Snort with SquId on same Interface



  • If using Snort with blocking enabled on same Lan interface as Squid with SSL bump enabled hit's from cache is throttled to 3.5 Mbps.

    For instance if I download AMD graphic's card driver's they download at line
    speed which is 25 Mbps but when another system try's to download the same
    one's and hit the cache the download speed is 3.5 Mbps.

    With Snort disabled on the Lan interface the hit from cache is more like instant.
    If I remember correctly it didn't used to do that so I assume I have changed something
    in the Snort config. in the last few month's that I shouldn't have.

    Has anyone run into this before or have a clue where I should start except from scratch?

    Hardware is Xeon CPU E3-1220 v2 @ 3.10 GHZ.
    Motherbord Asus P8B-C/4L
    4x Intel Gb Nic's
    2x Intel SSD's