Suricata on just a VLAN?

Started by Patrick M. Hausen, May 04, 2021, 09:34:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 04, 2021, 09:34:29 PM
Hi folks,

just a quick question: my setup is all VLANs on top of a lagg on top of a pair of Intel ix(4). Can I run Suricata on just one VLAN interface? I would like to experiment with it.

Thanks,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 06, 2021, 03:29:27 PM #1 Last Edit: May 06, 2021, 03:40:51 PM by Vilhonator
Yes it is possible.

On web gui, go to Services ---> Administration and on the interface selection, choose the VLAN interface you want to use IDS/IPS on, check promiscuous mode and enable boxes and click apply.

Otherwise it is pretty much the same as if setting it up for all interfaces.
May 06, 2021, 04:12:31 PM #2
I'll give that a try, thank you.

I was a bit unsure about that because the documentation states:
https://docs.opnsense.org/manual/ips.html
QuoteInterfaces: Interfaces to protect. When in IPS mode, this need to be real interfaces supporting netmap. (when using VLAN's, enable IPS on the parent)

Worst case I can apply the $HOME_NET parameter. Reason being that my OPNsense is not my Internet facing firewall but I would like to move my publically reachable servers behind it and activate IDS just for these.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions