Network performance issue with IPS

Started by decalpha, July 12, 2022, 03:36:58 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 12, 2022, 03:36:58 PM
CPU: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz (2 cores, 4 threads)
Networking: Intel Gigabit LAN

Memory: 8GB
Versions: OPNsense 22.1.10-amd64
Intrusion Detection:   Enabled
   Promiscuous mode: Not Selected
   Detect Profile:         High

I am using iperf for network performance measurement, and iperf3 on the OPNsense host  shows <300 Mbits/sec. Strange thing is that after a restart it's around 950 Mbits/sec, before dropping back to 250-300 range. To rule out network issue I tried iperf3 across multiple other systems and it's in around 950 Mbits/sec.

Is this expected with this hardware setup?
July 12, 2022, 03:44:50 PM #1
IDS needs a lot of performance, IPS even more so.

However, my 5250u can push a gigabit with IDS enabled. So you may need to tune your rules (less, and moving IP Blocklists to the firewall alias+rules) and configuration.
July 12, 2022, 03:51:50 PM #2 Last Edit: July 12, 2022, 03:57:18 PM by decalpha
Would you be able to direct me to correct resource(s)?
July 12, 2022, 05:22:53 PM #3
I5 8000U should handle 1000 also in IPS mode. Which rules do you use? Hyperscan active?
July 13, 2022, 01:39:08 PM #4 Last Edit: July 15, 2022, 03:06:51 PM by decalpha
Quote from: mimugmail on July 12, 2022, 05:22:53 PM
I5 8000U should handle 1000 also in IPS mode. Which rules do you use? Hyperscan active?

Pattern matcher: is indeed set to Hyperscan.
How do I get the list/count of rules from command line?

Regarding I5 8000U, afraid I have to upgrade the whole system (using Qotom mini pc).
Would N6005 be any better?
Print
Go Up Pages1
User actions