OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Supermule »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Supermule

Pages: 1 ... 6 7 [8] 9 10 ... 16
106
20.1 Legacy Series / 601.423468 [3911] netmap_transmit em1 full hwcur 222 hwtail 155 qlen 66
« on: June 08, 2020, 06:02:35 pm »
Getting a lot of those errors on em1. Not happening on em0.

Is this IDS/IPS related?

107
General Discussion / Re: FreeNAS Windows/SMB Share Ports
« on: April 30, 2020, 06:35:55 pm »
Are you scanning from LAN to LAN??

Or are you traversing the FW?

108
Hardware and Performance / Re: OPNsense on a standalone vmWare host 100% CPU
« on: April 25, 2020, 10:47:45 pm »
I need to see the system....

And how its configured for ESXi....

109
Hardware and Performance / Re: OPNsense on a standalone vmWare host 100% CPU
« on: April 20, 2020, 07:55:35 am »
Leave that for now... we have to get it running as it should on production software.

110
Hardware and Performance / Re: OPNsense on a standalone vmWare host 100% CPU
« on: April 20, 2020, 04:41:13 am »
Can you decrease the number of cores to 1 and check if there is an update to Opnsense?

Latest is 20.1.4...

111
Hardware and Performance / Re: OPNsense on a standalone vmWare host 100% CPU
« on: April 19, 2020, 10:33:14 pm »
Can you post the CPU performance graph over time on the VM if you click on the performance tab??

Otherwise send me a teamviewer ID and code, I will log on and investigate if that works for you?

112
Hardware and Performance / Re: OPNsense on a standalone vmWare host 100% CPU
« on: April 19, 2020, 08:00:13 pm »
If you see CPU idle on OPNsense and thats close to 100% then everything is fine. It does nothing so it schedules idle time...

How many cores do you have?

113
Hardware and Performance / Re: OPNsense on a standalone vmWare host 100% CPU
« on: April 19, 2020, 07:17:18 pm »
I think youre wrong...

How many vm's are on that server??

You can easily set the shares on the Vcpu's so that the performance doesnt take a hit like you say.

114
Hardware and Performance / Re: OPNsense on a standalone vmWare host 100% CPU
« on: April 19, 2020, 03:32:13 pm »
309 mhz is VERY low.....


115
Hardware and Performance / Re: OPNsense on a standalone vmWare host 100% CPU
« on: April 19, 2020, 02:23:55 pm »
What version of OPNsense and can you post pictures of your VM's CPU performance??


116
General Discussion / Re: DNS via Opnsense and no option to bypass it...
« on: April 11, 2020, 07:44:25 pm »
This doesnt work... I can bypass it using Googles DNS which shouldnt be possible.

117
20.1 Legacy Series / Re: 100% CPU (linked to IDS/Suricata?)
« on: April 11, 2020, 04:09:47 pm »
What hardware??

118
Intrusion Detection and Prevention / Re: Suricata logs and what they mean??
« on: April 10, 2020, 06:07:43 pm »
Is there a manual for geo blocking in Opnsense?

119
Intrusion Detection and Prevention / Re: Suricata logs and what they mean??
« on: April 10, 2020, 10:54:55 am »
IMHO then IDS places itself inline into the network stack, so alerts on WAN is before it enters NAT.

So when alerts on WAn is triggered its before it enters the filters asf.

So you know whos visiting you and where they look and how they look. Thats the IPS part.

When you monitor LAN then the intrusion is underway to one of the devices on LAN. (to and from NAT).

So there is the alert that a guy from Ukraine is hammering the door of 3389 which is the internal port for RDP on a specific device...

They are allready through WAN after they did a through portscan that the FW didnt detect and eventually dropped/blocked permanently.

And thats the huge concern here. That you are dealing with intruders AFTER they have penetrated the outer perimeter.



Quote from: phoenix on April 10, 2020, 08:37:23 am
Quote from: hbc on April 09, 2020, 11:01:45 pm
Usually you enable suricata on wan. And IPS is triggered before firewall. You will get these alerts even if you do not have any open rdp ports.
Unless I'm misunderstanding the documentation but I don't think that's correct, if you enable IDS on the WAN the packets will have been through NAT and all the alerts will appear to be from your internal network - the documentation is here: https://docs.opnsense.org/manual/ips.html#choosing-an-interface

I have a recollection that there was a recent post from Ad that said you should use in LAN interface for IDS but feel free to correct an amateur if you think I've got it wrong. :)

[EDIT]Sorry, I forgot to mention that if you use the internal interface that you should add the WAN address to your h'home network' in the Advanced settings, further info in the "Update (9/14/2019)"  section of this article: https://homenetworkguy.com/how-to/configure-intrusion-detection-opnsense/

120
Intrusion Detection and Prevention / Re: Suricata logs and what they mean??
« on: April 10, 2020, 03:48:18 am »
One would run RDP on non std. ports no issues if you have a very mobile workforce and VPN is not performing very well...

Pages: 1 ... 6 7 [8] 9 10 ... 16
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2