HI
I'm looking to make an inline Suricata box to intercept certain applications. I need DPI to detect certain applications (i.e. unauthorized VPN traffic) and block it. The box needs to be inline and receive its LAN IP address from the DCHP server.
I have been looking at OPNsense (as opposed to Security Onion) to do this project quickly but got lost in the configurations. Is there a knowledgebase article to setup OPNsense in bridge mode to transparently pass through traffic with Suricata IPS active?
Thank
Did you evaluate beforehand if suricata can do what you need it to do?
Suricata is more for analyzing traffic for known attacks based on rulesets.
DPI on Application Layer is more in Zenarmor's territory.