Making an inline Suricata box using OPNsense

smoore · February 16, 2019, 09:27:28 PM

I'm looking to make an inline Suricata box to intercept certain applications. I need DPI to detect certain applications (i.e. unauthorized VPN traffic) and block it. The box needs to be inline and receive its LAN IP address from the DCHP server.

I have been looking at OPNsense (as opposed to Security Onion) to do this project quickly but got lost in the configurations. Is there a knowledgebase article to setup OPNsense in bridge mode to transparently pass through traffic with Suricata IPS active?

franco · February 19, 2019, 11:39:36 AM

Hi,

Technically https://docs.opnsense.org/manual/how-tos/transparent_bridge.html will get you started and enabling IPS is done normally on top. But you can get away with listening on either LAN or WAN exclusively as the traffic will be the same.

Cheers,
Franco

Making an inline Suricata box using OPNsense

smoore

February 16, 2019, 09:27:28 PM

franco

February 19, 2019, 11:39:36 AM #1