Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Make an inline Suricata box
« previous
next »
Print
Pages: [
1
]
Author
Topic: Make an inline Suricata box (Read 162 times)
Unchip
Newbie
Posts: 1
Karma: 0
Make an inline Suricata box
«
on:
October 28, 2024, 09:59:01 am »
HI
I'm looking to make an inline Suricata box to intercept certain applications. I need DPI to detect certain applications (i.e. unauthorized VPN traffic) and block it. The box needs to be inline and receive its LAN IP address from the DCHP server.
I have been looking at OPNsense (as opposed to Security Onion) to do this project quickly but got lost in the configurations. Is there a knowledgebase article to setup OPNsense in bridge mode to transparently pass through traffic with Suricata IPS active?
Thank
Logged
geometry dash
Monviech (Cedrik)
Global Moderator
Hero Member
Posts: 1595
Karma: 176
Re: Make an inline Suricata box
«
Reply #1 on:
October 28, 2024, 01:20:06 pm »
Did you evaluate beforehand if suricata can do what you need it to do?
Suricata is more for analyzing traffic for known attacks based on rulesets.
DPI on Application Layer is more in Zenarmor's territory.
Logged
Hardware:
DEC740
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Make an inline Suricata box
