OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: mni on March 10, 2021, 06:52:31 pm

Title: IDS/IPS on seperate hardware from router
Post by: mni on March 10, 2021, 06:52:31 pm

Hello, total beginner with OPNsense. Just ordered an APU2 board with 3 NICs for my home network, 250/250.
Would like to set up OPNsense and preferably some IDS/IPS to learn network security/monitoring. From what I understand the APU2 board has not enough CPU power do to real time traffic analysis. I have a Proxmox server running with a comet lake intel i5. Is it possible to offload the network analysis to my server somehow?

Title: Re: IDS/IPS on seperate hardware from router
Post by: banym on March 10, 2021, 10:41:49 pm

Maybe you have a switch with mirror port functionality

Title: Re: IDS/IPS on seperate hardware from router
Post by: Tempora on March 26, 2021, 01:01:14 am

I used to run a APU2C4 board - It ran Suricata just fine but took some tweaking and careful rule selection.

As above, you'd want to configure a port mirror (aka SPAN). Then you can use something like an all one package such as SecurityOnion.