Astaro / Sophos UTM - Enabling IPS - Cuts Bandwidth in Half

posted Nov 7, 2016, 7:04 AM by Andrew Chadick   [ updated Dec 1, 2016, 1:07 PM ]
Astaro / Sophos UTM - Enabling IPS - Cuts Available Bandwidth in Half -
Reason? It's not self aware! It doesn't have logic in the installation routing to understand how many cores are available to it.
You need to manually look at how many cores you are running, then increase the number of "IPS instances" to reflect that number of cores, otherwise your firewall will not only bog down, but it won't show you why!

You will need to enable shell access.  SSH in using "loginuser".  Then sudo su to root.  

Once root:  
cat /proc/cpuinfo (this confirms the number of installed CPUs). 
cc get ips num_instances (this confirms the current setting). 
cc set ips num_instances x (where x is the number of CPUs installed in your UTM). 
/var/mdw/scripts/snort restart (the command to restart Snort)