Zenarmor will not run WAN along side of Suracata

[battle]

If I try to check both WAN and LAN boxes in settings, Zenarmor says that I can't run WAN on both Suracata and Zenarmor (see quote below).  So if I uncheck 'Enable' and 'IPS mode' and all other boxes on the Suracata  'Services: Intrusion Detection: Administration' page, Zenarmor will still not allow me to check the WAN box in Zenarmor/Settings.  There doesn't seem to be a way to only run Zenarmor.

"When you use IPS & Zenarmor together, you can only use the WAN interface for Suricata
It looks like you also have Suricata configured to run on this interface. Please be noted that Zenarmor and Suricata cannot be run on the same ethernet interface at the same time."

[IHK]

Wan interfaces (OpnSense) are also filtered and interfaces are used as the default gateway because the wan interfaces of opnsense are also filtered by suricata. Zenarmor and suricata use netmap and both do not work on the same interface! To prevent a network issue, Zenarmor does not allow you to protect these interfaces.

If you protect all LAN interfaces on Zenarmor, it has no benefit to protect WAN as well.  Zenarmor already inspect all outbound traffic via LAN interface(s)

[battle]

Thanks.  I received like info from someone else.  Zenarmor is watching LAN and Surcata is watching WAN now.

[PhiDeck]

Does running Suricata on WAN and Zenarmor on LAN work if OPNsense is configured in Transparent Bridge mode?

[sy]

Hi,

@battle, OPNsense retains the WAN interface settings, and Zenarmor verifies whether the WAN interface exists in the configuration. This is why you cannot select the WAN interface unless you first uncheck it in Suricata's configuration.

@PhiDeck, this configuration should work as expected, and it aligns with the recommended best practice configuration for transparent bridge mode.