Messages

Crowdsec on the router is not going to be controversial.
IDS/IPS is more questionable, especially if you're blocking everything on the WAN side (why bother inspecting traffic that is going to be blocked).
Additionally, encrypted traffic can't be inspected anyway. What's left?

Sensei is facing the same issues. Sensei on a TFB behind OPN with Crowdsec and IDS/IPS looks overkill/redundant.
I've seen articles with proxies terminating SSL for inspection purposes. I have not bothered trying, but it could be better use of your HW IMO.

Thank you for the prompt reply, Eric! That's what I thought. Well, I guess I have to find now another purpose for the HW I was planning to use as a TFB :-)

Hi,

I have a silly question since I do believe I am missing something. I am trying to determine the advantage of using a TFB (Transparent Filtering Bridge) if I have IDS, IPS and CrowdSec running on my OPNSense router. I have completed setting up a separate device as a TFB (using OPNSense) which works as expected but knowing that I already have those services enabled on the OPNSense router, I am not seeing the advantage of using the TFB (I was planning to put it between the OPNSense router and the internal network). The CPU on the router is more than capable running those services (i5-7500).

I guess running Zenarmor on the TFB could be one option since Suricata and Zenarmor don't work well together on the same machine.

That said, I do want to use a TFB, if it makes sense.

Any guidance/clarification on the above is extremely appreciated.

Thank you so much!

Update: due to a SSD failure, I had to replace the SSD, reinstall OPNSense and restore the configuration. As part of the process, I had to reinstall all the plugins. That has fixed the apcupsd plugin. Running on OPNSense ver. 23.7.5 at the time of writing and apcupsd works as expected.

I have created an OPNSense account specifically to reply to this post. This is to confirm that I also encounter the same issue. And yes, also started to encounter the issue after upgrading to 23.1.11. It's still an issue on 23.7.1. I hope a fix will be released soon since the plug-in is really great and I couldn't find any replacement for APC UPS'.