SG 105 only 90 Mbit with IPS active.

Hi Henrik,

I may be able to help here as we've just gone through this ourselves. Without IPS we were pulling a solid 500mbps (on a 1gbps connection so we're still not where we need to be, but not relevant for this). With IPS we had an amazing 60mbps down!

After speaking with our partner rep it does kind of make sense that since IPS is inspecting all traffic you will see what they say is a 50% drop in throughput. Still didn't make sense, since I should have been getting 250mbps in that case right?

At the same time we've been battling with clients running speedtest.net here in Florida and hitting a 'cap' at 5mbps. Come to find out the default server it chooses is completely broken and they still haven't removed it... choose a different server and you get a better result - just something to keep in mind while testing.

So with all this going on we were pretty sure it was Sophos and IPS giving us the problem. We were half correct. With IPS enabled, the speed test website results will always be skewed because of the latency it introduces. It's NOT a true reflection of what you're getting. Here's a test you can run on the Firewall itself if you SSH in:

First SSH to Firewall. Login as loginuser then su to root.

1 - Turn OFF IPS
2 - Enter the following wget raw.github.com/.../speedtest_cli.py --no-check-certificate
3 - After the download has finished run this command: python speedtest_cli.py
4 - Check the results

Now turn IPS ON and start from #2 (you have to re-download the file) and check the results.

For us, we went from 500 with IPS off to JUST over 400mbps with it ON when doing the speed test from the appliance.

Another thing to do is tune the IPS. Make sure you enter your internal HTTP, DNS, SQL servers etc. into the IPS Advanced tab. Then, head over to the Attack Patterns tab and uncheck any items that don't apply to you. If you don't have Exchange servers there is no sense in scanning for exchange server attacks etc. Then lastly they advised testing by changing the Rule Age (on that same tab) to 6 months instead of 12.

Long reply I know but hopefully that will help! I spent hours trying to get our speeds up and the whole time we actually were pretty close to what we were getting with IPS off.

Excellent, Wayne - thanks!  This just went into my personal "Command Line Tricks" file that's up whenever I'm participating here or working for a client.

Cheers - Bob

PS Here's the block of commands I'll be using (I'm guessing that the pauses are long enough for the configuration changes to complete):

cd /home
wget https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest_cli.py --no-check-certificate
cc set ips status 0
sleep 30s
python speedtest_cli.py
cc set ips status 1
sleep 60s
python speedtest_cli.py

Excellent, Wayne - thanks!  This just went into my personal "Command Line Tricks" file that's up whenever I'm participating here or working for a client.

Cheers - Bob

PS Here's the block of commands I'll be using (I'm guessing that the pauses are long enough for the configuration changes to complete):

cd /home
wget https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest_cli.py --no-check-certificate
cc set ips status 0
sleep 30s
python speedtest_cli.py
cc set ips status 1
sleep 60s
python speedtest_cli.py