I'm running a HAProxy with a wildcard Let's Encrypt Certificate. From OPNsense to the Server is the traffic also encrypted with Let's Encrypt Certificates. Is Suricata able to inspect this traffic? It is listening to the intern Interface, but there should be only encrypted traffic?
Suricata can't decrypt TLS traffic by itself. If you want it to scan it, you need to terminate the TLS connection at haproxy and send the traffic unencrypted to the internal server.
Yes, I thought, that decrypt and encrypt on the OPNsense would do the trick.... But therefor it had to inspect an interface X between the processes...