Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: Patrick M. Hausen on May 04, 2021, 09:34:29 PM

Title: Suricata on just a VLAN?
Post by: Patrick M. Hausen on May 04, 2021, 09:34:29 PM
Hi folks,

just a quick question: my setup is all VLANs on top of a lagg on top of a pair of Intel ix(4). Can I run Suricata on just one VLAN interface? I would like to experiment with it.

Thanks,
Patrick
Title: Re: Suricata on just a VLAN?
Post by: Vilhonator on May 06, 2021, 03:29:27 PM
Yes it is possible.

On web gui, go to Services ---> Administration and on the interface selection, choose the VLAN interface you want to use IDS/IPS on, check promiscuous mode and enable boxes and click apply.

Otherwise it is pretty much the same as if setting it up for all interfaces.
Title: Re: Suricata on just a VLAN?
Post by: Patrick M. Hausen on May 06, 2021, 04:12:31 PM
I'll give that a try, thank you.

I was a bit unsure about that because the documentation states:
https://docs.opnsense.org/manual/ips.html
QuoteInterfaces: Interfaces to protect. When in IPS mode, this need to be real interfaces supporting netmap. (when using VLAN's, enable IPS on the parent)

Worst case I can apply the $HOME_NET parameter. Reason being that my OPNsense is not my Internet facing firewall but I would like to move my publically reachable servers behind it and activate IDS just for these.
Text only | Text with Images