SOLVED WSUS UPDATE SERVERS PROBLEM WHEN SURICATA IS ACTIVE

scalaechlon · October 31, 2020, 01:08:38 AM

Good day,

Reporting solution on WSUS update servers problem when suricata IPDS is active

when activating suricata IDPS, suricata scans and applies policies to networks or groups of networks using the assigned interface.

when you set WAN as the listening interface, make sure that networks that you want to scan are the networks that are within your LAN.

this setting is found in Intrusion Detection > Administration > Settings > Home Networks

if you put your WAN network in Home Networks, Suricata will scan the network and detect unconventional network ranges in which, incidentally WSUS uses. Thus WSUS networks will be dropped and the windows update will not function.

the same goes for Linux update servers

Hope this helps.

SOLVED WSUS UPDATE SERVERS PROBLEM WHEN SURICATA IS ACTIVE

scalaechlon

October 31, 2020, 01:08:38 AM