Intrusion Prevention causing slow internet speeds

Since upgrading the firmware to the latest version 9.312-8 my internet performance has fallen massively. I have a Gbit connection to the internet and with Intrusion prevention turned on, I get anything from 10mbit to 100mbit depending on number of users. If IP is turned off my internet download speed jumps up to 650-800 Mbit/s.

Can anyone shed some light on what is wrong?


  • Hi, the host server is using Xeon E5-2430 CPUs

    snort is good for about 250-500 megabits max per core at about 3ghz depending on how many users you ahve ushing thngs.  Your 2.0ghz cpu's aren't going to be able to go much faster than 250 max depending on the amount of users AND ruleset tuning.  You need either more cores and lots more users or a much faster cpu(3.0ghz or faster) and probably more users still.  

    That type of cpu is used in the 5xx and higher sg series when there are more than 500 users.

  • I have the UTM 9 on own hardware with 8GB ram, SSD, Intel I3(ni-aes HW chip included) . I have 200 Mbit internet down and 20 up; the UTM only allows 20Mbit up and down.

    what I keep reading is that everywhere the upload is what its provided but the download is every time only 10% EXACT of what has been provided.

    when doing a big and fast download, the processor utilization does not get higher than 3% !!! and yes; indeed turning of IPS does the trick. but this is not because of processor limitation