07-16-2018 08:46 AM
Random issue with USG and IPS.
With IPS enabled, it will randomly go from normal CPU usage to high CPU usage without any apparent change on the network. It can happen in the middle of the night with no one working. I've tried to determine if a certain computer is causing this, but I can't find the culprit if that is the case.
Is there a way I can see what is specifically causing IPS to spike?
07-16-2018 09:42 AM
High CPU by itself does not mean you have a problem just that your CPU is being utilized to do something and in this case it is IPS/IDS.
Remember that with IPS/IDS enabled all packets are decoded and the system tries to match rules with packet so this will utilize a lot of CPU.
07-16-2018 09:46 AM - edited 07-16-2018 09:48 AM
OK. It does go up an expected amount of usage when enabled, but then spikes to high levels for no apparent reason. I have 10 sites all with full UniFi sans a switch or two, and this is the only site that does this.
Is there a way to know the originaing IP of the requests so I can see if there is a "bad" device on the network (hacked IoT, computer, bot, etc.)?
07-16-2018 09:48 AM
grep BLOCK /var/log/messages
should list all blocks and you can also disable TOR and Malicious IP Firewall restrictions on your IPS/IDS configuration page
10-24-2018 08:30 PM
I'm seeing similar results. When enabling IPS, CPU increases a nominal amount and continues to run fine for a couple days before suddenly jumping to about 60%. As soon as I disable it, CPU drops to pre-IPS levels.
10-24-2018 08:36 PM
a week ago
Same problem here but my USG also disconnects regularly after enabling IDS and also gives me timouts like in Nashional's charts. In the past it ran fine for a couple of days but then disconnects and had to restart the USG. The problem became more frequent and i had to eventually do a factory reset on the unit to be able to login again and to disable IDS.
I do want to use IDS/IPS but it does not seem to run the way it should work.
PS. througput is just fin with IDS enabled on my USG 3P (withoud IDS/IPS 200-20/ With IDS/IPS 160/20)
a week ago - last edited a week ago
Installed new firmware and my USG 3P seems to be more stable. On the other hand the usage (average 75-80%) is more than it was before and i am experiencing some latency when playing movies etc!
Is there a way to solve this problem?