OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of romans6 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - romans6

Pages: [1]
1
Intrusion Detection and Prevention / Re: IPS not showing alerts and Mass IPS DROP/Rule Enable? - Coming from PFSense
« on: April 08, 2019, 02:08:40 am »
OPNSense looks solid. Let me know if anything changes. Can't wait to use it with my setup.

2
Intrusion Detection and Prevention / Re: IPS not showing alerts and Mass IPS DROP/Rule Enable? - Coming from PFSense
« on: April 07, 2019, 12:21:07 am »
Quote from: chemlud on April 06, 2019, 08:21:55 pm
IMHO there is no suricata with IPS in pfsense. IDS is doing fine on both senses...

@chemlud Let me know if you want to know how to actually enforce IPS on PFSense using VLAN/PPPoE until they get it working on OPNSense. Would love to help. Was hoping to switch over to OPNSense.

Screenshots Here:



3
Intrusion Detection and Prevention / Re: IPS not showing alerts and Mass IPS DROP/Rule Enable? - Coming from PFSense
« on: April 06, 2019, 07:06:48 pm »
That example talks about an old version. I am on v19. No chatter since Jan 2018. Wonder if they are still having problems.

I was using PPPoE with Surricata on PFSense just fine dunno why OPNSense doesn't like it.

Well back to PFSense until OPNSense fixes it. I really love the UI. Bummer I can't use it with PPPoE.

Still wondering about Bulk enable/block. Anyone have any insight on that?

4
Intrusion Detection and Prevention / IPS not showing alerts and Mass IPS DROP/Rule Enable? - Coming from PFSense
« on: April 06, 2019, 06:29:22 pm »
Kinda scratching my head at OPNSense's IPS. I am coming from 4+ years of PFSense. Thought the free ET rulesets from ProofPoint sounded great. Would love to use them.

Context -
Using PPPoE - Broadband
Using VLAN tagging to talk to the ONT on the side of my house
Tokens and OinkCodes are all working and valid
Enabled: Intrusion Detection
Enabled: IPS Mode
Enabled: Promiscuous Mode - Due to VLAN and IPS like helps says
Enabled: Syslog Alerts - So I can see if the rules work and tune if needed
Pattern Matcher: Hyperscan - Faster, but also tried Aho
Interfaces: WAN - For now

1. Not seeing anything under alerts. In PFSense I would see rules as they are hit.
2. Download tab - "Super Easy" to select and enable all and download.
3. Rules tab - Great I see all my rules and can choose to enable.

Q 1: Why Don't I see anything under alerts?
Q 2: Is there an easy way to set DROP to all on the download tab?
Q 3: Is there an easy way to set DROP to all on the rules tab? Not all in the view by clicking next to SID by 10 - 1000 but "ALL" as in all 49000+. This is where PFSense shines.
Q 4: Is there an easy way to "Enable" all in the rules tab akin to the DROP all question. By all I mean all 49000+. Again this is where PFSEnse shines.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2