011 is still something I use every day!

    With 6 cores, the E5-2620 would be a reasonable processor for a group with six concurrent speed tests with Snort active.  Still, I think each individual would see the speeds you're seeing.  If this is your home unit, you might see if it's possible to replace the CPU with a much faster (4+GHz if possible) dual-core processor.  I don't think there's an Intel processor fast enough to deliver 1Gbps for a single tester.

    Have you tried an IPS Exception for the sites you trust and need faster downloads from?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi Goldy - good to see you around again - Your Astaro useful shell commands from 2011 is still something I use every day!

    With 6 cores, the E5-2620 would be a reasonable processor for a group with six concurrent speed tests with Snort active.  Still, I think each individual would see the speeds you're seeing.  If this is your home unit, you might see if it's possible to replace the CPU with a much faster (4+GHz if possible) dual-core processor.  I don't think there's an Intel processor fast enough to deliver 1Gbps for a single tester.

    Have you tried an IPS Exception for the sites you trust and need faster downloads from?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data