Show Posts
1
Intrusion Detection and Prevention / IPS Suricata - Strange Behavior
« on: February 28, 2022, 05:28:15 pm »
Hello guys,
We are new at this system and we are noticing some strange behavior about IPS/IDS (Suricata system).
We have a Suricata installation on Vmware.
This OPNSENSE has 8vCores + 8GB Ram and we have SSD do filesystem and have syslog external.
The objective is to provide a 2nd level of IPS/IDS, since the OPNSENSE has an IP that is the gateway from all virtual servers.
All services are running OK but time to time, we have strange sloness on the network, for exampla a file transfer between someone local on the LAN and the fileshare on the virtual environment are processed at Kb/s...
The method we have seen to correct this is to disable IPS mode and then enable it again..
The we achive more than 50MB/s ..
Current specs :
Versions OPNsense 21.7.8-amd64
FreeBSD 12.1-RELEASE-p22-HBSD
OpenSSL 1.1.1m 14 Dec 2021
We are new at this system and we are noticing some strange behavior about IPS/IDS (Suricata system).
We have a Suricata installation on Vmware.
This OPNSENSE has 8vCores + 8GB Ram and we have SSD do filesystem and have syslog external.
The objective is to provide a 2nd level of IPS/IDS, since the OPNSENSE has an IP that is the gateway from all virtual servers.
All services are running OK but time to time, we have strange sloness on the network, for exampla a file transfer between someone local on the LAN and the fileshare on the virtual environment are processed at Kb/s...
The method we have seen to correct this is to disable IPS mode and then enable it again..
The we achive more than 50MB/s ..
Current specs :
Versions OPNsense 21.7.8-amd64
FreeBSD 12.1-RELEASE-p22-HBSD
OpenSSL 1.1.1m 14 Dec 2021