Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: sonic1812 on March 03, 2026, 01:04:36 PM

Title: ISP bandwidth is cut in 1/3 due to Suricata Intrusion detection IPS Mode
Post by: sonic1812 on March 03, 2026, 01:04:36 PM
I have an opnsense running the following:
Board N100
Ram 32 GB
SSD:528
Version   25.7.11_2   
Architecture   amd64

With IPS mode OFF on suricata, I get 1300 mbps on speedtest
With IPS mode ON, I get ~500 mbps on speedtest.
I have all the hardware filtering settings on Interface turn OFF. See attached.

How can I get my provisioned bandwidth of 1300 mbps with IPS Mode ON?

Title: Re: ISP bandwidth is cut in 1/3 due to Suricata Intrusion detection IPS Mode
Post by: meyergru on March 03, 2026, 01:14:39 PM
IPS mode is a lot more taxing than just routing and firewalling. And RSS mode is not applicable, because IPS is inherently single threaded, see the note here: https://docs.opnsense.org/troubleshooting/performance.html

The hardware settings will do next to nothing, if they work at all. Some seem to work first, with some subtle problems coming up later.

So, essentially, the answer is: Use a CPU with more single-thread punch.
Text only | Text with Images