Looking for guidance on a config / EC2 machine spec for my environment.
Currently running suricata on a t4g.medium ec2 instnace. This instance is configured as a NAT instance and has suricata running in NFQUEUE mode with IPS on. Basically it’s my egress firewall for other ec2 instances in private subnets. This would be very similar to AWS Network Firewall attached to a NAT Gateway, but without all of the extra AWS costs.
I have other EC2 instances that route all of their outbound traffice through this setup. It works fine. I can write rules to allow / block traffic, etc.
I suspect that this setup is Throttling transfer systems (i.e aspera). Looking for any advice on config or AWS machine specs to get the transfers going at max speed.
Where should I look to see if suricata is indeed struggling to keep up with an aspera transfer?
Please include the following information with your help request:
- Suricata version
6.0.20- Operating system and/or Linux distribution
Rocky 9.3- How you installed Suricata (from source, packages, something else)
RPM Install