Page 4 of 4

Re: Suricata much worse than guardian?.

Posted: December 6th, 2019, 1:55 pm
by Hellfire
However, you can stay with IPFire and simply turn off Suricata, can't you?

Re: Suricata much worse than guardian?. - YES!

Posted: December 6th, 2019, 2:03 pm
by DJ-Melo
MichaelL wrote:
December 6th, 2019, 11:11 am
Hi Team,

On my Firewall Suricata is not usable. It destroys 70% of my Bandwith so i got instead of 1GBIt only 300 MBit.
Also the way ho you upgraded IPFire is absolute not acceptable - it takes me days to recognize it isn't Vodafone it is my bloody Firewall that
steals my Bandwith. Without the useless Suricate i got back my Gigabit! (Yes i could read the Changelog, but i do not have time to read all updatedetails for all of my machines - and in years of using IPFIRE i never got really bad issues)

I switched IPS now off and will now migrate to PFSense.

The way you upgraded the Firewall without a GUI Flag that gives me a choice is absolute not User-Frindly. You invest Time an Efforts to change the IDS/IPS Tool instead of giving the User the Choice what he/she likes or work for him/her.

So you killed Snort/Guardian and replace it with someting that isn't usable.


FW Hardware: Intel(R) Celeron(R) CPU N3150 @ 1.60GHz, 2x Intel Gigabit, 8GByte Ram, 120GBye SSD
Latest Speedtest without the !*;%$** Suricata: before never more that 350MBit!
because of this, i've bought new hardware now works well
Re: Suricata much worse than guardian?.
Post by MichaelTremer » Sun Apr 28, 2019 4:45 pm

Snort will just pass packets even if they are malicious. Also it will only use one core and might not scan 100% of the traffic.

I understand your worry and as I said we are working on performance improvements but the IPS is doing a lot of work and that needs CPU cycles.
e. g. ... s/business

Re: Suricata much worse than guardian?.

Posted: December 9th, 2019, 1:44 pm
by MichaelL
>Suricata much worse than guardian?

Yes of course, Snort doesn't limit my bandwith so it is switched on and has a chance to find a malicous client in my network. Suricate instead cost me on a System relative close to your System( ... s/business) 70% Bandwith, even when it's only in detection mode. What ends in switching of IDS and no chance to detect anything.

Suricata would need a full Blown XEON, Core i5 or i7 or EPYC to be able to do the job an a Gigabit Internet, what would increase the cost on electrical energy. On my 4 Core system the max Bandwith is with Suricata aprox 280MBit (And this only in detection mode).