|
|
|
|
|
|
|
|
|
|
|
|
| Re: Kerio Control - Performance problem - Snort 3 [message #153838 is a reply to message #153820] |
Thu, 23 February 2023 13:44   |
tverweij
Messages: 72
Registered: March 2010
Location: Curacao
|
|
|
|
It is now almost 2 years after the initial message in this topic - still no Snort3, and the IPS botteneck is growing as internet lines are becoming faster.
I heard they were working on it, but that is also a few months ago.
But this is not the only thing that worries me. Kerio is getting out of usable state because of lack of updates.
I mean: UEFI support (security and new hardware). Snort3 support (performance). AES-NI support (hardware acceleration). Traffic prioritizing (the next step in QOS). Android 12+ VPN support.
Kerio is loosing terrain each month that those things are not implemented, and there will be a point that even I have to decide to look for another firewall (I am working with kerio since about 2004, maybe earlier).
Update: I checked, and I work with Kerio since 1999 - 24 years this year ....
[Updated on: Fri, 24 February 2023 12:45] Report message to a moderator |
|
|
|
| Re: Kerio Control - Performance problem - Snort 3 [message #153866 is a reply to message #153838] |
Wed, 01 March 2023 03:39 |
kres
Messages: 1
Registered: March 2023
|
|
|
|
Anyone tried that on a hardware server or VMware VM with good single-thread performance CPU?
I tested Control on a host with "up to" 500 Mbps uplink and it went 400/400. But I don't have 1Gpbs+ to test right now. And I have a client being interested but they have 10G uplink (I saw the port, do not know real connection width yet). What do? Years ago I loved Kerio, some old clients still use it...
|
|
|
|
| Re: Kerio Control - Performance problem - Snort 3 [message #153881 is a reply to message #153866] |
Wed, 01 March 2023 14:01 |
tverweij
Messages: 72
Registered: March 2010
Location: Curacao
|
|
|
|
I talked to support and as I understood, we can expect UEFI soon and Snort 3 not much later - so that should solve the performance issues as this (snort 3) makes the product scalable (scalable = Add extra CPU's for more performance). So we'll wait and see.
For the test with a good single-thread CPU: I do this on HyperV and reach 750 down and 350 up with a Xeon Silver 4210 (HT off and CStates off).
Snort 3 should be faster per CPU, but if I can scale the above, it needs 13 CPU's to get to 10 Gb down and 28 CPU's to get 10 Gb up. For a one GB line, 3 CPU's should be enough to get to the max.
So in my opinion it still needs hardware (AES-NI) acceleration to get the needed cores down as line speeds are continue to go up.
[Updated on: Wed, 01 March 2023 14:06] Report message to a moderator |
|
|
|
Members
Search
Help
Register
Login
Home
