Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 62 replies
  • Answers 2 answers
  • Subscribers 50 subscribers
  • Views 192538 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFOS 16.01.0 known IPS issue - Work arounds?

Darrian Churchill

Hey all,

Anyone have any other work around for the known IPS issue (NC-8238   [IPS] IPS Service drops legitimate traffic in very high load average conditions)? The IPS service seems to constantly fail to start and causes this issue from what I can see (CPU usage and memory usage spike all over the place). As my work around, I set the IPS service to Stop, performance and traffic return to normal. Obviously this isn't a great solution... Anyone have anything better? 

I'd like to know when this will be resolved too, seems to me to be a rather big problem. I may actually just roll back to 15 if this is going to be a thing for a while.

Thanks !!



This thread was automatically locked due to age.
Parents
  • 0

    Hi Darrian,

    To get a broader view on this, take SSH to XG and go to option 4. Device console and execute the command, show ips-settings. Post the output.

    Which XG hardware model do you use and what is the number of concurrent active connection on XG when this issue is live? If there are some legitimate traffic being dropped through IPS, check in the Log Viewer>IPS page and allow the signature in the IPS policy.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    console> show ips-settings
    -------------IPS Settings-------------
        stream on
        lowmem off
        maxsesbytes 0
        maxpkts 80
        mmap off
        enable_appsignatures on
        http_response_scan_limit  65535


    -------------IPS Instances------------
    IPS CPU
     1  0

     

    Hardware : XG115, number concurrent connections connections - 2000 (no peaks, stable)

    No traffic drop, just latency goes do 2000ms and that cause latency and VOIP calls degradation

    The funny part is that it happens even if IPS simply turned on as a service but not configured to work on any of firewall rules (i dont understand why its doing something when its not used on any firewall rule)

     

    Regards,

    Aleksandr

  • 0 in reply to AleksandrIvanov

    Hi Aleksadr,

    Did anyone specifically set the maxpkts value to 80. I suggest the value to be 8. Execute, set ips maxpkts 8.

    For VOIP call, configure a QoS that prioritizes the VOIP traffic for bandwidth allocation. Refer: community.sophos.com/.../123057

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply Children
Unfiltered HTML