Re: Suricata much worse than guardian?.
Posted: December 6th, 2019, 1:55 pm
However, you can stay with IPFire and simply turn off Suricata, can't you?
The old IPFire Forum Archive
because of this, i've bought new hardware now works wellMichaelL wrote: ↑December 6th, 2019, 11:11 amHi Team,
On my Firewall Suricata is not usable. It destroys 70% of my Bandwith so i got instead of 1GBIt only 300 MBit.
Also the way ho you upgraded IPFire is absolute not acceptable - it takes me days to recognize it isn't Vodafone it is my bloody Firewall that
steals my Bandwith. Without the useless Suricate i got back my Gigabit! (Yes i could read the Changelog, but i do not have time to read all updatedetails for all of my machines - and in years of using IPFIRE i never got really bad issues)
I switched IPS now off and will now migrate to PFSense.
The way you upgraded the Firewall without a GUI Flag that gives me a choice is absolute not User-Frindly. You invest Time an Efforts to change the IDS/IPS Tool instead of giving the User the Choice what he/she likes or work for him/her.
So you killed Snort/Guardian and replace it with someting that isn't usable.
FW Hardware: Intel(R) Celeron(R) CPU N3150 @ 1.60GHz, 2x Intel Gigabit, 8GByte Ram, 120GBye SSD
Latest Speedtest without the !*;%$** Suricata: https://www.speedtest.net/result/8828447441.png before never more that 350MBit!
e. g. https://wiki.ipfire.org/hardware/lightn ... s/businessRe: Suricata much worse than guardian?.
Post by MichaelTremer » Sun Apr 28, 2019 4:45 pm
Snort will just pass packets even if they are malicious. Also it will only use one core and might not scan 100% of the traffic.
I understand your worry and as I said we are working on performance improvements but the IPS is doing a lot of work and that needs CPU cycles.