cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
26219
Views
1
Helpful
77
Replies

WRVS4400N - IPS and 50Mbps Broadband

cactusdesigns
Level 1
Level 1

Hi,

Just been upgraded to 50Mbps Broadband, but I can only achieve 22Mbps with IPS enabled.

Is this a know problem?

Is there a work around, instead of just disabling IPS?

Clearly if I cant get this fixed I'll be going elsewhere for my router :(

Regards.

77 Replies 77

Steven DiStefano
VIP Alumni
VIP Alumni

The data sheet at

http://www.cisco.com/en/US/prod/collateral/routers/ps9923/ps9931/data_sheet_c78-496737.html

says:

Performance

NAT throughput: 800 Mbps when IPS is disabled

It doesnt say what it is with IPS enabled.   Perhaps the Performance team can comment.

-- Bump --

Any news on the performance with IPS enabled?

Thanks.

Yes, the feedback is that with IPS enabled, the rate slowed to 20's range of MBPS.

OK, so let me get this straight, a guy in his home office (i.e. me!) has determined that the throuput with IPS is approx 20 Mbps... Shouldn't this be the other way round? That is, Cisco (a multinational company with more resource and understanding) be informing its customers (in the spec/data sheet) of the throughput?!

Anyway, since it looks like I'm going to be stuck with this router for a while longer (until I determine the throughput of a competitor product), can someone let me know what are the actual benefits of IPS and possibly a scenario where the IPS comes into effect?

After reading such articles as: http://www.networkworld.com/columnists/2003/0804snyder.html I'm none the wiser to why I need IPS, but the "fear factor" is the selling point as ever!

If I disable the IPS is there a software/hardware alternative that I can use that will not have the same performance penalty?

Regards

While IPS in the WRVS4400N uses signature files you update periodically to the router to provide decection (and prevention) against an anomaly, there is a network (in the cloud) service this router is eligible for which prevents sites with bad reputation (known to distribute worms, spybots and viruses) from connecting to any client behind the router.  It also has URL Fiultering by category (66 categories so you dont have to manuallly type URLs) and Email SPAM prevention.   Its called Trend Micro's Protect Link Gateway (in the cloud) service (since WRVS4400N FW version 1.1.13 and later)

http://www.cisco.com/cisco/web/solutions/small_business/products/security/trend_micro_protectlink_gateway_security_service/index.html

The cisco.com WRVS4400N FAQ found here has the following information:

http://www.cisco.com/en/US/products/ps9923/products_qanda_item09186a0080a39097.shtml

ProtectLink
1. What is Trend Micro Web Protection used for?
Use Web Protection to manage and protect employee Internet use by blocking access to non-work-related and malicious Web sites.

2. What is Trend Micro InterScan Messaging Hosted Security (IMHS)?
Trend Micro InterScan Messaging Hosted Security is a hosted email security service that can benefit any size organization. We provide the hardware, software, and messaging expertise to cleanse your email of spam, viruses, worms, Trojans, and phishing (identity theft) attacks. The cleaned mail stream is sent directly to your mail server for final delivery to your end users. To use this service you must manage and have administrative access to your own SMTP server. Please have the domain/IP information ready during the registration process.

3. Who do I get the ProtectLink Service?
First you must have a Supported Linksys Router that works with this service (Currently this is only the RV042 but will soon include many of our Business Class Routers, keep checking the Linksys website for firmware updates if you have a router not currently included on the list), then purchase a Registration key from a Linksys approved retailer. After you have a Registration key you can log into your router's interface, got to the Security Protection tab and you should have a link from there to sign up for the service.

4. How much does the Trend Micro service cost?
Trend Micro InterScan Messaging Hosted Security is sold in 5 seat and 25 seat increments on an annual payment plan. Please contact Sales or a Local/Online Retail for exact pricing.

