How to optimize Home Software UTM 9

I also have gig.  When I first got it I was only able to get around 230Mbps with IPS enabled.  I had to make a choice, either disable IPS altogether or create some exceptions.  I ended up making an exception for any traffic that had source of my internal network.  I believe IPS is mostly single-threaded, someone correct me if I am wrong.  So I think the clock speed of a single core plays a big part.  It may also be related to instruction sets available on the CPU you have as well, your CPU doesn't have AES-NI which may or may not be involved with IPS, but that is just an example.

As for tweaking/tuning.  I would turn off attack patterns for things you aren't running in your network.  Mail servers, FTP, IIS, etc..  That might help cut down on CPU cycles.

My proc is i5-2400S CPU @ 2.50GHz (4 core, boost to 3.3GHz), 4GB ram.

*** I edited my posts to make the thread easier to follow ***

I tested three different boxes.

1. Core 2 Duo @3.0 GHz with 8GB RAM
2. i5-2400 CPU @3.10 GHz with 16GB RAM
3. i7-3770 CPU @3.40 GHz with 8GB RAM

The CPU never goes above 40% with the Core 2 Duo but of course the CPU spikes on the other two faster CPU’s are much smaller.

Of course the results are skewed because of testing over the Internet and dealing with different levels of congestion at any given second so I just don't see much difference between them when looking at the results with IPS enabled and testing with a server outside of Verizon. I thought I'd see a bigger difference when comparing the Core 2 Duo to the i7 and the i7 specs are: i7-3770 CPU @3.40 GHz.

There is more dependence from the clock speed of the cpu, so it would be interesting what was the clock speed of the i5? About 3.2 GHz I guess.

Best regards

Alex

i5-2400 CPU @3.10 GHz with 16GB RAM

I'm just a home user. Is there a reasonably priced CPU that can do substantially better than the i7 I already tried? I'd like to get up to 100-150Mbps on non-Verizon speed tests. If there is no budget-hardware solution, then can someone help me with what IPS exceptions I can safely add to increase throughput?

Maybe you get something out of this thread

Unfortunately here in Germany I don’t have such bandwidth available for an affordable price. So I don’t have these kind of problems ;-)

Best regards

Alex

Thanks for posting. I did read that thread earlier but after re-reading it, I'm now thinking IPS exceptions may be the only realistic solution.

The only reason I currently have gig bandwidth is because of a promo deal. I'm dropping back to 75 or 150 Mbps once the promo expires or canceling in a couple of days IF they don't honor the pricing that was quoted to me. My first bill is not what I was quoted and when I made an inquiry, I was given incorrect info from a person that seemed to not care if I cancelled or not. I'm not at all impressed with Verizon at this point.

Thought I'd make one final post in this thread.

I ended up canceling the Verizon service, altogether. I got nothing but a runaround from them. My first bill was NOT what they promised and I got contradictory information each time I called. I currently have a Comcast Business connection rated at 75/15 Mbps but it never drops below 90/17 Mbps (w/o IPS). I upgraded the CPU in my trusty, old Optiplex XE ($10) so it's now a little faster @ 3.33GHz.

I now get...

... so now I'm satisfied with the hardware performance since I'm getting all of the bandwidth that I'm paying for with IPS enabled.

Yeah, so according to clockspeed is king solution you could implement / use a Intel Core i9-9900 by default or OC round about 6Ghz. ;)

Nope, but I think your Core2Duo would slow down much other parts and features. I think a little bit newer CPU would be the better choice....even so watching for a higher clock speed. more than 4 cores would not give you the ultimate joker and boost, but I would look for a i5 or i7 >3Ghz and a generation of i5/i7-3000 or -4000....it will also depend on the money you willing be spend to...

The first box I used for a couple of years had a newer i5 CPU. I acquired two Optiplex XE boxes at no cost and decided to try them. I saw no difference in performance (other than bench-marking) so I  repurposed the i5 box.

The difference between the Core2Duo and the i7-3770 that I tested was also not noticeable with my usage. I'll stick with the old Optiplex XE boxes until they go kaput. They are built like tanks.

optiplex or hp elitedesk - they would survive a nuclear war.

but why do so much people criticise the old utm120 boxes that they aren´t able to handle newer utm software versions especially in handling ips, av proxy, webprotection, etc?

the sg115 for example has an atom e3827 with 1,74ghz - the old utm120 an atom n270 (?) with 1,6ghz...yes, the e3827 has two physical cores and the n270 only one with HT - but I think especially VPN and de-&encryption your better choice would be a newer cpu...clock speed has a big impact also for the performance overall.

also it would depend if you have many clients behind your firewall...for home usage maybe a dual core would be enough. :) how many clients and traffic are behind yours?