Hello Jack,
In short, I have seen this around two dozen times in my 1.5+ years of service at the SBSC. For most the IPS has little or no effect. In fact, the only measure anyone has ever presented (to me) is showing speed results and not actual internet performance. The IPS is a large strain on the router as the in-line module inspects all traffic. Depending on the number of users connected also greatly affects the router's ability to perform with the IPS enabled. The IPS is very similar to virus definitions from any common end point virus protection. Unfortunately, such systems are imperfect in the sense there are false alarms. The IPS has the ability to reset TCP connections. Things like a speed test may be perceived as a Denial of Service attack as it is throttling the connection in an unnatural way and affixing random information in the attempt to make your connection work at its potential.
Please reference this;
https://support.speedtest.net/entries/20862782-how-does-the-test-itself-work-how-is-the-result-calculated
The thing is, when a TCP packet is dropped or discarded, it is retransmitted, which in turn can greatly slow down the internet connection. Eventually, the IPS will terminate a TCP connection that is perceived threatful.
I hope this provides some insight to your inquiry
-Tom
-Tom
Please mark answered for helpful posts
http://blogs.cisco.com/smallbusiness/