OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of ruggerio »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - ruggerio

Pages: 1 ... 7 8 [9] 10 11 ... 20
121
Intrusion Detection and Prevention / Re: opnips in conjunction to opnsense
« on: July 26, 2019, 07:22:15 am »
@franco: this could explain, why i rested on 18.9 though, but would be good nows. having an idp instead ips with machine learning would be great stuff and much more arguments for opnsense. And yes, it would simplify things...

@bunchofreeds: the project itself seems to be very interesting, having a tap-interface by network was what i expected to have. But as a completely unexperiencend on that, i am glad to have those informations. Read lots of, but never ever got the way.

lots of caveats i think. i prepared now the "WAN"-Port inside my network (it's called mgt, so i believe it's just kind of management port, as the tap shouldn't get an ip, as i read in opnids-forums). So either you have one separate device with one tap on your network, where wan is the effective lan and a tap in behind. I did not quite understand the flow, as i did not find any kind of bridge.

Having multiple taps per network would make an ip on the tap necessary, is i cannot imagine how else routing should be defined.

would you install the opnidp in front of the regular firewall?

Thx

122
Development and Code Review / Re: UniFi Controller
« on: July 24, 2019, 08:50:23 pm »
Works like a charm. But asks for updates on outdated packages on the opnsense afterwards.

123
Intrusion Detection and Prevention / Re: Problem with access between LAN and LAN_VLAN with IPS
« on: July 24, 2019, 08:42:53 pm »
do not use promiscuous. yor traffic will get inspected on the real portport.

i tried that too, but then remarked, that it got inspected on lan instead of vlan-interfaces.

124
Development and Code Review / Re: UniFi Controller
« on: July 24, 2019, 03:50:00 pm »
btw. executing the script as mentionned on the 1st thread, it now also installs openjdk on the opnsense.

125
Intrusion Detection and Prevention / Re: opnips in conjunction to opnsense
« on: July 24, 2019, 07:28:38 am »
first, you are right with work in progres, as the last "release" is 18.9 - but the website says its production. But after installing it, i got the same impression as you.

What i hoped to get is some ideas, like other do, but i makes it easier for other to see how i would like. And just for information: it's a small home network. So, first le me design the existing network:


evil           ---            WAN-Port           ---           LAN                ---    LAN-Network      --- NAS, devices, Wifi
internet               PC-Engines APU4           PC-Engines APU-4             8-Port Switch           several VLAN's
                                (Port 1)                        (Port 3)
                                (DHCP)                         (Private Adress)     
                                (Opnsense 19.7)
                                                         ---           DMZ               ---    DMZ-Network     --- Several LXC Contain.
                                                               PC-Engines APU-4             8-Port Switch
                                                                    (Port 2)
                                                                    (Private Adress)


Remarks: The PC-Engines APU-4 is the same machine for alle mentionned above.

For me, it would be the idea to split suricata off the opensense and having opnids as passive (i know, it's not inline...) monitor.

- Surveying the internal networks
- Surveying the DMZ
- If possible, surveying the WAN-Port too.

I think, having the openids in front of the opnsense would not work for me, as this would make it complicated for servers (web, mail, etc...), as i use letsencrypted. I am searching the "correct" place for the opnids and i still did not really understood how i get it "sniffing" the networks. Do i still have to do some port mirroring/span for this?

Thx for any ideas how others have something equal running. I read lots of information, but sill have a knot.

Ruggerio

126
Intrusion Detection and Prevention / opnips in conjunction to opnsense
« on: July 23, 2019, 07:55:35 am »
Hello,

I know, i am in the wrong forum, but @opnidp no chance on answer.

I installed opnidp as separate idp from my firewall, using a TAP-device. Unfortunately, i am completely unexperienced in that matter. :(

Even if it's a tap-device, i think my networks have to be aware of this. And as it isn't an inline idp, it makes no sense, placing it as default route.

Could anybody help me with the architecture? Where does the device, which has the ips need to be connected? To the WAN-Port, in front of the firewall?

How would you do this? Thanks for any proposals or ideas. As it is still WIP for me, i appreciate any information.

127
German - Deutsch / Re: Host Override ohne Domain-Namen?
« on: July 20, 2019, 10:57:44 pm »
nein. auch bei Win. kann aber sein, dass dein Client noch nicht alles hat.

nach mal ne cund auf und gib ipconfig /flushdns ein. Danach nochmal probieren.

Notfalls am Client die search domain auf den DNS-settings manuell eintragen.

128
Development and Code Review / Re: Wireguard in opnsense
« on: July 17, 2019, 11:31:25 am »
Congrats to today's golive as 1.0 in 19.7.

Roger

129
Intrusion Detection and Prevention / Re: Suricata 5 Beta - Can We Upload to OPNSense
« on: June 26, 2019, 01:44:11 pm »
OK, can we be sure, that the rulesets e.g. of ET Open are compatible between the versions?

130
Intrusion Detection and Prevention / Re: Suricata 5 Beta - Can We Upload to OPNSense
« on: June 26, 2019, 12:50:18 pm »
so i ask, if it makes sense to test s5 here?

131
Intrusion Detection and Prevention / Re: Suricata 5 Beta - Can We Upload to OPNSense
« on: June 26, 2019, 07:52:01 am »
Still no change - am i the only tester for the moment? When is 5 planned in opnsense for golive?

btw. i deleted all the rules in /usr/local/etc/suricata/rules and ./opnsense-rules, as i got massy of errors of flowbits set. Re-downloaded all the rules i checked, but the errors persist.


132
Intrusion Detection and Prevention / Re: IPS stops working (19.1.2)
« on: June 21, 2019, 07:55:19 am »
Is this resolved? I still have flowbit-warnings and nearly no log-entries.

133
Intrusion Detection and Prevention / Re: Suricata 5 Beta - Can We Upload to OPNSense
« on: June 21, 2019, 07:19:39 am »
still only entries in alarm-tab,  if i test a eicar. Nothing else. I am not sure, if it is working correct. Somebody else perhaps with more reliable results?

btw. i am in IPS-Mode. Will switch now to IDP.

134
Intrusion Detection and Prevention / Re: Suricata 5 Beta - Can We Upload to OPNSense
« on: June 18, 2019, 03:48:29 pm »
After changing some rules today i have the following message:

suricata: [100705] <Warning> -- [ERRCODE: SC_WARN_OPTION_OBSOLETE(233)] - netmap interface igb2+ uses obsolete '+' notation. Using '^' instead

in this case, its the wan-interface. But this comes for all interfaces.

And: get nearly no entries in Alert-log, but having a web- and mailserver with both imap and smtp-rules...). This feels a little bit strange. On Suricata 4 too.




135
Development and Code Review / Re: Wireguard in opnsense
« on: June 17, 2019, 09:24:42 am »
That might be. I wouldn't do that also not by default, but as it is in Proxy, giving the option to let it be done. So it's the decision of the user.

In each case, it would it make much easier for SOHO-Users, which are not that experienced.

Pages: 1 ... 7 8 [9] 10 11 ... 20
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2