Intrusion detection and prevention

A model citizen

Intrusion detection and prevention

I have the MX100 white papers state this is a 750mb Router. although I can get speeds in the high 800's usually 850x850.  Recently all my speeds went down to 350x350 and the only way to get back to my  800 ish speeds is to completely disable "Intrusion detection and prevention"  I would like to know if anyone else has noticed recent slowdowns like maybe the Rules have changed. My MX100 should perform 650mb speeds with all Rules enabled but this is no longer the case.  I even Tested another MX100 only to see similar results.

Kind of a big deal
Kind of a big deal

I have seen this at mx67/68 moving to fw 16 to 17.  From 800 > 200

Are you running 17.x firmware?

A model citizen

Running 17.6, When we got the 1gb service our speeds were fine for about a month, then I noticed the slowdown thinking it was ISP issue I had them come over and test, and it was not their side of things.  took bit of time to figure out it was the rules, although they have been in place for year only recently it slow down my network.

1. Is the mode set to Prevention or Detection?
2. Is the ruleset set to Connectivity Balanced or Security?


Have you tested throughput among the various ruleset settings?

A model citizen

I have tried every combination, currently, it's Prevention/Connectivity,   I thought detection / balanced would help but the only way to get anything over 350x350 is to disable it.  Even the White Paper KB says the router should do 650MB with all rules enabled. This is not the case for us here. 

Getting noticed

I experienced a similar issue with the MX67C after upgrading to MX 17.6:


Some others with similar hardware/firmware setups chimed in that they were not experiencing the same issue, so it doesn't seem to affect all instances of MX 17.6.


I eventually gave up because WAN link is the bottleneck at all our production sites. 


We are experiencing the same issue, except ours seems to have started with the upgrade to 16.15 (currently on 16.16.5 with no resolution)


When we disable Intrusion detection and prevention, speed tests show 1 - 1.2 Gbps. When it is enabled with any combination of settings, speed tests go down to around 350 x 350 Mbps. Previously IDP would have some minor effect, but we'd get in the 800 - 900 Mbps range. 

Comes here often

Same issue with 2 x MX100 with firmware 17.8

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.