Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort with SquId on same Interface (Solved)

    IDS/IPS
    1
    1
    364
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      Impatient
      last edited by Impatient

      If using Snort with blocking enabled on same Lan interface as Squid with SSL bump enabled hit's from cache is throttled to 3.5 Mbps.

      For instance if I download AMD graphic's card driver's they download at line
      speed which is 25 Mbps but when another system try's to download the same
      one's and hit the cache the download speed is 3.5 Mbps.

      With Snort disabled on the Lan interface the hit from cache is more like instant.
      If I remember correctly it didn't used to do that so I assume I have changed something
      in the Snort config. in the last few month's that I shouldn't have.

      Has anyone run into this before or have a clue where I should start except from scratch?

      Hardware is Xeon CPU E3-1220 v2 @ 3.10 GHZ.
      Motherbord Asus P8B-C/4L
      4x Intel Gb Nic's
      2x Intel SSD's

      Solved-
      Backup and Restore
      Unchecked save setting's-Uninstall-Reboot
      After Reboot I reinstalled and Restored Configuration.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.