High CPU usage at nightly Replication (snort & openvpn)

Question

Hello, 
 we are replicating our main Servers every night to our external Datacenter i noticed that for the time of the replication, the cpu of the UTM in the Datacenter went up to 100%. If i check the precesses with TOP I can see that mainly openvpn and snort are consuming the ressources. I created a exception under Intrusion Prevention -> Exception and excluded the effected Servers but nothing changed regarding snort. I ended up excluding the whole Network, but nothing happend. Only if i turn off Intrusion Prevention, Snort will disappear from Top regarding openvpn we have created a SSL Site-to-Site VPN with compression on at first place. I changed that to Compression off but nothing changed. Openvpn stays on 45% if Intrusion Preventuion is turned on and ~ 85 % if Intrusion Prevention is turned off. Is there a way to get the CPU down? Why is the Snort process consuming CPU after i created a exception? Our configuration is a active/passive cluster SG310 at the office and a ASG120 at the Datacenter. Both are Firmware 9.413-4 The Transferred Data at night is between 5 and 12 GB and take 1-3 hours 
 i would be glad if one could help 
 
 thx 
 Odi

BAlfson · Accepted Answer

The SSL VPN is not as efficient with TCP Protocol. If you must use the SSL VPN, change the Protocol to UDP. You are correct to leave compression off with an underpowered device like the 120. 
 Rather than the SSL VPN, I would use IPsec with the "AES-128 PFS" policy for the best throughput and security. Also, I would use X509 certs or RSA keys instead of a PSK. See How to create an X509 key based Site-to-Site VPN and/or How to Establish Site-to-Site VPN Connection using RSA Keys . 
 In any case, it sounds like your Exception for Snort in the 120 is not configured correctly. Please show a picture of the Edit. 
 Cheers - Bob