Messages

I had the same issue and the following change under "firewall-settings-advanced-Firewall Maximum Table Entries, increased to 800000 resolved the issue.

Question about rule-sets and rules, if you disable all rule-sets under Download Tab in Intrusion and Detection shouldn't that disable all the rules associated w/ that rule-set under rules and vice-versa (enable rulesets will enable all rules)?

I disabled all the snort rule-sets and I assumed that would disable all the rules, but I still see the rules as enabled and receiving alerts.

I was able to disable the snort rulesets and rules, now the rules tab is clear. I went back and enabled 3 snort rule-sets, enabled and downloaded rules however, no rules are showing under the rules tab even though I have 3 rule-sets enabled and installed. Having a challenge understanding the logic.

Thanks

Update: I was able to resolve the issue by reinstalling 1.6Beta3 however, when I re-apply my premium key I receive the following error, "We couldn't verify your activation key..." I opened up a support ticket/email.

I assume this is the correct thread to post in specific to opnsense and sensei. The issue I am having is specific to my ring cameras and sensei. I am unable to pull up the live video from the ring app on either my PC or mobile devices unless I enter bypass mode in sensei.

I have checked the policy and I don't have any setting that would block ring as far as I can tell however, when I look at the sensei logs I see the following, see attached file.


What's odd is that the sensei log/reports secure web browsing is blocked, but when I look at the policies this is not the case.

Lastly, I decided to reinstall sensei and now I receive the following error during hardware check, unable to complete hardware check. I am running a Corei7 and 32GB RAM and didn't have any issues during the initial install.

Well after hours and hours of troubleshooting and clearing states, I rebooted all my APs, switch, and FW/OPNSense and now it's working  :o

No idea what was going on, any ideas?

Check the interface configuration if you have the "block private networks" checkbox enabled.

Thanks for the reply, that box is unchecked.

I setup VLAN20 and assinged to my LAN interface, enabled, created DHCP scope, and created firewall rules under the VLAN20 interface named IOT.

The clients get a DHCP address in the correct network, 192.168.20.0/24,but I can't access the other VLAN or the internet. Looking at the firewall logs I see the following:

2020-09-05T15:51:57   filterlog[78388]   6,,,0,em1_vlan20,match,block,in,4,0x0,,128,20785,0,none,17,udp,64,192.168.20.100,192.168.20.1,65037,53,44

Here is the firewall rule I created just to test:

IPv4 *   IOT net   *   *   *   *   *


What am I missing?

Thanks

"I just installed 20.7 on a brand new Qotom Q575G6.

Previously on a Protectli (Celeron 2.4 Ghz, 8G RAM, 32 SSD) and I got 950+ Mbps via Speedtest.net without Sensei and 600 Mbps with Sensei default settings.

On Qotom Q575G6 (i7 2.7 Ghz, 16 G RAM, 512 SSD) and I get 950+ Mbps via Speedtest.net without Sensei and ~250 Mbps with Sensei default settings. If I enable bypass mode on Sensei I get 950+ Mbps again.

I have tried enabling PowerD (helps a little ~280 Mbps), but that didn't help very much.

I'm wondering if there is a related issue."


I have the exact same issue w/ 20.7.1 and Sensei, Sensei enabled ~250 and disabled full bandwidth. Had the support staff at Sensei take a look and indicated no problem, which I disagree. Did not have the issue prior to 20.7. My setup is a Core i5, 32GB RAM, and intel NICs.

I have them all enabled and go back and select the countries from a granular level i.e., I unselect United States, Germany (OMV), and Netherlands (OPNSense).

I assume you need to weigh out the resources needed, larger the list/countries blocked the more resources you need i.e., CPU and RAM. I run OPNSense on an i5 quad core and 32GB RAM and have no issues.

Thanks for all the help, new to opnsnese and still learning....

Updated, see attached.

Thanks

Thanks again, scaled down to 2 floating rules and added the interfaces, see attached.

Thanks for the replies and here are my GeoIP floating rules:

Would the following rules be sufficient for GeoIP?

Hi @aimdev, thanks. Do you have Suricata (in IPS mode) on WAN? If so, that's good. Yours is another testimony that this particular chipset works.

@mb just a FYI, I do have Suricata running in IPS mode on the WAN interface however, I had to add the WAN IP to the "Home Networks in order to start logging and blocking, chipset em0@pci0:1:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00.

Question, I subscribe to Sensei and still confused on the road map, is the ultimate goal is to use Suricata on both internal and external interface to take the place of Suricata or use both? Under Sensei Configuration, I do not have an option to select the external/WAN interface, just LAN and and VLANs.

Again, just a little confused on this entire Sensei, Suricata, and netmap effort.....

TIA

New to opnsense, but I assume these FireHOL rules need to be moved to the top of the lists for both LAN and WAN?

Currently I have my GeoIP rules at the top, any concern there?

TIA