"
Good morning, after fully configuring my network, following the advice on the forum and reading tutorials, etc... I have started to configure a protection in upper layers, unfortunately my hardware is not enough to support Zenarmor, I have installed and configured Suricata and it has been a disaster. Possibly due to some configuration that I am not doing well. I have chosen to enable it in the internal networks according to the general recommendation.
I have several questions:
1. My network is configured with several bridges to extend the vlans between several cards. Example: vlan1_salon (igc0)->bridge0->vlan1_rooms(igc1). In the system tuneables configuration, filtering is disabled on the interfaces and enabled on the bridge.
All hardware acceleration features are disabled and promiscuous mode is enabled.
In the IDS/IPS interface configuration do I have to select the bridge interface alone?
2. In the $HOME variable I have deleted the predefined networks and set all my subnets/vlans to CIDR. Do I have to define all of them including those not selected in "Interfaces"?
3. Regarding the rules. I have installed the plug-ins for ET Telemetry and Snort, but they are a huge amount for my experience. I have uninstalled both plug-ins to start with the basics, but I cannot delete the rules that had already been downloaded. I understand that enabling the open rules for ET, abuse.ch and the built-in application detection rules is enough for basic and initial protection?
Thank's in advance.
I have several questions:
1. My network is configured with several bridges to extend the vlans between several cards. Example: vlan1_salon (igc0)->bridge0->vlan1_rooms(igc1). In the system tuneables configuration, filtering is disabled on the interfaces and enabled on the bridge.
All hardware acceleration features are disabled and promiscuous mode is enabled.
In the IDS/IPS interface configuration do I have to select the bridge interface alone?
2. In the $HOME variable I have deleted the predefined networks and set all my subnets/vlans to CIDR. Do I have to define all of them including those not selected in "Interfaces"?
3. Regarding the rules. I have installed the plug-ins for ET Telemetry and Snort, but they are a huge amount for my experience. I have uninstalled both plug-ins to start with the basics, but I cannot delete the rules that had already been downloaded. I understand that enabling the open rules for ET, abuse.ch and the built-in application detection rules is enough for basic and initial protection?
Thank's in advance.
