After finally managing to register into the forum, I have a question that I can't seem to find a answer to.
Not here or on the Snort site/help files.
Is it possible to exempt video files (.avi .mkv. mp4 ect) from the inspection process?
The reason I would like to do this is to speed up my internet connection, I have 200Mb down and I only get about 50Mb through the Shield.
For normal web stuff 50Mb is fine, but downloading large videos is a pain...
The Shield works at the package level, so has no idea of file formats this is exactly what you want when doing intrusion prevention, I don’t think you can tell the Shield to ignore move formats. The top I get on my Shield is about 50Mb with a 100Mb download connection, you could try stopping the snort program then download your film then restart the snort program (system, startup), but if your download via torrent sites I would not switch Snort off, as the films sites are a haven for hackers just waiting to attack.
When Itus bought the Shield out there plan was to get it working, which they did and then to optimise it for speed which they sadly didn’t do before going under. With 1Gb Ethernet connection and the cpu it has the scope to improve all that needed is some experts, I can’t remember the firm at screwed Itus over but they bought out a device that looked exactly the same but in Red, maybe this firm has improved the speed.
For now, utm 9. Actually running it on sg 120 hardware which I got cheap off Ebay. I really like it. Now I get 180mbps from my 200mbps connection.
The 50 IP license restriction is challenging though so I’m looking to migrate to sophos xg firewall sometime as that has no restrictions other than hardware. It’s quite different though so running it on a test machine to get my head around it first.
Yeah, that’s about the going rate. It should run xg as well. There’s lots of support online for installing the home license version on that hardware. Be aware though this is by no means plug and play, takes som Config. I would recommend installing on a spare pc or Vm first to get to know it.
Thanks for the Tip, my biggest fear is leaving something out on the rules. So I'm not going to tinker too much...
As a former Plumber I've come up with a plumbing solution... I will use a two GbE A/B switchs (Wan in A or B out) that way I can bypass the Shield quickly by pressing two buttons.
The cool thing is I don't need to do any restarts of Cabel modems/router/ or shield and it's almost instant! Works a treat and as a bonus I have a physical internet KILL switch! No need to upgrade from the Shield... Happy for now