OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: rradu92 on August 24, 2016, 09:03:20 am

Title: [SOLVED] IPS Mode not working
Post by: rradu92 on August 24, 2016, 09:03:20 am

Hello,

I'm testing a virtual machine (4 gb ram, 8 core) with the last opnsense firewall.

All work great but Intrusion Detection with IPS activated.

If I disable IPS all work again, but if I enable IPS (with and without promiscuous mode) I can't do anything. I have teste without any rulesets without success.

It will be really great to have it working.

Thanks

Title: Re: IPS Mode not working
Post by: phoenix on August 24, 2016, 09:11:10 am

There are several threads on this topic, have you looked at them? Have you followed the instructions to disable all the NIC offload features? Which virtualization and which NIC is used in this VP?

I'm interested to know why you have eight vCPUs on this VM, that's really too many and may cause you problems down the line - the aim in a VM is to use as few vCPUs as is necessary for the workload. I'd suggest reducing that to one or, at the most, two vCPUs and see what happens.

Title: Re: IPS Mode not working
Post by: rradu92 on August 24, 2016, 09:34:48 am

Hello,

I have read all the IPS and Intrusion detection related documentation and other people posts and no success.

I have no VLANS, no link aggregation.

My build is a virtual machine in the datacenter with 2 nics and direct internet access over the wan and in the lan side I have 1 cisco 2960-s switch, then a mikrotik ccr1036-4s for my laboratory network and a direct cat6 cable to a unifi AC access point. The only one client it have is my connected thinkpad.

I can destroy "everything" I'm in a laboratory enviroment.

I have CRC, TSO and LRO disabled.

For the virtualization enviroment I use ovirt cluster that is based in libvirt. The nic driver I use is virtio

I reduced the vCPU to 2 and rebooted the VM with no success.

Title: Re: IPS Mode not working
Post by: rradu92 on August 24, 2016, 05:12:51 pm

Ok,

Can mark as solved, the issue was the network card, virtio is not compatible with ips as I can see, switched to e1000, reconfigured the network interfaces and all ok with ips and promiscuous.

Thanks phoenix for your help.

Title: Re: [SOLVED] IPS Mode not working
Post by: franco on August 25, 2016, 08:58:10 am

Just for the record: what virtualisation was that?

Title: Re: [SOLVED] IPS Mode not working
Post by: rradu92 on August 25, 2016, 12:01:27 pm

I'm using oVirt that is based in KVM

Here you can find more info about oVirt: https://www.ovirt.org/ (https://www.ovirt.org/)
and about KVM: http://www.linux-kvm.org/page/Main_Page (http://www.linux-kvm.org/page/Main_Page)

Title: Re: [SOLVED] IPS Mode not working
Post by: bobbythomas on August 26, 2016, 08:11:35 am

I also run a virtualized opnsense on my Proxmox box which is based on KVM, are you able to fine tune the ips rules? Is there an option to edit/search the ips rules?

Sent from my ONE A2003 using Tapatalk

Title: Re: [SOLVED] IPS Mode not working
Post by: rradu92 on August 26, 2016, 08:25:53 am

Hello,

I have it running fine wth e1000 driver and promiscuous mode enabled.

You cannot edit rules (or I can't see the option to edit), but you can add user defined actions in the "user defined" tab and you can enable/disable it in the "rules" tab.