OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Suricata and vlans
« previous next »
  • Print
Pages: [1]

Author Topic: Suricata and vlans  (Read 4421 times)

kapara

  • Jr. Member
  • **
  • Posts: 97
  • Karma: 3
    • View Profile
Suricata and vlans
« on: November 25, 2018, 12:04:50 am »
I read that you dont want to add vlans to Suricata but when I added the physical interface (LAN) and not the vlan (which is on the LAN physical Interface) as a monitored interface none of my phones would work or get DHCP.  Then when I removed the physical interface (LAN) the phones started to work again.

Is this by design?
Logged

ruggerio

  • Sr. Member
  • ****
  • Posts: 295
  • Karma: 11
    • View Profile
Re: Suricata and vlans
« Reply #1 on: November 26, 2018, 02:55:44 pm »
i am not aware of your architecture and wishes, but how big is your installation? I personally (@home!!!!) just inspect traffic on WAN, as i don't want traffic to get inspected, if i am in a "secure" zone.

If you have vlans, have you entered the networks in suricata?
Logged

abraxxa

  • Jr. Member
  • **
  • Posts: 67
  • Karma: 7
    • View Profile
Re: Suricata and vlans
« Reply #2 on: February 24, 2019, 05:45:31 pm »
For me the following worked:
  • Interfaces: Settings: disable Hardware CRC, Hardware TSO, Hardware LRO and VLAN Hardware Filtering
  • Services: Intrusion Detection: Administration: enable Promiscuous mode and select the physical LAN interface (my WAN is PPPoE for IPv4 and IPv6)
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Suricata and vlans
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2