My scenario is :quad core j1900 appliance with 4 x intel ( PRO/1000 Network Connection, Version - 2.5.3-k )
4gb ram, ssd, OS 17.7.11
LAN0 - (igb0) Management interface , static ip, openvnp to my NMS
WAN1 and NET2 (igb1 and igb2) are a bridge (BRIDGE0) .
My intention is to run a transparent IPS on the bridge interface.
In IDS mode, suricata runs flawlessly doing everything I expect.
When I transition to IPS mode, the system stops passing traffic on the bridge interface.
When suricata transitions to netmap mode it fails, and opnsense locks up.
I have set all offloading to off.
I have followed this guide:
https://docs.opnsense.org/manual/how-tos/ips.html
and then double checked a few settings against this one for general omissions
https://docs.opnsense.org/manual/how-tos/transparent_bridge.html
I also reviewed the notes the the bottom of this thread :
https://forum.opnsense.org/index.php?topic=3934.0
Looking through the logs I see nothing that helps diagnose the problem.
My question is how can I debug netmap or suricata on the device to troubleshoot what's failing when i transition to IPS mode?
Thanks for your help,
Mpdsville
Competent Unix and Linux System Admin.
you trying to run this as your edge device in transparent bridge mode??
i have yet to set mine up but ill be trying to do what you are as well.
which appliance are trying to use?
what are the logs showing when these events happen?
I have these placed between my edge firewall and internal switch at a few branch offices.
Transparent bridge between two interfaces, Suricata running against the internal facing NET2 interface .
I don't have anything useful in the logs to tell me whats happening to suricata when it gets restarted in netmap mode. Hence my question . "how can I debug netmap or suricata on the device to troubleshoot what's failing when i transition to IPS mode"
I have more than one of these to test with in the lab.