OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: olest on June 24, 2019, 12:07:13 pm

Title: Problem with access between LAN and LAN_VLAN with IPS
Post by: olest on June 24, 2019, 12:07:13 pm

When I enable IPS on LAN interface and use "Promiscuous mode" I cannot access my Synology NAS at LAN_VLAN1200 from a PC at LAN.

Title: Re: Problem with access between LAN and LAN_VLAN with IPS
Post by: russella on July 24, 2019, 06:49:57 pm

Try the following: Goto Interfaces->Settings and set Hardware CRC, Hardware TSO and Hardware LRO all to Disabled (i.e. Checked) and set VLAN Hardware Filtering to Disable VLAN Hardware Filtering

Title: Re: Problem with access between LAN and LAN_VLAN with IPS
Post by: ruggerio on July 24, 2019, 08:42:53 pm

do not use promiscuous. yor traffic will get inspected on the real portport.

i tried that too, but then remarked, that it got inspected on lan instead of vlan-interfaces.

Title: Re: Problem with access between LAN and LAN_VLAN with IPS
Post by: olest on August 06, 2019, 08:34:28 am

Yes "Promiscuous mode" is the problem.
Should I still only select LAN interface in IPS settings to get IPS on VLAN interfaces?

Tried to disable VLAN Hardware filtering also but no change.

Title: Re: Problem with access between LAN and LAN_VLAN with IPS
Post by: ruggerio on August 07, 2019, 04:14:18 pm

your crossed answer was the right. disable promiscuous mode and the vlan interfaces.

check then, usually its been checked on the physical interface, nonetheless it will show up with your vlanmy config works like this.