IDS enabled HighPing / Timeout

[msmarcapo]

Hey,
we are using OPNsense 22.7.10_2-amd64 on an AMD EPYC 7272 12-Core Processor (12 cores, 24 threads).
We enabled IDS with disabled Promiscuous Mode and Logging. As pattern matcher we setup hyperscan. Hardware offload is disabled.
IDS is restricted to the internet / uplink Interface and specific networks. The Speed is gigabit.
We've downloaded and enabled all rules.

We can reproduce that after enabling IDS and waiting for 5-15mins we got highpings and timeouts every few pings between hosts.
Its unusable for us at this state. This Hardware should be play with IDS easily we think?

How can we prevent this? What are we missing?

Thanks for Ideas!

[msmarcapo]

Solved the issue.
The DNS-Server in the Opnsense was wrong. So it cant resolve internal DNS-Records correctly.
After solved this IDS works fine without high CPU-Load or highpings.

[mschmidt]

We have the same problem on one of our installations.
can you specify what you did to your dns config?

[msmarcapo]

We have the same problem on one of our installations.
can you specify what you did to your dns config?

We installed the Server in an complete fresh environment which didnt contains an own DNS-Server at this moment. So we add an public dns server entry on the install dialoge.
We forgot to change that setting, so no internale name cant be resolved from opnsense.

[mschmidt]

thank you