Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Suricata and Sensei - Which NICs to activate
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata and Sensei - Which NICs to activate (Read 3355 times)
ArminF
Full Member
Posts: 205
Karma: 11
Suricata and Sensei - Which NICs to activate
«
on:
February 27, 2020, 04:27:56 pm »
Hello,
i did installed Sensei and it told me that some NICs are already used by the IDS/IPS Suricata.
What would be your proposal where to run which one of the apps?
IDS/IPS -> WAN
Rest NICs -> Sensei
AND my WAN is an PPOE so not sure if suricata runs on PPPOE
Looks like you cannot run it on the same nics together.
Curious how you handle this.
thanks
armin
«
Last Edit: February 27, 2020, 04:55:17 pm by ArminF
»
Logged
English: Never try, never know!
Deutsch: Unversucht ist Unerfahren!
siga75
Full Member
Posts: 185
Karma: 11
Re: Suricata and Sensei - Which NICs to activate
«
Reply #1 on:
February 28, 2020, 11:47:18 am »
I do what you proposed
IDS/IPS -> WAN
Rest NICs -> Sensei
Logged
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
ArminF
Full Member
Posts: 205
Karma: 11
Re: Suricata and Sensei - Which NICs to activate
«
Reply #2 on:
February 28, 2020, 11:49:27 am »
Siga, thank you for your answer.
What do you think. Would Sensei replace the IDS/IPS?
From the features it looks much more "intellegent"
Ok maybe the reporting on the IDS/IPS is poor designed within opnsense.
thanks for your thoughts!
A
Logged
English: Never try, never know!
Deutsch: Unversucht ist Unerfahren!
siga75
Full Member
Posts: 185
Karma: 11
Re: Suricata and Sensei - Which NICs to activate
«
Reply #3 on:
February 28, 2020, 12:23:11 pm »
in my opinion there's no sense to run IPS on interfaces other than WAN (remember it detect both incoming and outgoing) so you are protected from the external
sensei has more sense in the internal interfaces, it will detect also all the traffic going out to WAN since they comes from the other interfaces, you only miss traffic coming from the firewall itself.
I think it's a perfect solution
But they are two completely different products, with different purposes, Sensei is not an IDS/IPS, it's more for blocking categories of applications/websites and gives you statistic for analysis. Let's say you don't want a device can navigate to a porn site, even if no malware are there, sensei do this
Logged
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
ArminF
Full Member
Posts: 205
Karma: 11
Re: Suricata and Sensei - Which NICs to activate
«
Reply #4 on:
February 28, 2020, 12:29:39 pm »
Mercie vielmol!
Thanks Siga, will continue to run as proposed and configured.
Keep safe and happy!
cheers A
Logged
English: Never try, never know!
Deutsch: Unversucht ist Unerfahren!
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Suricata and Sensei - Which NICs to activate