Suricata much worse than guardian?.

Questions to IPFire Addons.
Hellfire
Posts: 697
Joined: November 8th, 2015, 8:54 am

Re: Suricata much worse than guardian?.

Post by Hellfire » December 6th, 2019, 1:55 pm

However, you can stay with IPFire and simply turn off Suricata, can't you?
Image

DJ-Melo
Posts: 678
Joined: July 8th, 2014, 7:12 am

Re: Suricata much worse than guardian?. - YES!

Post by DJ-Melo » December 6th, 2019, 2:03 pm

MichaelL wrote:
December 6th, 2019, 11:11 am
Hi Team,

On my Firewall Suricata is not usable. It destroys 70% of my Bandwith so i got instead of 1GBIt only 300 MBit.
Also the way ho you upgraded IPFire is absolute not acceptable - it takes me days to recognize it isn't Vodafone it is my bloody Firewall that
steals my Bandwith. Without the useless Suricate i got back my Gigabit! (Yes i could read the Changelog, but i do not have time to read all updatedetails for all of my machines - and in years of using IPFIRE i never got really bad issues)

I switched IPS now off and will now migrate to PFSense.

The way you upgraded the Firewall without a GUI Flag that gives me a choice is absolute not User-Frindly. You invest Time an Efforts to change the IDS/IPS Tool instead of giving the User the Choice what he/she likes or work for him/her.

So you killed Snort/Guardian and replace it with someting that isn't usable.

Regards,
Michael

FW Hardware: Intel(R) Celeron(R) CPU N3150 @ 1.60GHz, 2x Intel Gigabit, 8GByte Ram, 120GBye SSD
Latest Speedtest without the !*;%$** Suricata: https://www.speedtest.net/result/8828447441.png before never more that 350MBit!
because of this, i've bought new hardware now works well
Re: Suricata much worse than guardian?.
Post by MichaelTremer » Sun Apr 28, 2019 4:45 pm

Snort will just pass packets even if they are malicious. Also it will only use one core and might not scan 100% of the traffic.

I understand your worry and as I said we are working on performance improvements but the IPS is doing a lot of work and that needs CPU cycles.
e. g. https://wiki.ipfire.org/hardware/lightn ... s/business

MichaelL
Posts: 3
Joined: December 14th, 2016, 3:32 pm

Re: Suricata much worse than guardian?.

Post by MichaelL » December 9th, 2019, 1:44 pm

>Suricata much worse than guardian?

Yes of course, Snort doesn't limit my bandwith so it is switched on and has a chance to find a malicous client in my network. Suricate instead cost me on a System relative close to your System(https://wiki.ipfire.org/hardware/lightn ... s/business) 70% Bandwith, even when it's only in detection mode. What ends in switching of IDS and no chance to detect anything.

Suricata would need a full Blown XEON, Core i5 or i7 or EPYC to be able to do the job an a Gigabit Internet, what would increase the cost on electrical energy. On my 4 Core system the max Bandwith is with Suricata aprox 280MBit (And this only in detection mode).

Cheers,
Michael

Post Reply