OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: thalin on June 09, 2016, 10:39:47 am

Title: Can't reach a web page when IPS mode is enabled
Post by: thalin on June 09, 2016, 10:39:47 am

Hi,

I have enabled Intrusion detection with a few rules. If I enable IPS mode my browser can't reach the site http://seb.se/ (A Swedish bank). I don't get any alerts of denial. I have not  seen this issue with any other web site. How can I debug this issue?

Title: Re: Can't reach a web page when IPS mode is enabled
Post by: phoenix on June 09, 2016, 02:12:54 pm

Are you able to reach that site when you disable the IPS service? If you can I'd suggest you look at the specific rules you've enabled that's most likely blocking the site. Is there really nothing in the log files? Are you actually blocking using IPS or just alerting?

Title: Re: Can't reach a web page when IPS mode is enabled
Post by: thalin on June 10, 2016, 10:02:25 am

If Intrusion Detection is enabled but Prevention is off (that is only alert no blocking) it works. But I still do not get any alert. Are the any log files that I should look at by login in with ssh?

Title: Re: Can't reach a web page when IPS mode is enabled
Post by: thalin on June 12, 2016, 12:44:34 pm

If I wait long enough Chrome gives the error ERR_CONNECTION_RESET.