Messages

Hey Cajuba.  Did you upgrade to 19.7.5_5 per chance?

Yes, my device is running on 19.7.5_5

Meanwhile, I am a bit confused...  :-\

As I wrote in my previous posts I had to run IPS on my VLAN Interfaces, but not on the physical interface. Otherwise I would not get DHCP leases on my VLAN Subnets an I could not connect to the internet.

Then the world turned upside down...  :o
A few days ago I had to perform several reboots after some issues with power supply. After that I was not able to get a DHCP lease with the exact config that used to work before.  So I played around a bit.  After configuring IPS running on the physical LAN interface, but not on the VLAN interfaces anymore I immediately got DHCP Leases on all of my VLAN Subnets. This seems to be stable so far.

I have no idea why the system's behaviour changed after the reboots. From my point of view this seems to be quite strange...

Is this with promiscuous mode turned on or off?

It's turned on.

Can anybody confirm this? The GUI seems to be clear that you need promiscuous 'on' and run suricata on the physical NIC, but I have seen ppl state the opposite here in the forum.

Yes, I can confirm this. 
Following the GUI's instructions makes VLANs unusable. My workaround is to put all devices I want to be protected by IPS into seperate VLANs / subnets and turn IPS on on these interfaces. My native non-VLAN subnet remains  "unprotected".