Messages

If I monitor the WAN port only I get no alerts, but if I also monitor the LAN port then the alert tab starts to populate...

Okay, found it.

@N0_Klu3
Would you mind to explain how to create those rules ? Or a link with instructions ?

I'm trying to understand the meaning of 'prioirty' in System->Gateways->Single as there are 255 possible values (the documentation doesn't say much), could anyone elaborate on that ?

I have only one gateway (WAN_PPPoE) and prioprity is set on 254: am I right to think that since I have only one gateway I don't really need to change the priority, it wouldn't make any difference at all, right ?

Tia.

If I'm right, thats os-dmidecode

Indeed, thank you.

it runs with new bios as well as good  8)

Where did you find the widget "Hardware information" ?

Thanks.

@gpb indeed I'm not impressed, but I would be happy if it would properly work: does it happen to you also it cannot find your location?

Like I said, it thinks I'm in Rome, don't understand why...

[Geo Map]

Thanks, I can see the Geo Map has appeared in the 'Hosts' menu.

So, no chance of using GeoIPupdate, updates mus be done manually ?? And yes, my CPU usage is too high...

Also, it's not Google Maps but OpenStreetMap (therefore I can't use any Google API key) and I should be located in the middle of Rome  ::)  but I'm actually living about 1,200 miles away...

Something it's not working, it's a shame...

Same situation here, and every time I log in into ntopng I have a message saying the Geolocation has not been enabled and I have to visit this link https://github.com/ntop/ntopng/blob/dev/doc/README.geolocation.md

Frankly, it's quite confusing...

and do a search filter for:

DELETED

these are old rules, and not used rules- but if they are enabled, I don't know if it has any effect on system resources or not- maybe someone can chime in....

anyway, I just pick 1000 again and check sid, then scroll to the bottom and click disable after that's done hit apply, then go thru the next page, if any to see if it applied the disabled to those as well.

Is there a way to delete those rules than just disable them ?

Hello,

I've just enabled the IDS/IPS and by enabling all the default 'Rulesets' I get more than 57K rules and I haven't installed the snort plugin, so my question is: if I use snort, do I also need all those other Rulesets or I can just keep snort ?

Tia.

Okay, thanks and therefore I don't even need to add the WAN IP address in Home networks, correct ?

I don't have any internal services that have to be reached from outside...

I´d put the IPS in the WAN in routed topologies, not natted ones.

Sorry, what does it mean exactly ?

Also, in the alerts tab I see just the same type of alert, 365 entries so far, see attachment: is this a false positive ?

Trying to configure DoT with Unbound and I've found three different settings to insert in the custom options field, very similar, just slightly different, so which one is the correct one, SSL or TLS, with or without the DNS names ?

1) server:
    forward-zone:
    name: "."
    forward-ssl-upstream: yes
    forward-addr: 9.9.9.9@853
    forward-addr: 149.112.112.112@853

2) server:
    forward-zone:
    name: "."
    forward-tls-upstream: yes
    forward-addr: 9.9.9.9@853
    forward-addr: 149.112.112.112@853

3) server:
    forward-zone:
    name: "."
    forward-tls-upstream: yes
    forward-addr: 9.9.9.9@853#dns.quad9.net
    forward-addr: 149.112.112.112@853#dns.quad9.net

Thanks.

Is your WAN source-natting the traffic from your LAN?

Sorry, I don't think I understood... My WAN interface's got a public IP, LAN has got IP address 192.168.0.1 (only IPv4) and my clients are in the range 192.168.0.2--192.168.0.50

Sorry for the 'dumb' question, a newbie here, please don't shoot   :P

What is the correct configuration for the IPS for the interfaces ?

   1) Only LAN ?

   2) Only WAN ?

   3) Both LAN and WAN ?

Lastly, not clear whether or not I should add the WAN IP address in Home networks ?

Many thanks