OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: kapara on November 25, 2018, 12:04:50 am

Title: Suricata and vlans
Post by: kapara on November 25, 2018, 12:04:50 am
I read that you dont want to add vlans to Suricata but when I added the physical interface (LAN) and not the vlan (which is on the LAN physical Interface) as a monitored interface none of my phones would work or get DHCP.  Then when I removed the physical interface (LAN) the phones started to work again.

Is this by design?
Title: Re: Suricata and vlans
Post by: ruggerio on November 26, 2018, 02:55:44 pm
i am not aware of your architecture and wishes, but how big is your installation? I personally (@home!!!!) just inspect traffic on WAN, as i don't want traffic to get inspected, if i am in a "secure" zone.

If you have vlans, have you entered the networks in suricata?
Title: Re: Suricata and vlans
Post by: abraxxa on February 24, 2019, 05:45:31 pm
For me the following worked: