Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata and vlans
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata and vlans (Read 4412 times)
kapara
Jr. Member
Posts: 97
Karma: 3
Suricata and vlans
«
on:
November 25, 2018, 12:04:50 am »
I read that you dont want to add vlans to Suricata but when I added the physical interface (LAN) and not the vlan (which is on the LAN physical Interface) as a monitored interface none of my phones would work or get DHCP. Then when I removed the physical interface (LAN) the phones started to work again.
Is this by design?
Logged
ruggerio
Sr. Member
Posts: 295
Karma: 11
Re: Suricata and vlans
«
Reply #1 on:
November 26, 2018, 02:55:44 pm »
i am not aware of your architecture and wishes, but how big is your installation? I personally (@home!!!!) just inspect traffic on WAN, as i don't want traffic to get inspected, if i am in a "secure" zone.
If you have vlans, have you entered the networks in suricata?
Logged
abraxxa
Jr. Member
Posts: 67
Karma: 7
Re: Suricata and vlans
«
Reply #2 on:
February 24, 2019, 05:45:31 pm »
For me the following worked:
Interfaces: Settings: disable Hardware CRC, Hardware TSO, Hardware LRO and VLAN Hardware Filtering
Services: Intrusion Detection: Administration: enable Promiscuous mode and select the physical LAN interface (my WAN is PPPoE for IPv4 and IPv6)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata and vlans