Suricata logs and what they mean??

[hushcoden]

Sorry for the 'dumb' question, a newbie here, please don't shoot   :P

What is the correct configuration for the IPS for the interfaces ?

   1) Only LAN ?

   2) Only WAN ?

   3) Both LAN and WAN ?

Lastly, not clear whether or not I should add the WAN IP address in Home networks ?

Many thanks

[Mitheor]

Sorry for the 'dumb' question, a newbie here, please don't shoot   :P

What is the correct configuration for the IPS for the interfaces ?

   1) Only LAN ?

   2) Only WAN ?

   3) Both LAN and WAN ?

Lastly, not clear whether or not I should add the WAN IP address in Home networks ?

Many thanks

Is your WAN source-natting the traffic from your LAN?

[hushcoden]

Is your WAN source-natting the traffic from your LAN?

Sorry, I don't think I understood... My WAN interface's got a public IP, LAN has got IP address 192.168.0.1 (only IPv4) and my clients are in the range 192.168.0.2--192.168.0.50

[Mitheor]

Is your WAN source-natting the traffic from your LAN?

Sorry, I don't think I understood... My WAN interface's got a public IP, LAN has got IP address 192.168.0.1 (only IPv4) and my clients are in the range 192.168.0.2--192.168.0.50

Ok, so the answer in yes.

In that case, i´d only configure it for the LAN interface.

WAN is not needed in my opinion because, by default, any incoming traffic (Internet --> WAN) is going to be dropped unless you have an internal service that has to be reached from outside (which doesn´t seem to be the case).

I´d put the IPS in the WAN in routed topologies, not natted ones.

[hushcoden]

Okay, thanks and therefore I don't even need to add the WAN IP address in Home networks, correct ?

I don't have any internal services that have to be reached from outside...

I´d put the IPS in the WAN in routed topologies, not natted ones.

Sorry, what does it mean exactly ?

Also, in the alerts tab I see just the same type of alert, 365 entries so far, see attachment: is this a false positive ?