OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: Stril on June 17, 2020, 02:03:24 pm

Title: IDS working, but IPS not - Transparent / Bridge Firewall
Post by: Stril on June 17, 2020, 02:03:24 pm

Hi!

I am trying to setup an in-line-IPS with OPNsense 20.1.

--> OPNSense installed
--> Two Interfaces bridged
--> All offloading disabled
--> IDS activated and configured.


IDS ist working fine and logging alerts.

BUT: If I activate IPS, there are no more alerts, drops, etc.

Do you have any idea, what I could have made wrong?

Thank you for your help
Stril

Title: Re: IDS working, but IPS not - Transparent / Bridge Firewall
Post by: mimugmail on June 17, 2020, 05:24:13 pm

NETMAP code, which is used with IPS mode, doesn't work for bridge interfaces, sorry.

Title: Re: IDS working, but IPS not - Transparent / Bridge Firewall
Post by: mb on June 18, 2020, 01:58:20 am

Quote from: mimugmail on June 17, 2020, 05:24:13 pm

NETMAP code, which is used with IPS mode, doesn't work for bridge interfaces, sorry.

We'll change that soon:

https://forum.opnsense.org/index.php?topic=17363.msg80297#msg80297

Title: Re: IDS working, but IPS not - Transparent / Bridge Firewall
Post by: mimugmail on June 18, 2020, 08:37:30 am

Ah, that reminds me testing the VLANs for the drivers :)