====== Intrusion Prevention System ======
===== Initial Release =====
The UniFi Intrusion Prevention System / Intrusion Detection System was released to general availability as a beta feature in the UniFi 5.7.20 stable release, with accompanying USG firmware release 4.4.18. IPS/IDS is supported on on the [[products:unifi:unifi_security_gateway|UniFi Security Gateway]], the [[products:unifi:unifi_security_gateway_pro_4|USG Pro-4]], and the [[products:unifi:unifi_security_gateway_xg_8|USG XG-8]].

The UniFi IPS / IDS functionality is based on the [[https://suricata-ids.org/|Suricata Open Source IDS]] version 4.0.4, as of USG firmware release 4.4.22. With this release, only IPv4 traffic is inspected; IPv6 inspection is in development and has been made available in firmware 4.4.24dev.
===== Performance =====
IPS/IDS features disable hardware offload, which reduces performance as described in the Warning on the IPS page of the UniFi Settings. With hardware offload disabled, routing between LAN or VLAN interfaces in a configuration with multiple internal networks is also reduced to the aforementioned stated non-offloaded maximum throughput.

^          With IPS/IDS Enabled         ^^
^ Device ^ Max Throughput ^
| USG 3P | 85 Mbps |
| USG Pro | 250 Mbps |
| USG XG-8 | 1 Gbps |
===== IPS / IDS Categories =====
The types of activities that can be detected are largely based on the categories as listed in the [[http://tools.emergingthreats.net/docs/ETPro%20Rule%20Categories.pdf|ETPro Category Descriptions]].