Could you provide an overview of the IDS/IPS and DPI features of the Route10? Specifically, which engine is used, where the signature updates originate, and how frequently they are updated, any dashboards for insights, logging/alerting?
And, is it capable to perform this at 10Gbps?
Thanks for the question @dennisvanvelzen
This should help answer most of your questions:
Also, as for throughput, we see 10Gbps if you set your threat level to medium. High does reduce throughput below 10Gbps.
Should it possibly say Low? As that (Low) would be the most strict identification, while High is the least strict identification? Or did I misinterpret the levels?
This is exactly how I’ve interpreted it.
It is the same meaning as within Suricata, the engine we are using. The higher the number, the more severe the issue is. The lower the number, the more you can ignore it.
So, I was referring to setting to High, in my interpretation of the help tooltip, would be less performance heavy, and Low would be most performance heavy, so it would be backward if setting to High would yield less than 10 Gbps if Medium allowed for 10 Gbps.
Ah, yes, that makes sense, but Suricata is designed to detect any/all loaded threats all the time. We only take that information and block/notify based on the severity of the rule that is detected. You would need to filter the rule set in /a/suricata/data/rules/suricata.rules manually to reduce the load any further. However, Suricata is pretty efficient in how it detects rules, so it’s generally not recommended.
