01-06-2016 08:39 AM - edited 03-12-2019 12:07 AM
Using a 5516-x and we noticed a high performance penalty with SMB transfers and when we enable Intrusion policy.
For example:
Not trusting smb, 30kbytes/sec transfer
trusting smb , 100kbytes/sec.(max)
For internet frafic with IDS
Intrusion enabled: 120Mbps
Intrusion disabled: 300Mbps (Max)
In expert mode, i see one snort process at 100% all the time when things are not trusted.
Now, i know, a 5516-x is not a high end device, but is there something to do? Any advice?
Do i need other rules/policy?
Thanks!
01-06-2016 04:53 PM
Hi,
When we say high cpu due to snort is mainly because of the traffic on the module. I do understand that ASA 5516 is high end but we would need to do a rule profiling to find out what rule can be causing this ? What is the intrusion policy that you are using , do you have custom rules in intrusion policy.
Regards,
Aastha Bhardwaj
Rate if that helps!!!
01-06-2016 11:02 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide