IPS throughput again

Hello,

Yet another IPS question, like many others in the past. I have searched the old threads in the forum related to IPS, but could not find an answer to my question (maybe i missed something).

I am running Sophos UTM 9.705-3 virtualized on ESXi. It has 4 GB RAM and 4 cores assigned (the CPU barely goes over 2% usage).

My internet subscription is 500Mbps. 

The question here is regarding the IPS performance. When i keep the IPS disabled, a speed test shows about 440Mbps, which is fine.

When i enable the IPS (local networks->only one host) even with NO ATTACK PATTERN ticked, the speed test does not go over 320 Mbps. So i loose 100Mbps only by activating this feature; if i start to tick few attack patterns like malware and windows (time 6 months) the speed drops to 290 Mbps and of course, if i tick more and more patterns, the speed drops accordingly.

I have played with the recommendations here https://support.sophos.com/support/s/article/KB-000034986?language=en_US&c__displayLanguage=en_US   , but the result is the same.

Am i doing something wrong, or this is a normal behavior of the IPS engine (eating a lot of bandwidth even in idle times) ?

Thanks