Reply
Highlighted
New Member
Posts: 7
Registered: ‎11-12-2017
Solutions: 1

IPS / IDS question

So - I have enabled IPS. I have the standard USG. I have noticed a significant drop in network speed conducted using speedtest.net. Its 60 mbps down and 35 up. My stated ISP speed is 200 down / 35 up.

With IPS disabled, after 10 min if I run the same test I get 180 down / 35 up. 

 

Is this really the expected behavior here? 

 

I do have multiple VLANs in the network, but my USG and the computer in which I'm running the test / connecting to Unifi controller are in the same VLAN - actually its the default VLAN. 

 

 

Ubiquiti Employee
Posts: 8,030
Registered: ‎01-28-2013
Kudos: 11538
Solutions: 588
Contributions: 20

Re: IPS / IDS question

[ Edited ]

That sounds about right. IPS/IDS disables hardware offload, so overall throughput will be lower. There is a warning right in Settings>IPS, which I've also attached it to my post. That said, personally I've always used the rough guidelines from EdgeOS (found HERE):

 

ERLite-3 and ERPoe-5: below 60 Mbps most likely will work, above 200 Mbps most likely will not work.
ERPro-8: below 200 Mbps most likely will work, above 550 Mbps most likely will not work.

I removed other hardware from this list. The ER-Lite-3/PoE-5 is the equivalent of USG, and ER-Pro-8 is the equivalent of USG-Pro.

 

Cheers,

Mike

2018-05-16 19_52_19-UniFi-lab.png
New Member
Posts: 7
Registered: ‎11-12-2017
Solutions: 1

Re: IPS / IDS question

Question: Will removing VLANs and making everything work off the default LAN improve performance? Asking since in some other thread I gathered IPS only is applicable during inter LAN communications, i.e. with USG is involved. 

Ubiquiti Employee
Posts: 301
Registered: ‎08-10-2017
Kudos: 199
Solutions: 14

Re: IPS / IDS question

If you remove vlans and have a single LAN this will improve local LAN performance, but everything that need cross USG will still have performance hits.
Reply