Text only | Text with Images

OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: ldanna1945 on November 29, 2025, 03:44:27 AM

Title: Something broke
Post by: ldanna1945 on November 29, 2025, 03:44:27 AM
Just after latest opnsense update  to
OPNsense 25.7.8-amd64
FreeBSD 14.3-RELEASE-p5
OpenSSL 3.0.18

The firewall would continuously reboot. Left it till next morning and the opnsense was back up. looking at Zenarmor I saw the engine was stopped . I restarted and it immediately shutdown.  Looking at the console monitor of the unit see iflib_netmap_config  txr 2 rxr 2 txd 1024 rxd 1024 rbufsz.  This comes up every time I restart Zemarmor engine.  I disabled the IPS service  and now engine starts and stays started but the above message persists every time engine starts.
Any Ideas of what is causing this?  Note: I did not have this condition before the latest update.

Thanks to the group

Larry
Title: Re: Something broke
Post by: Seimus on November 29, 2025, 03:50:50 PM
The message

Code Select
iflib_netmap_config
Its not a error. Its just a notification telling you that netmap started and the parameters it started with.

Regards,
S.
Title: Re: Something broke
Post by: ldanna1945 on November 30, 2025, 01:39:45 AM
Ok good to know  thanks I learned a bit.  Note: I enabled the IPS and Zenarmor engine stayed running. I even stopped and restarted the engine and it stayed running. So I guess I am good.

Thanks for the explanation I thought it was some error.

Larry
Title: Re: Something broke
Post by: ldanna1945 on November 30, 2025, 01:56:28 AM
HMMMM Maybe not. IPs won't  stay started now
looking at IPS log I get
2025-11-30T00:45:29Errorsuricata[116791] <Error> -- opening devname netmap:igb1-0/R@conf:host-rings=2 failed: Device busy
2025-11-30T00:45:28Warningsuricata[100143] <Warning> -- flowbit 'ET.000webhostpost' is checked but not set. Checked in 2052143 and 0 other sigs

just did another test. IPS runs if Zenarmor engine is stopped Zenarmor engine runs if IPS is stopped looks like both are trying to use same resource and there is a conflict.  Am I in the ball park and do I have to choose one or the other or is there a configuration setting I have wrong or did the update change something?

 

Ideas?

thanks
Larry

Title: Re: Something broke
Post by: Seimus on November 30, 2025, 02:27:30 AM
How is your Suricata and ZA deployment done?

Do you run Suricata on WAN and ZA on LAN? Or do they overlap?

Regards,
S.
Title: Re: Something broke
Post by: sy on December 01, 2025, 02:00:39 PM
Hi,

Zenarmor and Suricata cannot operate on the same interface. Please assign Zenarmor to protect the LAN interface(s) and Suricata to protect the WAN interface(s).
Title: Re: Something broke
Post by: ldanna1945 on December 01, 2025, 08:07:44 PM
You are all A great help. Yes I had ZA and IPS on same interfaces. I changed to ZA on Lan and IPS on WAN. All started and looks good.

Thanks for the help.

Larry
Text only | Text with Images