Using Surricata on lan and zenarmor on wan, tired both L3 native and emulated netmap and the dashboard displays the wan with zero throughput when doing the Ookola up/down speed test? Why? Any suggestions?
I and running wireguard to the vpn.
I think I have the answer.
Currently zenarmor does not support wireguard or openvpn.
Maybe I could put Surricata on the wan and zenarmor on lan
will it work?
https://www.zenarmor.com/docs/troubleshooting/configuration
It should be opposite... Zen on LAN and surricata on WAN if I understand them correctly.
Got it to work using zen on lan and Surricata on wan. If I am using wireguard should the Surricata interface selection be both for wan and wireguard?
you can if you'd like.
Zen on lan , suricata on wan, using wireguard to vpn.
Unable to block on Suricata the http://eicar.eu download.
I have the rule enabled and on alert.
The logs have no alerts indicating the eicar rule got triggered and was it subsequently downloaded.