Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 2 subscribers
  • Views 44946 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Much slower IPS performance in 9.1x

BarryG
Hi,

I just up2date'd from 9.006 to 9.105, and I'm seeing much lower throughput.

PreviouslyI was getting 65mbps from LAN->DMZ, and was easily able to max out my FiOS Internet connection (25mbps down).

Those tests were on 7.509, but I was still easily maxing out my 25mbps connection on 9.0x.

However, after the up2date to 9.105, I am now only getting 16mbps. 'top' and 'htop' show a snort thread using 97% of the CPU.

The CPU is an Atom n270 (single core + HT). 
RAM is 2GB; 


This thread was automatically locked due to age.
  • 0
    I'm not really into this, but it shouldn't really differ how many users you have. With a Celeron probably your CPU is the limiting factor that cannot handle multiple instances very well and probably is faster with only 1 instance.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to ManuelKarl
    What about a reboot? Have i always type in the shell-command for ips-sub or is this still active?
  • 0
    Hi, 

    You don't need to reboot.

    Normally, with the default setting of '0', one instance will run per CPU Core or Thread.

    If you don't have enough RAM, this can be problematic (500-800GB used per instance).

    With 8GB RAM, you probably don't need to worry about it.

    Barry
Unfiltered HTML