OPNsense Forum

English Forums => General Discussion => Topic started by: comet on November 15, 2017, 09:21:05 pm

Title: How do you configure Intrusion Detection in OPNsense?
Post by: comet on November 15, 2017, 09:21:05 pm

One of the things I would like to try in OPNsense is enabling Intrusion Detection but I know absolutely nothing about it.  Is their some kind of easy guide to setting up Intrusion Detection in OPNsense?  I'm assuming that you need to do something more than just checking the box for "Enabled", but most of the other options are meaningless to me.

What I'd like, if possible, is to stop intrusions but without blocking traffic to sites I use.  And I actually know so little about Intrusion Detection that I am currently not clear whether it operates only on inbound packets, outbound packets, or both.

Intrusion Detection is not a feature that I've had on any previous router.  When I briefly looked at other software, I noticed they let you add "Snort" which (I think) was also a form of intrusion detection, but it seemed a bit easier to set up since you could pick from three different pre-configured levels of protection (not saying that's the right way to do it, just that it might have been easier to set up). I don't see anything like that in the OPNsense Intrusion Detection feature, and I'm totally lost!  I hope it is not too difficult to at least enable some basic level of Intrusion Detection.

Please feel free to point me to any good beginner-level pages or videos on the subject, if any exist.  Thanks!

Title: Re: How do you configure Intrusion Detection in OPNsense?
Post by: phoenix on November 15, 2017, 09:37:55 pm

Have you had a look at the OPNsense Documentation on IDS/IPS: https://wiki.opnsense.org/manual/ips.html?highlight=suricata

Title: Re: How do you configure Intrusion Detection in OPNsense?
Post by: comet on November 15, 2017, 10:07:51 pm

Quote from: phoenix on November 15, 2017, 09:37:55 pm

Have you had a look at the OPNsense Documentation on IDS/IPS: https://wiki.opnsense.org/manual/ips.html?highlight=suricata

Yeah, I saw that, and no offense intended, but I found it worse than useless.  It did not give me ANY useful information on how to set up and configure Intrusion Detection.  When you go to documentation, you sort of expect it will give you information on how to set up that feature, and that page doesn't.  At all.

Title: Re: How do you configure Intrusion Detection in OPNsense?
Post by: franco on November 16, 2017, 01:30:54 am

It’s a manual overview page, not a how to. The first how to on that page explains how to use IDS with SSL rules.


Cheers,
Franco

Title: Re: How do you configure Intrusion Detection in OPNsense?
Post by: xames on January 01, 2019, 07:54:28 pm

agree with comet, no good manual out there.

Title: Re: How do you configure Intrusion Detection in OPNsense?
Post by: xames on January 17, 2019, 08:47:48 pm

Manual is always refering to IPS not to IDS, what is exactly the differents between them?

Title: Re: How do you configure Intrusion Detection in OPNsense?
Post by: franco on January 18, 2019, 09:33:47 am

I'm afraid that's not something we should cover in our manual in any greater detail and I think it has surely been answered in this forum before.


Cheers,
Franco