1
Intrusion Detection and Prevention / IPS allowing traffic despite policy is set to drop
« on: April 22, 2023, 05:32:26 am »
I have configured Suricate on WAN interface, enabled IPS mode, downloaded and installed ET Telemetry rules and added token, created policy with all rulesets selected, action set to Alert and new action set to Drop, the other parameters have all been left to default values.
I started getting alerts in Services>Intrusion Detection>Administration>Alerts however it shows 'allowed' in action column instead of blocked.
Kindly could anyone please shed some light on how to properly configure Suricata in IPS mode to actually block traffic?
I started getting alerts in Services>Intrusion Detection>Administration>Alerts however it shows 'allowed' in action column instead of blocked.
Kindly could anyone please shed some light on how to properly configure Suricata in IPS mode to actually block traffic?