OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: Julien on November 20, 2020, 02:27:56 am

Title: IDS OVER VPN
Post by: Julien on November 20, 2020, 02:27:56 am: Dear All,

we have been using OPNsense for over 4 years, we have happy with it, and big thank you the developers for this great software.
I have a couple of concerns.

1- IDS/IPS enabled in the WAN.
we have IPS /IDS enabled on the WAN,i've attend a online training of suricata they advise to run the IDS/IPS on the LAN because OPNsense blocks anything on the WAN already.

we have site to site VPN from Office 1 to Office 2 when I apply the IDS/IPS on the LAN Interface I cannot connect using RDP/https/ ect... I even cannot ping.
on the IDS alert there is nothing there about those connections been blocked. when I switch to WAN stuff start working.

What am I doing wrong?

appreciate each support.
Title: Re: IDS OVER VPN
Post by: lfirewall1243 on November 24, 2020, 09:32:38 am: Do you have "Block" Rules enabled?
Title: Re: IDS OVER VPN
Post by: Julien on November 28, 2020, 01:36:49 am: Quote from: lfirewall1243 on November 24, 2020, 09:32:38 am
Do you have "Block" Rules enabled?
What rules are you referring to? On the ids site ?
Title: Re: IDS OVER VPN
Post by: lfirewall1243 on November 28, 2020, 07:18:37 am: Quote from: Julien on November 28, 2020, 01:36:49 am
Quote from: lfirewall1243 on November 24, 2020, 09:32:38 am
Do you have "Block" Rules enabled?
What rules are you referring to? On the ids site ?
Yes IDs rules
Title: Re: IDS OVER VPN
Post by: Julien on December 06, 2020, 10:35:16 pm: Quote from: lfirewall1243 on November 28, 2020, 07:18:37 am
Quote from: Julien on November 28, 2020, 01:36:49 am
Quote from: lfirewall1243 on November 24, 2020, 09:32:38 am
Do you have "Block" Rules enabled?
What rules are you referring to? On the ids site ?
Yes IDs rules

yes we do have them enable to block the IDS rules.
see attached