Hi,
I recently moved to OPNsense from PfSense after over a decade of use.
Generally very happy with the switch.
However,
In PfSense I was able to filter alerts by severity 1-3 in the GUI.
How do I do this in OPNsense?
Also in PfSense I could see in the GUI the list of blocked IP adresses when using IPS.
How do I do this in OPNsense?
Thanks
Severity is written into the rule. It could be changed manually but what for. In opnsense decide what you want the rule to do, which is called the action, In IPS mode when triggered. Alert, Drop, Disabled. No matter the severity. They are all severe. The rules are things that should not happen, ever. Youve may have heard of a false positive, nonsense, no such thing, they are set to trigger for a certain reason. They do have to be adjusted, say if you want to go to social media, because there are rules that in opnsense rulesets that will block that site. These will block beacons. Its about security. Hope that helps a little.