How do you configure Intrusion Detection in OPNsense?

Started by comet, November 15, 2017, 09:21:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 15, 2017, 09:21:05 PM
One of the things I would like to try in OPNsense is enabling Intrusion Detection but I know absolutely nothing about it.  Is their some kind of easy guide to setting up Intrusion Detection in OPNsense?  I'm assuming that you need to do something more than just checking the box for "Enabled", but most of the other options are meaningless to me.

What I'd like, if possible, is to stop intrusions but without blocking traffic to sites I use.  And I actually know so little about Intrusion Detection that I am currently not clear whether it operates only on inbound packets, outbound packets, or both.

Intrusion Detection is not a feature that I've had on any previous router.  When I briefly looked at other software, I noticed they let you add "Snort" which (I think) was also a form of intrusion detection, but it seemed a bit easier to set up since you could pick from three different pre-configured levels of protection (not saying that's the right way to do it, just that it might have been easier to set up). I don't see anything like that in the OPNsense Intrusion Detection feature, and I'm totally lost!  I hope it is not too difficult to at least enable some basic level of Intrusion Detection.

Please feel free to point me to any good beginner-level pages or videos on the subject, if any exist.  Thanks!
I'm a home user of OPNsense, not a networking expert.  I'd much appreciate it if you'd keep that in mind if replying to something I posted.  Many thanks!
November 15, 2017, 09:37:55 PM #1
Have you had a look at the OPNsense Documentation on IDS/IPS: https://wiki.opnsense.org/manual/ips.html?highlight=suricata
Regards


Bill
November 15, 2017, 10:07:51 PM #2
Quote from: phoenix on November 15, 2017, 09:37:55 PM
Have you had a look at the OPNsense Documentation on IDS/IPS: https://wiki.opnsense.org/manual/ips.html?highlight=suricata
Yeah, I saw that, and no offense intended, but I found it worse than useless.  It did not give me ANY useful information on how to set up and configure Intrusion Detection.  When you go to documentation, you sort of expect it will give you information on how to set up that feature, and that page doesn't.  At all.
I'm a home user of OPNsense, not a networking expert.  I'd much appreciate it if you'd keep that in mind if replying to something I posted.  Many thanks!
November 16, 2017, 01:30:54 AM #3
It's a manual overview page, not a how to. The first how to on that page explains how to use IDS with SSL rules.


Cheers,
Franco
January 01, 2019, 07:54:28 PM #4
agree with comet, no good manual out there.
January 17, 2019, 08:47:48 PM #5
Manual is always refering to IPS not to IDS, what is exactly the differents between them?
January 18, 2019, 09:33:47 AM #6
I'm afraid that's not something we should cover in our manual in any greater detail and I think it has surely been answered in this forum before.


Cheers,
Franco
Print
Go Up Pages1
User actions