 MSN
join:2004-05-15
Osgoode, ON | reply to TROLL131313
Re: [Config] 871 & 12.4(15)T3 DebugsON ? Coincidentally, I'm testing my new 871 with 12.4(15)T3 and with IPS turned on both outbound and inbound and I'm seeing absolutely no performance difference with IPS on vs. off.
Speedtest.net and speakeasy.net/speedtest both give me approximately 4200 kbps down and 600 kbps up on my ADSL connection regardless of whether IPS is scanning the packets or not. I'm seeing all kinds of detailed IPS messages in my syslog as it's doing its thing too, so I know its working.
I'm also using ZBF (Zone-Based firewall). I'm impressed and a bit surprised.
/Eric |
|
| If you show cpu history, you will see how hard your router is working  |
|
| reply to MSN
said by MSN:I'm also using ZBF (Zone-Based firewall). I'm impressed and a bit surprised. So, what are you impressed and surprised at? Performance?
Are you running the complete sig list? |
|
MSN
join:2004-05-15
Osgoode, ON | I'm running the complete "basic" list per the SDM's recommendations. Since the 871 only has 128 MB RAM, the advanced list will cause memory faults when traffic is high.
That said, I've only disabled two signatures. Cisco recently announced a TTL vulnerability in their IOS and two of the signatures matched against this type of DoS attack. I was getting too many false positives (mainly from UPnP and dynamic routing protocol...basically IP multicast) so I turned 'em off.
As I said in my 1st post, what impresses me most is that througput doesn't seem to be affected in the least with the IPS engines (13 of them) all turned on.
/Eric |
|
| Thanks for the details. |
|
|
|
MSN
join:2004-05-15
Osgoode, ON | You're welcome.
Also, I'm running 384 signatures.
/Eric |
|
