Prashan Attanayake

Performance Impact of Prevent versus Detect with IPS

Discussion created by Prashan Attanayake on Oct 24, 2017
Latest reply on Oct 28, 2017 by Dameon Welch Abernathy

We run IPS in recommended profile. Most of the Critical and High performance are in Inactive and Detect mode. Since memory consumption is high Checkpoint TAC engineer advice us fine tune Critical and High Performance signatures into Prevent.

 

What is relation between detect and prevent mode when it comes to memory and cpu consumption ?

fwaccel stats -s
Accelerated conns/Total conns : 14/7707 (0%)
Accelerated pkts/Total pkts : 28742/10460438 (0%)
F2Fed pkts/Total pkts : 1381972/10460438 (13%)
PXL pkts/Total pkts : 9049724/10460438 (86%)
QXL pkts/Total pkts : 0/10460438 (0%)

Outcomes