Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
[SOLVED] IPS Mode not working
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] IPS Mode not working (Read 8539 times)
rradu92
Newbie
Posts: 10
Karma: 3
[SOLVED] IPS Mode not working
«
on:
August 24, 2016, 09:03:20 am »
Hello,
I'm testing a virtual machine (4 gb ram, 8 core) with the last opnsense firewall.
All work great but Intrusion Detection with IPS activated.
If I disable IPS all work again, but if I enable IPS (with and without promiscuous mode) I can't do anything. I have teste without any rulesets without success.
It will be really great to have it working.
Thanks
«
Last Edit: August 24, 2016, 05:13:04 pm by rradu92
»
Logged
phoenix
Hero Member
Posts: 545
Karma: 58
Re: IPS Mode not working
«
Reply #1 on:
August 24, 2016, 09:11:10 am »
There are several threads on this topic, have you looked at them? Have you followed the instructions to disable all the NIC offload features? Which virtualization and which NIC is used in this VP?
I'm interested to know why you have eight vCPUs on this VM, that's really too many and may cause you problems down the line - the aim in a VM is to use as few vCPUs as is necessary for the workload. I'd suggest reducing that to one or, at the most, two vCPUs and see what happens.
Logged
Regards
Bill
rradu92
Newbie
Posts: 10
Karma: 3
Re: IPS Mode not working
«
Reply #2 on:
August 24, 2016, 09:34:48 am »
Hello,
I have read all the IPS and Intrusion detection related documentation and other people posts and no success.
I have no VLANS, no link aggregation.
My build is a virtual machine in the datacenter with 2 nics and direct internet access over the wan and in the lan side I have 1 cisco 2960-s switch, then a mikrotik ccr1036-4s for my laboratory network and a direct cat6 cable to a unifi AC access point. The only one client it have is my connected thinkpad.
I can destroy "everything" I'm in a laboratory enviroment.
I have CRC, TSO and LRO disabled.
For the virtualization enviroment I use ovirt cluster that is based in libvirt. The nic driver I use is virtio
I reduced the vCPU to 2 and rebooted the VM with no success.
Logged
rradu92
Newbie
Posts: 10
Karma: 3
Re: IPS Mode not working
«
Reply #3 on:
August 24, 2016, 05:12:51 pm »
Ok,
Can mark as solved, the issue was the network card, virtio is not compatible with ips as I can see, switched to e1000, reconfigured the network interfaces and all ok with ips and promiscuous.
Thanks phoenix for your help.
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: [SOLVED] IPS Mode not working
«
Reply #4 on:
August 25, 2016, 08:58:10 am »
Just for the record: what virtualisation was that?
Logged
rradu92
Newbie
Posts: 10
Karma: 3
Re: [SOLVED] IPS Mode not working
«
Reply #5 on:
August 25, 2016, 12:01:27 pm »
I'm using oVirt that is based in KVM
Here you can find more info about oVirt:
https://www.ovirt.org/
and about KVM:
http://www.linux-kvm.org/page/Main_Page
Logged
bobbythomas
Full Member
Posts: 134
Karma: 5
Re: [SOLVED] IPS Mode not working
«
Reply #6 on:
August 26, 2016, 08:11:35 am »
I also run a virtualized opnsense on my Proxmox box which is based on KVM, are you able to fine tune the ips rules? Is there an option to edit/search the ips rules?
Sent from my ONE A2003 using Tapatalk
Logged
rradu92
Newbie
Posts: 10
Karma: 3
Re: [SOLVED] IPS Mode not working
«
Reply #7 on:
August 26, 2016, 08:25:53 am »
Hello,
I have it running fine wth e1000 driver and promiscuous mode enabled.
You cannot edit rules (or I can't see the option to edit), but you can add user defined actions in the "user defined" tab and you can enable/disable it in the "rules" tab.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
[SOLVED] IPS Mode not working