Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 4 subscribers
  • Views 1304 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS bring internet speed to its knees.

Goldy_01

Dell 610 with Soft release UTM.
IPS on or off - there are hardly any impact on the CPU or Memory.
IPS don't apply to anything but one work station.
Whenever applying IPS, all internet speed in my net drops down, no matter where.
1Gb internet line.

Testing Speed for the seeing the impact of intrusion prevention on Sophos UTM:

Workstation 1 with intrusion prevention off:
Download speed:780
Upload speed:900

Workstation 1 with intrusion prevention on:
Download speed:188
Upload speed:159

Workstation 2 with intrusion prevention off:
Download speed:509
Upload speed:433

Workstation 2 with intrusion prevention on:
Download speed:153
Upload speed:129

Workstation 3 with intrusion prevention off:
Download speed:392
Upload speed:439

Workstation 3 with intrusion prevention on:
Download speed:169
Upload speed:143

From these tests, you can see clearly the negative impact of the "Intrusion prevention" on the network speed.

Right now - IPS is OFF.

Any idea how to resolve this?

Thanks,
Goldy



This thread was automatically locked due to age.
Parents
  • 0

    Sorry, not the best news but buy an right sized SG system or abandon this feature.
    You can find a lot of threads here regarding IPS and the speed impact.

    Best regards 

    Alex 

    -

  • 0 in reply to Alexander Busch

    Hi Alex.

    Explain "buy an right sized SG system"

    For my opinion it should be enough:

    Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz

    32 DDR-3 RAM

    2 SSD 150 GB Raid 1


    Where is the bottle neck?

  • 0 in reply to Goldy_01

    Generally, IPS bottlenecks are at the CPU.  I believe your CPU is also a discontinued Sandy Bridge processor.  The E-series Xeon were not all that great (only in their time), I run a couple of them myself for VMWare which doesn't even support them in my configuration anymore.

    There is a lot of work at the IPS level to the point it will choke out your UTM, unfortunately.  I'm sure there would be some room for improvement, but it's been an issue for a long time with UTM.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Reply
  • 0 in reply to Goldy_01

    Generally, IPS bottlenecks are at the CPU.  I believe your CPU is also a discontinued Sandy Bridge processor.  The E-series Xeon were not all that great (only in their time), I run a couple of them myself for VMWare which doesn't even support them in my configuration anymore.

    There is a lot of work at the IPS level to the point it will choke out your UTM, unfortunately.  I'm sure there would be some room for improvement, but it's been an issue for a long time with UTM.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Children
  • 0 in reply to Amodin

    Hi Amodin and thanks.

    1. If the CPU was an issue, I would expect to see higher CPU usage.
    Am I right?
    (So far, this machine not even start sweating.)

    2. Can you explain why IPS effect all my LAN, even though it's not apply to my LAN?

     

    Thanks

     

    Goldy.

Unfiltered HTML