OPNsense Forum

The previously stable system was completely broken.
Irregularly, the WEN port will be displayed as offline, with a red warning.
This is really a life-threatening upgrade.
How do I return to 21.7.5? :'(

Can you be more specific please.


Thanks,
Franco

If you use suricata IPS I would try

https://forum.opnsense.org/index.php?topic=25750.msg124258#msg124258

first...

Thanks for replying, I read your other related content, our question should be the same. I am summing up your experience and try another round. If there are results, I will report to you.

https://forum.opnsense.org/index.php?topic=25750.msg124258#msg124258

Quote from: chemlud on December 06, 2021, 10:44:42 AM
If you use suricata IPS I would try

https://forum.opnsense.org/index.php?topic=25750.msg124258#msg124258

first...

Thanks for replying,

For anyone else wondering: no, this is not how to report an issue. It's impossible to support.


Cheers,
Franco

After several days of testing, so far, it is still normal.
The problem is that there is no prompt for this crash, and I don't know how to describe it. The symptom is that the WAN port will go offline after a while. After restarting, it will be offline again after a period of time (the length of time may not be).
I refer to the reply from the enthusiastic chemlud above. I made a little change because I need IPS and cannot make IPS not work.
My approach is to remove the WAN from the IPS monitoring network card and only monitor other network cards. So far, everything looks normal.
I hope that friends who have the same problem can help you. Thanks again.

Quote from: franco on December 06, 2021, 08:35:45 AM
Can you be more specific please.


Thanks,
Franco

thanks Franco.. look here.

https://forum.opnsense.org/index.php?topic=25968.0

Thanks.  ;D

Don't use VLAN interfaces in IPS mode, or get someone who will tell you not to do it that you will listen to. ;)


Cheers,
Franco

Just for the record: IDS/Alert only works fine with VLANs.

True. It seems to be getting harder and harder to sift through unstructured reports that also don't know the difference of IDS/IPS, ignore documentation and best practice and don't search for previous forum advice.


Cheers,
Franco

Quote from: franco on December 14, 2021, 09:53:25 AM
Don't use VLAN interfaces in IPS mode, or get someone who will tell you not to do it that you will listen to. ;)


Cheers,
Franco

BOOS, i no have setup VLAN.  only use IPS to WEB LAN.

Quote from: franco on December 14, 2021, 10:47:11 AM
True. It seems to be getting harder and harder to sift through unstructured reports that also don't know the difference of IDS/IPS, ignore documentation and best practice and don't search for previous forum advice.


Cheers,
Franco

Report to the boss again. Remove the WAN port from the IPS list. The WAN port is no longer offline. It has been 5 days now. Everything returned to calm.