Disable all hardware offloading - VLAN Hardware Filtering

Started by dreamerman, January 01, 2019, 12:25:27 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 01, 2019, 12:25:27 AM
Hi, I am following the awesome post by elektroinside on setting up IDS/IPS. In regards to hardware offloading, I am not sure which option I should select for VLAN Hardware Filtering- enable/disable/leave default.
Not sure if my understanding is correct -  enable means the NIC is doing the work and disable means the software is doing the work (ie higher CPU overheads).
Please help?
NEXCOM DNA120 aka Sophos SG115 | Intel Atom E3827 Bay Trail Dual Core 1.7GHz | 4GB DDR3 | 64GB SSD
January 01, 2019, 09:32:36 AM #1
Hardware filtering or any other type of offload lets the CPU do less work when enabled by performing operations in dedicated silicon (usually an ASIC).

Bart...
January 01, 2019, 12:32:18 PM #2
Quote from: bartjsmit on January 01, 2019, 09:32:36 AM
Hardware filtering or any other type of offload lets the CPU do less work when enabled by performing operations in dedicated silicon (usually an ASIC).
Thanks Bart but I am still not sure if I should disable VLAN Hardware Filtering to setup IDS/IPS. I think this is enabled by default.
NEXCOM DNA120 aka Sophos SG115 | Intel Atom E3827 Bay Trail Dual Core 1.7GHz | 4GB DDR3 | 64GB SSD
January 01, 2019, 12:34:42 PM #3
I would leave it enabled - IDS/IPS and VPN are workloads that are most capable of limiting the throughput of the firewall. The more streamlined, the better.

Bart...
January 01, 2019, 01:20:31 PM #4
Thanks Bart!
NEXCOM DNA120 aka Sophos SG115 | Intel Atom E3827 Bay Trail Dual Core 1.7GHz | 4GB DDR3 | 64GB SSD
Print
Go Up Pages1
User actions