OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: msmarcapo on January 10, 2023, 11:14:10 am

Title: IDS enabled HighPing / Timeout
Post by: msmarcapo on January 10, 2023, 11:14:10 am

Hey,
we are using OPNsense 22.7.10_2-amd64 on an AMD EPYC 7272 12-Core Processor (12 cores, 24 threads).
We enabled IDS with disabled Promiscuous Mode and Logging. As pattern matcher we setup hyperscan. Hardware offload is disabled.
IDS is restricted to the internet / uplink Interface and specific networks. The Speed is gigabit.
We've downloaded and enabled all rules.

We can reproduce that after enabling IDS and waiting for 5-15mins we got highpings and timeouts every few pings between hosts.
Its unusable for us at this state. This Hardware should be play with IDS easily we think?

How can we prevent this? What are we missing?

Thanks for Ideas!

Title: Re: IDS enabled HighPing / Timeout
Post by: msmarcapo on January 31, 2023, 04:37:17 pm

Solved the issue.
The DNS-Server in the Opnsense was wrong. So it cant resolve internal DNS-Records correctly.
After solved this IDS works fine without high CPU-Load or highpings.

Title: Re: IDS enabled HighPing / Timeout
Post by: mschmidt on February 01, 2023, 10:49:41 am

We have the same problem on one of our installations.
can you specify what you did to your dns config?

Title: Re: IDS enabled HighPing / Timeout
Post by: msmarcapo on February 02, 2023, 09:49:00 am

Quote from: mschmidt on February 01, 2023, 10:49:41 am

We have the same problem on one of our installations.
can you specify what you did to your dns config?

We installed the Server in an complete fresh environment which didnt contains an own DNS-Server at this moment. So we add an public dns server entry on the install dialoge.
We forgot to change that setting, so no internale name cant be resolved from opnsense.

Title: Re: IDS enabled HighPing / Timeout
Post by: mschmidt on February 02, 2023, 05:54:27 pm

thank you :)