How do you configure Intrusion Detection in OPNsense?

[comet]

One of the things I would like to try in OPNsense is enabling Intrusion Detection but I know absolutely nothing about it.  Is their some kind of easy guide to setting up Intrusion Detection in OPNsense?  I'm assuming that you need to do something more than just checking the box for "Enabled", but most of the other options are meaningless to me.

What I'd like, if possible, is to stop intrusions but without blocking traffic to sites I use.  And I actually know so little about Intrusion Detection that I am currently not clear whether it operates only on inbound packets, outbound packets, or both.

Intrusion Detection is not a feature that I've had on any previous router.  When I briefly looked at other software, I noticed they let you add "Snort" which (I think) was also a form of intrusion detection, but it seemed a bit easier to set up since you could pick from three different pre-configured levels of protection (not saying that's the right way to do it, just that it might have been easier to set up). I don't see anything like that in the OPNsense Intrusion Detection feature, and I'm totally lost!  I hope it is not too difficult to at least enable some basic level of Intrusion Detection.

Please feel free to point me to any good beginner-level pages or videos on the subject, if any exist.  Thanks!

[phoenix]

Have you had a look at the OPNsense Documentation on IDS/IPS: https://wiki.opnsense.org/manual/ips.html?highlight=suricata

[comet]

Have you had a look at the OPNsense Documentation on IDS/IPS: https://wiki.opnsense.org/manual/ips.html?highlight=suricata

Yeah, I saw that, and no offense intended, but I found it worse than useless.  It did not give me ANY useful information on how to set up and configure Intrusion Detection.  When you go to documentation, you sort of expect it will give you information on how to set up that feature, and that page doesn't.  At all.

[franco]

It’s a manual overview page, not a how to. The first how to on that page explains how to use IDS with SSL rules.


Cheers,
Franco

[xames]

agree with comet, no good manual out there.

[xames]

Manual is always refering to IPS not to IDS, what is exactly the differents between them?

[franco]

I'm afraid that's not something we should cover in our manual in any greater detail and I think it has surely been answered in this forum before.


Cheers,
Franco