OPNsense Forum
English Forums => Hardware and Performance => Topic started by: dragon2611 on July 10, 2016, 05:39:31 pm
-
I know it would offer far weaker protection but I'd like an option to see the IPS/IDS done out of band/low priority then use the firewall for blocking (IPS) for those of us running lower end Hardware.
I tried running opnsense's IDS on my N3050 based board in proxmox and with virtIO it just breaks all traffic, with E1000's it seemed to work but it wouldn't manage more than about 40Mbit/s with an noticeable increase in latency.
Currently I'm mirroring the traffic to Security Onion VM running snort and doing the IDS scanning there, this seems to work and I've been able to set the CPU priority in such a way that the Opnsense VM gets prioritised. That said I can't (Unless I script something) then block anything automatically based on the scan result
I managed 100Mbit/s earlier (which is the max of both my VDSL2 lines combined), not sure if the IDS was able to keep up but since it's my home network it's not world ending if it doesn't (Beforehand I used an ER-X and didn't do any IDS scanning at all)