OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: Trevelian on November 20, 2018, 03:27:07 pm

Title: IPS with VLAN, promiscuous mode ?
Post by: Trevelian on November 20, 2018, 03:27:07 pm
Hello world,

After failing using IPS mode with KVM VirtIO network cards (apparently not supported by the OS under opnsense) I'm starting to test the IPS using VLAN (trunk with vlan tagging) on a physical NIC

The first test was deadly, lost of connection, I found that if I disable the "VLAN Hardware Filtering" It solve my issue.
Reading the documentation I also see that if I monitor a physical NIC with VLAN I must use the promiscuous mode, but after testing with or without the "promiscuous mode" I was not able to see any difference, the IPS is correctly blocking website like http://www.eicar.org/download/eicar.com.txt

So should I enable or disable the "promiscuous mode" ?

opnsense version 18.7
network card Intel Corporation I350 Gigabit Network Connection (rev 01)

Thanks !
Trevelian.