OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: dreamerman on January 01, 2019, 12:25:27 am

Title: Disable all hardware offloading - VLAN Hardware Filtering
Post by: dreamerman on January 01, 2019, 12:25:27 am

Hi, I am following the awesome post by elektroinside on setting up IDS/IPS. In regards to hardware offloading, I am not sure which option I should select for VLAN Hardware Filtering- enable/disable/leave default.
Not sure if my understanding is correct -  enable means the NIC is doing the work and disable means the software is doing the work (ie higher CPU overheads).
Please help?

Title: Re: Disable all hardware offloading - VLAN Hardware Filtering
Post by: bartjsmit on January 01, 2019, 09:32:36 am

Hardware filtering or any other type of offload lets the CPU do less work when enabled by performing operations in dedicated silicon (usually an ASIC).

Bart...

Title: Re: Disable all hardware offloading - VLAN Hardware Filtering
Post by: dreamerman on January 01, 2019, 12:32:18 pm

Quote from: bartjsmit on January 01, 2019, 09:32:36 am

Hardware filtering or any other type of offload lets the CPU do less work when enabled by performing operations in dedicated silicon (usually an ASIC).

Thanks Bart but I am still not sure if I should disable VLAN Hardware Filtering to setup IDS/IPS. I think this is enabled by default.

Title: Re: Disable all hardware offloading - VLAN Hardware Filtering
Post by: bartjsmit on January 01, 2019, 12:34:42 pm

I would leave it enabled - IDS/IPS and VPN are workloads that are most capable of limiting the throughput of the firewall. The more streamlined, the better.

Bart...

Title: Re: Disable all hardware offloading - VLAN Hardware Filtering
Post by: dreamerman on January 01, 2019, 01:20:31 pm

Thanks Bart!