Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 6662 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS slows down internet connection (Fiber Gigabit)

Cyber Army

IPS has been slowing down my internet connection. I have a 1gbps fiber connection, and when i perform a speedtest with ips disabled i get the accurate speed of 985mbps, but when it back again the speedtest shows 240mbps.

I have been searching on this forum, and a few posts by Sachin mentioned about tweaking the ips using this manual... 

https://community.sophos.com/kb/en-us/120329

however I could not find anything relating to tweaking the IPS for internet speeds.

Please guide.



This thread was automatically locked due to age.
  • 0

    There are quite a few threads about this.  The measurement you're seeing is about the best one can get when working through Snort as it is single-threaded.  If you have a quad-core CPU, you will be able to fill a gigabit pipe with four simultaneous tests from four different devices.  If you identify specific sites that you can trust, you can make an IPS Exception for them.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thank you so much for your replies. I would hate to create rules for individual sites, that would be like a never-ending process.

    So if i understand this correctly, in order for me to use IPS feature in UTM, i might need to upgrade my CPU to Quad Core, until then i should keep it disabled?

    I will start hunting for a cheap quad core CPU, and motherboard. What is the ideal size of RAM you would recommend for this endeavor?

  • 0 in reply to BAlfson

    I am sorry, i totally forgot to post my current hardware specs.

    I am on a 8GB memory, with i3-2120 3.30Ghz CPU.

    I think its dual core, So now we are at the most important question. What would be an ideal CPU that can handle 1-2gbps internet bandwith? I do get a burst of 1.5 to 1.7gbps every once in a while.

  • 0 in reply to Cyber Army

    For IPS (snort) the clockspeed of the CPU is the most important; the higher the clockspeed, the higher the throughput. Like Balfson told before, snort only uses a single core for a single connection, so if you're doing a speedtest from one device, this device will only get 1 CPU core. However, the other cores are still available to other users/devices. 

    To get the best possible IPS speed using just 1 device, you have to use a clockspeed as high as you can find/afford. More cores will only help more simultaneous users and can be beneficial in a larger network.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Unfiltered HTML