Dear OPNsense users,
Maybe this question has been asked before, but I couldn't find it when searching.
Here's what I want to know:
Do you still need Intrusion Detection if you're running a Zenarmor home license?
Today, I removed the MongoDB database and configured Zenarmor to use Elasticsearch. During this process, I was asked which interface I wanted to protect.
Previously, I had it set to the LAN interface, which includes various sub-interfaces.
Is it smarter to set it to the WAN interface?
And what should I do with the Intrusion Detection that's included in OPNsense? Should I also set this to an interface?
My firewall appliance has enough processing power and memory to run both, but is it advisable?
I hope someone can point me in the right direction.
Thank you in advance.
Kind regards,
Michel
Hi Michel,
The best practice is to protect the LAN interface(s) on Zenarmor and the WAN interface(s) on Suricata. You can not use them on the same interface due to netmap limitation.
Hi Sy,
Thank you for the info.
I've set is up in your way.
Kind regards,
Michel