USG 3P hardware offloading issue

Hi all, I need your insight about my issue. I’ve been using USG 3P for several years and still up and running until recently my internet connection upgraded to 150 Mbps. With IDS/IPS enabled, the bandwidth only reaches around 80 Mbps. Tried disabling IDS/IPS and enabling hardware offloading, can reach 150 Mbps, but something is wrong with the DNS. External DNS can’t be reached from the user device… Nothing changed from the firewall or rules.

I don’t even have one of those for testing any more, if the device can not get to a DNS server then there is certainly some rule blocking it.

I’ve checked from users side. Nothings wrong. Its happened on entire network.

At first, IDS/IPS enable (hardware offloading grey out/disabled), user devices can access external DNS let say Not changing anything on user devices and firewall/rules, just disable IDS/IPS with hardware offloading turn off, can access to external DNS correctly with speed test reach around 100 Mbps.

After that, i tried turn on hardware offloading (still with IDS/IPS disabled), then the router speed test can reach 150 Mbps, but user devices blocked to access external DNS.

Tried nslookup on windows and dig on linux, can’t reach the external dns while hardware offloading enabled.

But its working fine if I switch the hardware offloading back to disabled.

Found the culprit, it was the GeoIP filtering. It was working correctly with hardware offloading disabled. Once hardware offloading enabled and GeoIP filtering also enabled, it was blocked.

