Does IPS support IPV6

[ngr2001]

I have IPV6 configured and working very nicely, confirmed on all test sites. I also have IPS in blocking mode on both the WAN & LAN working very nicely, verified via EICAR being blocked.

However, in my IPS logs I have yet to see any WAN traffic associated to my IPv6 Address. Is that normal, does IPS support IPV6, I average about 10 blocked attacks per minute on IPv4, I cant imagine no one is scanning my IPv6 address ?

[ngr2001]

Well I think I answered my own questions at least partially.

I just created a new PS routine to download an EICAR file and this time the blocked traffic appeared in the logs as IPV6. So I guess some rules for sure support IPV6, I'm just really surprised that no other rules are firing for IPV6 at the moment. I posted PS routine elsewhere but I might as well share the testing process below, I guess its useful for both testing IPS mode and IPV6 :)



Here are some cleaner instructions for validating that IPS is blocking for the average windows user:


Step 1: Enable the rule ""OPNsense-App-detect/test", located at: Services/Intrusion Detection/Administration/Download

Step 2: Open the PowerShell ISE

Step 3: Paste in the following code

$url = "pkg.opnsense.org/test/eicar.com.txt"
$dest = "C:\temp\eicar.com.txt"
Invoke-RestMethod -Uri $url -OutFile $dest

Step 4: Click the Green Run arrow

Step 5: Check your IPS Alerts, located at: Services/Intrusion Detection/Administration/Alerts. You should see a hit for "OPNsense test eicar virus"

Step 6: Check C:\Temp\ for the creation of any new files named "eicar.com.txt", you should have none and your Powershell ISE should be just sitting there hung looking like its doing nothing, well thats because your IDS is blocking the download.

Congrats.