Messages

1

Intrusion Detection and Prevention / Re: No Internet access when IPS is on

« on: October 21, 2019, 04:32:50 pm »

Hey Cajuba.  Did you upgrade to 19.7.5_5 per chance?

Yes, my device is running on 19.7.5_5

2

Intrusion Detection and Prevention / Re: No Internet access when IPS is on

« on: October 18, 2019, 11:30:41 am »

Meanwhile, I am a bit confused... 

As I wrote in my previous posts I had to run IPS on my VLAN Interfaces, but not on the physical interface. Otherwise I would not get DHCP leases on my VLAN Subnets an I could not connect to the internet.

Then the world turned upside down... 
A few days ago I had to perform several reboots after some issues with power supply. After that I was not able to get a DHCP lease with the exact config that used to work before.  So I played around a bit.  After configuring IPS running on the physical LAN interface, but not on the VLAN interfaces anymore I immediately got DHCP Leases on all of my VLAN Subnets. This seems to be stable so far.

I have no idea why the system's behaviour changed after the reboots. From my point of view this seems to be quite strange...

3

Intrusion Detection and Prevention / Re: No Internet access when IPS is on

« on: October 14, 2019, 08:06:10 pm »

Is this with promiscuous mode turned on or off?

It‘s turned on.

4

Intrusion Detection and Prevention / Re: No Internet access when IPS is on

« on: October 14, 2019, 06:41:18 pm »

Can anybody confirm this? The GUI seems to be clear that you need promiscuous 'on' and run suricata on the physical NIC, but I have seen ppl state the opposite here in the forum.

Yes, I can confirm this. 
Following the GUI‘s instructions makes VLANs unusable. My workaround is to put all devices I want to be protected by IPS into seperate VLANs / subnets and turn IPS on on these interfaces. My native non-VLAN subnet remains  “unprotected“.