1
General Discussion / [DEC690EU, HowTo, Help Needed] Setup IDS for monitoring traffic on a double-NAT?
« on: April 08, 2021, 05:48:38 pm »
Hi2youAll!
This week I purchased an OPNsense DEC690EU and I'm kind of new, as an enthousiastic home user, to this kind of devices, so please be patient with me....
Curently I have an existing double-NAT setup and I want to use the OPNsense box to monitor my traffic using IDS (maybe later on IPS) because I don't trust my current Ubiquiti hardware due to their breach.
My current setup:
Ubiquiti LAN --> Ubiquiti Gateway (WAN) --> ISP Router LAN --> ISP Router WAN (internet).
My goal:
Ubiquiti LAN --> Ubiquiti Gateway (WAN) --> OPNsense LAN --> OPNsense WAN --> ISP Router LAN --> ISP Router WAN (internet).
So, in short I want to setup the OPNsense DEC690EU to monitor and use the IDS funtion to monitor what is actually happening (detect/monitor communication).
My noob Questions:
1 - Can I use the OPNsense box to achief this?
2 - If yes, what is the best way to do this? (bridging ethernet ports, LAN to WAN setup? Setup steps to be taken?)
3 - Another option, mirror Ubiquiti gateway WAN and configure OPNsens in Promiscuous mode, somehow, for monitoring?
20210411: Option 3 seems to be working! (Services --> Intrusion Detection --> Adminstration --> Alerts, with et_telemetry.token activated and some User defined rules added. Mirrored a port on my Ubiquiti switch connected to the Ubiquiti gateway WAN and configured EPNsens LAN 3 as Promiscuous mode.)
Can anyone give me advise and get me in the right direction to get started? It would be highly appreciated!
Thanks in advance!
This week I purchased an OPNsense DEC690EU and I'm kind of new, as an enthousiastic home user, to this kind of devices, so please be patient with me....
Curently I have an existing double-NAT setup and I want to use the OPNsense box to monitor my traffic using IDS (maybe later on IPS) because I don't trust my current Ubiquiti hardware due to their breach.
My current setup:
Ubiquiti LAN --> Ubiquiti Gateway (WAN) --> ISP Router LAN --> ISP Router WAN (internet).
My goal:
Ubiquiti LAN --> Ubiquiti Gateway (WAN) --> OPNsense LAN --> OPNsense WAN --> ISP Router LAN --> ISP Router WAN (internet).
So, in short I want to setup the OPNsense DEC690EU to monitor and use the IDS funtion to monitor what is actually happening (detect/monitor communication).
My noob Questions:
1 - Can I use the OPNsense box to achief this?
2 - If yes, what is the best way to do this? (bridging ethernet ports, LAN to WAN setup? Setup steps to be taken?)
3 - Another option, mirror Ubiquiti gateway WAN and configure OPNsens in Promiscuous mode, somehow, for monitoring?
20210411: Option 3 seems to be working! (Services --> Intrusion Detection --> Adminstration --> Alerts, with et_telemetry.token activated and some User defined rules added. Mirrored a port on my Ubiquiti switch connected to the Ubiquiti gateway WAN and configured EPNsens LAN 3 as Promiscuous mode.)
Can anyone give me advise and get me in the right direction to get started? It would be highly appreciated!
Thanks in advance!