5. How long does the initial setup of the Trend Micro service take?
If just registering for the Web Protection service, it can take up to 24 hours to activate your account through Trend Micro. You should receive an email containing your account information and instructions on managing your account.
Once this portion is active, if you chose to sign up for the IMHS Service during Registration it can take up to another 24-48 hours to receive your account information and instructions on managing this service as well. Once your IMHS account is active it may take an additional 24 hours to update your MX record.

6. My Router is listed but I do not have the Security Protection Tab within the Web UI?
Please go towww.linksys.com/download and upgrade to the latest firmware.

7. I already signed up for the Web Protection service but now I want to use the IMHS service as well. How do I add it?
In order to activate the IMHS Service after initial registration please contacts Trend Micro Support at imhs_support@trendmicro.com with your SMTP server domain/IP information.

8. How do I begin using the IMHS service> Do I need to install, configure, or maintain anything?
A simple redirection of your Mail exchange (MX) record is all that is needed to start the service. Your email is processed by the Trend Micro InterScan Messaging Hosted Security to remove spam, viruses, worms, Trojans, and Phishing attacks; the clean messages are then sent directly to your mail server. This can be process can be activated either through the Initial Trend Micro Registration or through contacting imhs_support@trendmicro.com if you have already activated the Web Protection Portion of the service.

9. What level of Web Reputation should I choose?
Security Level: The higher the security level, the more URLs that are known or suspected to be a Web threat will be blocked.
a. High - Blocks a greater number of Web threats but increases the risk of false positives.
b. Medium - Blocks most Web threats and does not create too many false positives. This is the recommended setting.
c. Low - Blocks fewer Web threats but reduces the risk of false positives.



So basically the router has a feature that sucks 97,5% of the throughput capacity out of the router (that's ninetyseven-and-a-half percent)? Doesn't it sound like this IPS feature needs some performance attention from the developers? I mean now that 50Mb and 100Mb broadband connections are becoming more and more common, the feature should at least be able to support those kinds of connections.

I've disabled my IPS for now.

Yep, that pretty much sums it up.

I've got IPS enabled most of the time, unless I need to do a big download and need the extra bandwidth.

Totally concur, the cisco devs need to rethink this, especially as since 100Mbps is on the horizon for my area too... Its rather hilarious that they have posted the figure of throughput with IPS disabled, but fail to mention what it is with IPS enabled...

Thanks for your input.   I have forwarded this thread to the Product Manager.

Have you heard anything from the Product Manager?

I'm mainly interested in if it's considered to be working as designed or if there's any chance of performance improvements in later firmware releases.

I've not heard anything new regarding this, but I'm kinda assuming that it won't be fixed and instead looking for a replacement, which is pretty sad.

Anyone from cisco care to comment?

Thanks,

Hi Steven,

Could you check for us if URL blocking affects bandwidth. We updated our unit with firmware 2.0.1.3 and our contract bandwith with ISP is 100Mbps.

The scenario that we are experiencing now are as follows:

1. Enable IPS and URL blocking, we'll get 22Mbps.

2. Disable IPS and enable URL blocking, we'll get 39Mbps.

3. Disable both IPS and URL blocking, we'll get 100+Mbps.

Thanks in advance.

Rgds,

Raul

Te-Kai Liu
Level 7
Level 7

Although 20Mbps of throughput when IPS is enabled does not meet the requirement of the 50Mbps internet pipe, the price/performance ratio of $130/20Mbps should be very competitive in the market.

It appears if you do the above procedure and turn OFF the IPS - it will break firewall port forwarding.  Now if you don't use any custom ports to port forward, this isn't an issue.  BUT, if you do (as we often do) - it will break them and won't work.  Again - this only effects CUSTOM FIREWALL PORTS (ie: non standard ports, like mapping a port to 15000 or similar) and turning off IPS.  You could leave ON IPS and this is a non-issue.

I am sorry to hear about the problem you found and thanks for sharing it with everyone.

I do think you should report the problem with a formal TAC case so it can be resolved.

1-866-606-1866

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: