Upload through inline IPS increases inspection load

fazalunus · ‎07-31-2012

The IPS-4240-K9 [IPS Version 7.0(4) E4] is deployed in inline mode before the ASA and perimeter router .The design is LAN->IPS->ASA->Internet Router.The problem is that when i am uploading on the internet the IPS inspection load increased to 100% and the devices beyond the IPS become non-responsive(ping drops from ASA and router).Surprisingly the ping response on IPS does not break,when I put the IPS in never inspect mode (by pass on) the problem does not happen.Hence its confirm that the issue is with the IPS and its inspection load due to upload.

Please guide on how to resolve it . thanks

sawgupta · ‎07-31-2012

Is there a particular signature that is firing a lot ?

How much is the traffic lod that is being pumped into IPS ?

Any specific reason for not upgrading to 7.0.8 release ?

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta

fazalunus · ‎07-31-2012

Hi Sawan,

No there is no particular signature firing a lot..normal signatures which do fire in normal operation..

By traffic load u mean the size of file being uploaded ,even if we upload a file between 20-40 MB the ping drops on the devices beyond IPS starts and continues until the file is uploaded..once the file is uploaded completely which in the case of 20-40 MB is in within seconds the situation returns to normal...

We will upgrade soon ...but is there any bug in this release related to this problem ??

Thanks for the reply ..

Rgds

Unus

fazalunus · ‎08-02-2012

Hi Sawan,

Waiting for your reply...