Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 62 replies
  • Answers 2 answers
  • Subscribers 50 subscribers
  • Views 192555 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFOS 16.01.0 known IPS issue - Work arounds?

Darrian Churchill

Hey all,

Anyone have any other work around for the known IPS issue (NC-8238   [IPS] IPS Service drops legitimate traffic in very high load average conditions)? The IPS service seems to constantly fail to start and causes this issue from what I can see (CPU usage and memory usage spike all over the place). As my work around, I set the IPS service to Stop, performance and traffic return to normal. Obviously this isn't a great solution... Anyone have anything better? 

I'd like to know when this will be resolved too, seems to me to be a rather big problem. I may actually just roll back to 15 if this is going to be a thing for a while.

Thanks !!



This thread was automatically locked due to age.
Parents
  • 0

    We have similar problem - with IPS service turned ON and even if its not configured on any of firewalls rules its constantly eating 1 cpu core (on XG115) and causing latency spikes with real-time traffic degradation (VOIP)

    Already opened a case about this issue, waiting for an answer.

    p.s. is it really a "known" issue? Where I can find it?

  • 0 in reply to AleksandrIvanov

    Same issue with VOIP/SIP/RTP traffic drop outs on a XG-105 (Possibly, on two of them)

    Absolutely fine in v15. Then we got call quality degredation and drop outs of about 1-2 seconds.

    We had to do a packet trace either side of the Firewall - and we could see that the Sophos was "holding on" to a bunch of packets for around 5 seconds before passing them on to the network - presumably due to the "IPS" function.

    Note: Service was turned ON, but not configured on any rules, just like Aleksandr.

     

    We stopped the IPS service and the problems have gone away.

    The XG105 is still reporting a load average of 1.13, 1.19, 1.21 which could be considered 'high', but it's much better than it was.

     

    One big question: Is there a way that we can make sure the IPS service stays stopped? Sophos support - is there something we can do in the advanced shell to disable it for now until this is fixed?

     

  • 0 in reply to DaveHamer

    The real issue is being able to disable the various IPS rules for each firewall rule, rather than all or nothing.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data
Unfiltered HTML