Enabling IPS kills internet connection - fresh install and simple network

[arrowheadbluetail]

Hi all. I’m new to OPNsense and have just set up a fresh install (OPNsense 18.7). Everything is default aside from having installed the uPNP package. My network set up is as follows...

WAN->OPNsense (192.168.1.1)->Switch->WAP

With IPS disabled, everything works as it should. As soon as I enable it, with LAN and WAN selected, my devices are unable to connect to the Internet. The only rules I have installed and enabled are the OPNsense test rules. Can anyone point me in the direction of solving this issue? I’ll happily provide any logs that might be needed. Thank you!

[phoenix]

It works fine for me (and plenty of others).

I'll start with some of the usual questions. Is this a VM or real hardware? If it's a VM, which hypervisor? Which NIC driver are you using (if a (VM)? If it's not an E100 driver, it should be. Have you disabled all the 'offload' functions as mentioned in the documentation? What are the specs of your hardware for OPNsense? Have you looked at any of the other forum posts that cover this topic (a search will find them for you)?

[arrowheadbluetail]

Hi Bill. Thank you for the reply.

• OPNsemse is running on a dedicated, physical, QOTOM, device.
• All hardware acceleration is disabled.
• Followed the guide here: https://forum.opnsense.org/index.php?topic=6893.0. Tried both with and without the DNS instructions on that page.

One more thing to mention, I only lose internet access after adding the LAN to the selected interfaces that will be monitored.

[chemlud]

Did you update the fresh install?

[arrowheadbluetail]

Did you update the fresh install?

Yes, OPNsense and all available package/plugin updates were installed.

[chemlud]

There might be some oddities with the latest suricata, see my thread

https://forum.opnsense.org/index.php?topic=10958.0

Maybe try to downgrade suricata as Franco suggests on page 2 in the link above and see if it helps...

[arrowheadbluetail]

There might be some oddities with the latest suricata, see my thread

https://forum.opnsense.org/index.php?topic=10958.0

Maybe try to downgrade suricata as Franco suggests on page 2 in the link above and see if it helps...

Performing a downgrade seems to have solved my issue! I’m going to keep any eye on it and update the post if anything changes. Thank you very much for the suggestion!