Hi
Im new using this firewall distro, I tried to use the suricata as IPS but it blocked one of our IP address that must be the other side of an IPSEC tunnel.
Also I was surprised to find no rules are added to firwall IPSEC interface when you setup a phase2 on IPSEC Tunnel, but at least I was able to add it manually.
At the IPS config screen I was not able to find a field to insert the ip addreses wich must be whitelisted on IPS alerts.
Sure this opcion is somewhere, anyone can point me in the right direction?
Many thanks