We run IPS in recommended profile. Most of the Critical and High performance are in Inactive and Detect mode. Since memory consumption is high Checkpoint TAC engineer advice us fine tune Critical and High Performance signatures into Prevent.
What is relation between detect and prevent mode when it comes to memory and cpu consumption ?
fwaccel stats -s
Accelerated conns/Total conns : 14/7707 (0%)
Accelerated pkts/Total pkts : 28742/10460438 (0%)
F2Fed pkts/Total pkts : 1381972/10460438 (13%)
PXL pkts/Total pkts : 9049724/10460438 (86%)
QXL pkts/Total pkts : 0/10460438 (0%)