On Wed, Jan 7, 2015 at 6:07 AM, Yusufi M R wrote:
> Hi All,
>
>
>
> We are using PFSense as a Firewall in our production environment. For
> IDS/IPS, we have also installed Snort package into it. In Snort, there are
> two rulesets one from the Snort itself and other one from Emerging Threat.
> We have enabled Snort Community, Snort VRT Free and ETOpen.
>
> We have users connected behind this Firewall. We are facing the issue like
> slowness in the internet. The images takes long time to load. When I disable
> block offenders, it works fine. But the purpose of doing this whole is to
> prevent users from the attacks/offenders.
>
> Is all the above ruleset needed for Intrusion Detection and Prevention ? How
> can I increase the performance and be secure in parallel ?
>
There is effectively no difference between running with blocking and
without from a general performance perspective. I'm guessing you're
blocking something that is causing delays elsewhere, like maybe a name
server that then requires your clients to wait for a timeout and try
another, or something similar along those lines. Check your alerts and
what you're blocking.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold