No Internet access when IPS is on

GaardenZwerch · October 16, 2019, 04:13:55 PM

OK,
my tests (both Lab and Production) confirm this.
I run suricata on each VLAN and leave promiscuous mode on, and IPS works. I have tested with igb and ixl interfaces.

Thanks,
Frank

Cajuba · October 18, 2019, 11:30:41 AM

Meanwhile, I am a bit confused... :-\

As I wrote in my previous posts I had to run IPS on my VLAN Interfaces, but not on the physical interface. Otherwise I would not get DHCP leases on my VLAN Subnets an I could not connect to the internet.

Then the world turned upside down... :o
A few days ago I had to perform several reboots after some issues with power supply. After that I was not able to get a DHCP lease with the exact config that used to work before. So I played around a bit. After configuring IPS running on the physical LAN interface, but not on the VLAN interfaces anymore I immediately got DHCP Leases on all of my VLAN Subnets. This seems to be stable so far.

I have no idea why the system's behaviour changed after the reboots. From my point of view this seems to be quite strange...

Pocket_Sevens · October 18, 2019, 03:01:26 PM

Quote from: GaardenZwerch on October 16, 2019, 04:13:55 PM
OK,
my tests (both Lab and Production) confirm this.
I run suricata on each VLAN and leave promiscuous mode on, and IPS works. I have tested with igb and ixl interfaces.

Thanks,
Frank

Hi Frank.

Thanks for testing this. Just to clarify: was this on the VLANs only or also the physical LAN interface?

Pocket_Sevens · October 18, 2019, 03:03:51 PM

Quote from: Cajuba on October 18, 2019, 11:30:41 AM
Meanwhile, I am a bit confused... :-\

As I wrote in my previous posts I had to run IPS on my VLAN Interfaces, but not on the physical interface. Otherwise I would not get DHCP leases on my VLAN Subnets an I could not connect to the internet.

Then the world turned upside down... :o
A few days ago I had to perform several reboots after some issues with power supply. After that I was not able to get a DHCP lease with the exact config that used to work before. So I played around a bit. After configuring IPS running on the physical LAN interface, but not on the VLAN interfaces anymore I immediately got DHCP Leases on all of my VLAN Subnets. This seems to be stable so far.

I have no idea why the system's behaviour changed after the reboots. From my point of view this seems to be quite strange...

Hey Cajuba. Did you upgrade to 19.7.5_5 per chance?

GaardenZwerch · October 21, 2019, 03:29:21 PM

Quote from: Pocket_Sevens on October 18, 2019, 03:01:26 PM
Quote from: GaardenZwerch on October 16, 2019, 04:13:55 PM
OK,
my tests (both Lab and Production) confirm this.
I run suricata on each VLAN and leave promiscuous mode on, and IPS works. I have tested with igb and ixl interfaces.

Thanks,
Frank

Hi Frank.

Thanks for testing this. Just to clarify: was this on the VLANs only or also the physical LAN interface?

Hi,

IPS only on the VLANs, not on the physical NIC. Promiscuous mode ON.

Best regards,

Cajuba · October 21, 2019, 04:32:50 PM

Quote from: Pocket_Sevens on October 18, 2019, 03:03:51 PM
Hey Cajuba. Did you upgrade to 19.7.5_5 per chance?

Yes, my device is running on 19.7.5_5

No Internet access when IPS is on

GaardenZwerch

October 16, 2019, 04:13:55 PM #15

Cajuba

October 18, 2019, 11:30:41 AM #16

Pocket_Sevens

October 18, 2019, 03:01:26 PM #17

Pocket_Sevens

October 18, 2019, 03:03:51 PM #18

GaardenZwerch

October 21, 2019, 03:29:21 PM #19

Cajuba

October 21, 2019, 04:32:50 PM #20