SA 520 IPS

Unanswered Question
Jan 15th, 2010

Hello,

I just purchased a SA 520 and I am trying out the IPS feature before I buy. During my tests I get around 85 mbps off a 100 mbps connection (which is relatively  normal), however as soon as I enable IPS with very few options (trojan/virus, http, etc), it drops down to 18 or so. Anyway to improve this?

Thank you!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
FratianiD Sat, 01/16/2010 - 13:16

I am seriously considering buying this unit but if the IPS performance is truely that bad, I don't know.

Is this still a problem in the lastest firmware (1.1.21)?

alissitz Sat, 01/16/2010 - 14:26

I think we should wait and see, I asked the product manager to take a look.  Hopefully a case will be opened also.

Kindest regards,

Andrew

Steven DiStefano Sat, 01/16/2010 - 14:48

Hi,

We know from internal performance testing of other Cisco products, that the overhead of IPS Signature detection is alot.

I think we can realistically expect a significant drop in performance when IPS is enabled.

Since the datasheet was issued prior to having IPS, we have asked the PM to update it with the caveat of reduced performance when IPS is enabled.

The Solution test team will have to determine how significant.

I think this would be true for any vendors product that performs thouough packet inspection?

Steve

SE Field Channel Sales

FratianiD Sat, 01/16/2010 - 15:07

Will the SA540 have a better IPS throughput?

I assume that the 540 has a faster processor since it claims 300Mb/sec SPI as opposed to 200Mb/sec for the 520.

I would be interested in the actual specs for the 520 and 540 with and without IPS.

FratianiD Sat, 01/16/2010 - 15:45

With out IPS for the 520 and 540 would be the 200Mb/sec & 300Mb/sec respectively right?

At any rate, would this be faster than the RVS4000 IPS processing?

alissitz Sat, 01/16/2010 - 18:47

Hello and good evening,

We have a few internal folks as well as the product manager for some numbers, once we have these we can communicate them and assist you in buying the right product that meets the performance need.  Both Steve and I have escalated this ... we hope to have an answer for you quickly.

Kindest regards,

Andrew

johnnyboy24 Sun, 01/17/2010 - 08:36

Do you still want me to open a case for this issue?

Primary Firmware Version:      1.1.21
Secondary Firmware Version:     1.0.15

I can't download the latest IPS update cause its seems you need a contract to do so (even on the free 60day trial). My highest bandwidth test so far was 97mbps without IPS. The highest with IPS was around 20mbps. The lowest without IPS was 80mbps, and the lowest with was 14mbps.

Granted these numbers do fluxuate cause I am on a 100mbps cable connection (Cisco modem with gbE), but not alot.

System up Time : 3 days, 16 hours, 0 minutes, 54 seconds

CPU Utilization
   
CPU usage by user:     2 %
CPU usage by kernel:     1 %
CPU idle:     97 %
CPU waiting for IO:     0 %


Memory Utilization
   
Total Memory:     234016 KB
Used Memory:     145304 KB
Free Memory:     88712 KB
Cached Memory:     70708 KB
Buffer Memory:     10556 KB

Steven DiStefano Tue, 01/19/2010 - 08:11

We are told a contract is not required to access the trial license... but you do need to have a CCO account... which takes just a few minutes to create.

Did you try to access with a valid CCO ID?

johnnyboy24 Tue, 01/19/2010 - 08:53

Thank you for getting back to me.

I tried to access it online, however no matter what I tried - I get an error (cannot access this file).

Also, this is the latest IPS info on the SA...

Signature File:  SBIPS000001
Last Checked for Signatures: Sat Dec 12 03:04:57 GMT 2009

I even tried to put my username/password in and hit "Update Now", but it doesn't seem to update to anything other that the one I originally had.

Steven DiStefano Tue, 01/19/2010 - 08:55

Open a case with SBSC and let us know the solution.  Sorry to hear it isnt working.  This is new, so lets engage the support team who received some training on it and should be able to help.

Steve

With IPS turned on, our SA540 has a max download throughput of ~22 Mbps.  With IPS turned off we consistently achieve 30 Mbps (ISP cap).

On a side note, IPS also reduces our upload throughput to ~4.3 Mbps.  With IPS turned off we consistently achieve 5 Mbps (ISP cap).

I wonder if the SA540 would perform better if we increased our cap to 50 Mbps?

Also, were the IPS performance specs mentioned above ever posted anywhere?  I searched around, but couldn't find anything.

Actions

This Discussion

Related Content