cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
507
Views
0
Helpful
2
Replies

High performance penalty with SMB and IDS on 5516-x

osiega001
Level 1
Level 1

Using a 5516-x and we noticed a high performance penalty with SMB transfers and when we enable Intrusion policy.

For example:

Not trusting smb, 30kbytes/sec transfer

trusting smb , 100kbytes/sec.(max)

For internet frafic with IDS

Intrusion enabled: 120Mbps

Intrusion disabled: 300Mbps (Max)


In expert mode, i see one snort process at 100% all the time when things are not trusted.

Now, i know, a 5516-x is not a high end device, but is there something to do? Any advice?

Do i need other rules/policy?

Thanks!

2 Replies 2

Aastha Bhardwaj
Cisco Employee
Cisco Employee

Hi,

When we say high cpu due to snort is mainly because of the traffic on the module. I do understand that ASA 5516 is high end but we would need to do a rule profiling to find out what rule can be causing this ? What is the intrusion policy that you are using  , do you have custom rules in intrusion policy.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

Hi Aastha,


There is just one rule with intrusion detection, inside-outside zone,

Balanced security: see screenshot:

Review Cisco Networking for a $25 gift card