Print Page - Suricata: Multi Tenancy (VLAN)/ Latency Question

Title: Suricata: Multi Tenancy (VLAN)/ Latency Question
Post by: maweber on December 12, 2018, 09:22:29 PM

Hi all

Edit: Sorry this belongs to the other (Suricata) forum, but it seems I cannot delete this.

I read in this doc
https://suricata.readthedocs.io/en/suricata-4.0.1/configuration/multi-tenant.html (https://suricata.readthedocs.io/en/suricata-4.0.1/configuration/multi-tenant.html)

that it's possible to distinguish configs by VLAN IDs using multi-detect.

My questions here:

are the default baremetal interfaces in "netmap" the ones where the VLANs tenants are based on?
if I want filters on VLAN-1, but empty rules on VLAN-2: will there be an inspection and latency on VLAN-2? (I ask because I had lags with openvpn going through suricata. a pass rule didn't help. only disabling did.
what is the most stable way for opnsense to eat my "multi-detect" config? just add it in the custom.yaml file, and reference (+TARGETS) the additional yamls?

Thanks a lot.
Best
Manu

OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: maweber on December 12, 2018, 09:22:29 PM