Using Squid Proxy and Sensei inline

Started by hv-tech, February 08, 2022, 05:21:32 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 08, 2022, 05:21:32 PM
I've been using and playing with Sensei and bought a home license, however, I've noticed that this service doesn't incorporate Squid Proxy very well. When running proxy, I can see traffic from my endpoints going straight to the proxy port on the box classified as "Web Browsing". It would be ideal if I could set my capture from the source interface of the proxy IP and Dest being the internet.. 

Perhaps running both services on the same box just doesn't work, but I thought I would post and see if anyone else has a workaround or a solution.
February 09, 2022, 06:26:49 PM #1
You cannot run both on the same interface by design.

Running Zenarmor along with Suricata
https://www.sunnyvalley.io/docs/troubleshooting/installation
February 09, 2022, 06:28:06 PM #2
To be clear.
I run both Suricata and ZenArmor on the same device / different use cases but you cannot have both services on the same interface.
February 10, 2022, 05:34:38 AM #3
So Web Proxy "Squid" and "Suricata" are two separate things. I can run Squid and Zenarmor on the same interface, but the way the inspection works isn't really working out for me since Zen is mainly just We filtering.
Print
Go Up Pages1
User actions