Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Multi WAN oddness
« previous
next »
Print
Pages: [
1
]
Author
Topic: Multi WAN oddness (Read 2989 times)
FullyBorked
Sr. Member
Posts: 343
Karma: 24
Multi WAN oddness
«
on:
November 17, 2021, 07:09:34 pm »
I currently have two WAN connections we'll call them Primary and Backup. I only use the Backup connection in the event the Primary is down since the Backup is metered LTE. I've been using Suricata for however long I've been on OPNsense maybe a year now. It's been just fine or so I thought. Today I powered down the modem for my Primary connection temporarily for maintenance. During that time (about 45 min) I got over 400 IPS/IDS alerts. I do typically get maybe 1 or 2 alerts every week(ish). It looks to me like even though I only have a singular policy and both WAN interfaces selected it may only be monitoring my Backup connection.
Edit:
Wanted to say these were all false positives from internal traffic traversing the external interfaces. So I'm not worried about that, it just needs tuned. However I worry this same traffic wasn't detected on the Primary interface makes me things it's broke or misconfigured somehow.
Anyone have any thoughts on what is going on?
«
Last Edit: November 17, 2021, 07:34:18 pm by FullyBorked
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Multi WAN oddness