Messages

1

Intrusion Detection and Prevention / Re: Intrusion detection no showing alerts

« on: August 06, 2019, 03:07:53 pm »

It's WAN interface.(Virtual netcard).
I installed PFSense in the same VM configuration and Suricata works fine.
Also, if instead of Virtual network card I use physical network card, like WAN interface, OPNsense Suricata works perfectly.
I will be appreciate for any ideas.

2

Intrusion Detection and Prevention / Re: Intrusion detection no showing alerts

« on: August 05, 2019, 12:54:53 pm »

Hi.
I have the same issue with OPNSense 19.7.1-amd64 FreeBSD 11.2-release-p11-HBSD.
I try to use Suricata (4.1.4_3) on VMWare virtual machine (ESXi 6.5). Network card that I use is VMXNET3 with inheritance in Promiscuous mode inherited from Virtual switch. (-WAN interface)
My Config  :  Enabled

                   IPS mode []
                   Promiscuous mode

                   Pattern matcher [Aho-Corasick]
                   Interface [WAN]
Some Rulesets were installed and rules enabled (ET open/emerging-icmp,icmp_info,scan,sql,misc).
I tried to test system by ping request and by port 1433 scanning and did not received in this configuration any Alerts.
Rules for check - "ET SCAN Suspicious inbound to MSSQL port 1433"
and      "Protocol-ICMP Ping"

Any hints, ideas? What's wrong?
thanks