I run OPNsense as a Proxmox VM, virtio trunk interface, queues=6 (matching the number of cores). I have Intrusion Detection configured to use Promiscuous mode on the trunk interface, using hyperscan as the pattern matcher. Everything seems to work well, but I am seeing output errors on interfaces only when I enable IPS Mode for Intrusion Detection. Is there anything I can tweak to mitigate this?
Thanks again!
First for most what kind of hardware are you running? Have you tried the ken steele version or the less memory one . To my knowledge hyperscan requires allot memory to run correctly. can you post the errors ?
When you start IPS the interface resets for a moment and in this timeframe the packets are dropped, if the counter jumps up in this time and sticks at this amount, it's ok