OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: smoore on February 16, 2019, 09:27:28 pm

Title: Making an inline Suricata box using OPNsense
Post by: smoore on February 16, 2019, 09:27:28 pm

I'm looking to make an inline Suricata box to intercept certain applications. I need DPI to detect certain applications (i.e. unauthorized VPN traffic) and block it. The box needs to be inline and receive its LAN IP address from the DCHP server.

I have been looking at OPNsense (as opposed to Security Onion) to do this project quickly but got lost in the configurations. Is there a knowledgebase article to setup OPNsense in bridge mode to transparently pass through traffic with Suricata IPS active?

Title: Re: Making an inline Suricata box using OPNsense
Post by: franco on February 19, 2019, 11:39:36 am

Hi,

Technically https://docs.opnsense.org/manual/how-tos/transparent_bridge.html will get you started and enabling IPS is done normally on top. But you can get away with listening on either LAN or WAN exclusively as the traffic will be the same.


Cheers,
Franco