SG-1100 and SG-3100 throughput with IDS/IPS

imthenachoman · Mar 17, 2019, 4:28 AM

Does anyone have information on the maximum throughput on these devices with IDS/IPS enabled?

This is for my home. I am thinking of putting it between my cable modem and current router. Or, since the SG-3100 can be used as a router, I could replace my current one with it too.

My internet speed is 200 Mbps right now so I'd need to make sure the device can maintain that throughput with IDS/IPS enabled. Ideally I'd like some room to grow in case I get faster internet later.

stephenw10 · Mar 17, 2019, 7:39 PM

It's difficult to give you a hard figure on that as the throughput with Snort or Suricata running can be very dependent on what rulesets you have loaded and the Detection Engine settings.
But as a, very, rough guide I can push ~750Mbps through an SG-3100 here with Suricata running at default settings on the WAN. That's with ET Open and Snort GPL rules loaded and enabled. 1 rule files processed. 20610 rules successfully loaded. That's to a local iperf server but in a different subnet. There's a good chance that's being limited by the upstream firewall it has to route though, that is not sized for full Gigabit my WAN is far smaller.

Steve

imthenachoman · Mar 18, 2019, 12:44 AM

@stephenw10 Sounds like it should be fine to meet my 200 Mbps internet. I am trying pfSense on a spare computer I had. If it works I might just buy the SG-3100. Thanks!