On Wed, Jan 7, 2015 at 6:07 AM, Yusufi M R <[email protected]> wrote: > Hi All, > > > > We are using PFSense as a Firewall in our production environment. For > IDS/IPS, we have also installed Snort package into it. In Snort, there are > two rulesets one from the Snort itself and other one from Emerging Threat. > We have enabled Snort Community, Snort VRT Free and ETOpen. > > We have users connected behind this Firewall. We are facing the issue like > slowness in the internet. The images takes long time to load. When I disable > block offenders, it works fine. But the purpose of doing this whole is to > prevent users from the attacks/offenders. > > Is all the above ruleset needed for Intrusion Detection and Prevention ? How > can I increase the performance and be secure in parallel ? >
There is effectively no difference between running with blocking and without from a general performance perspective. I'm guessing you're blocking something that is causing delays elsewhere, like maybe a name server that then requires your clients to wait for a timeout and try another, or something similar along those lines. Check your alerts and what you're blocking. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
