notebook:ips_ids_information

Intrusion Prevention System

Initial Release

The UniFi Intrusion Prevention System / Intrusion Detection System was released to general availability as a beta feature in the UniFi 5.7.20 stable release, with accompanying USG firmware release 4.4.18. IPS/IDS is supported on on the UniFi Security Gateway, the USG Pro-4, and the USG XG-8.

The UniFi IPS / IDS functionality is based on the Suricata Open Source IDS version 4.0.4, as of USG firmware release 4.4.22. With this release, only IPv4 traffic is inspected; IPv6 inspection is in development and has been made available in firmware 4.4.24dev.

Performance

IPS/IDS features disable hardware offload, which reduces performance as described in the Warning on the IPS page of the UniFi Settings. With hardware offload disabled, routing between LAN or VLAN interfaces in a configuration with multiple internal networks is also reduced to the aforementioned stated non-offloaded maximum throughput.

With IPS/IDS Enabled
Device Max Throughput
USG 3P 85 Mbps
USG Pro 250 Mbps
USG XG-8 1 Gbps

IPS / IDS Categories

The types of activities that can be detected are largely based on the categories as listed in the ETPro Category Descriptions.


Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 4194312 bytes) in /home/nevyxvrt/ubntwiki.com/lib/plugins/authplain/auth.php on line 417
dokuwiki\Exception\FatalException: Allowed memory size of 134217728 bytes exhausted (tried to allocate 4194312 bytes)

dokuwiki\Exception\FatalException: Allowed memory size of 134217728 bytes exhausted (tried to allocate 4194312 bytes)

An unforeseen error has occured. This is most likely a bug somewhere. It might be a problem in the authplain plugin.

More info has been written to the DokuWiki error log.