Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Sensei and IPS/IDS issues.
« previous
next »
Print
Pages: [
1
]
Author
Topic: Sensei and IPS/IDS issues. (Read 1964 times)
zauopn
Newbie
Posts: 8
Karma: 0
Sensei and IPS/IDS issues.
«
on:
July 23, 2020, 08:43:56 pm »
Hello, I have latest version of opnsense already installed in a VirtualBox VM and it is working.
Internet WAN -> Modem -> Opnsense device (Ethernet port) LAN -> USB Ethernet adapter (usb connected to Opnsense device and Ethernet to WAN Ethernet port of router) -> Router ( multiple devices connected to it via Ethernet LAN ports and WiFi)
However, there are some issues with Sensei and IDS/IPS that need to be fixed:
1) All the web traffic in opnsense has the same WAN IP from router, so it makes it look that there is only one device connected to the network. I need to see in the Sensei and IDS traffic logs exactly the IP of the device in the network (I.e printer, PC etc..) that generates the traffic. For example, if a user using a smartphone goes to Facebook, I need to see the IP of the smartphone, not the WAN IP of the router.
2) Snort rules are not getting triggered, there are several ERR INVALID SIGNATURE in the IDS logs. Also, the GeoIP settings have an issue, the country flags are not showing up in the logs maxmind was already added to the geoip settings.
I also have ET telemetry and some of the rules work but many of those rules are empty, it seems that ET Telemetry doesn't have the same rulesets as ET PRO.
Does anyone know how fix these issues? I'd appreciate your help. Thanks
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Sensei and IPS/IDS issues.