Intrusion Detection worst my network traffic?

[Bytechanger]

Hi,

my OPNSense runs on an  ZBOX ZOTAC CI329.

My network adapters:

Code Select Expand


$ pciconf -lv re1
re1@pci0:2:0:0: class=0x020000 card=0x012310ec chip=0x816810ec rev=0x0c hdr=0x00
    vendor     = 'Realtek Semiconductor Co., Ltd.'
    device     = 'RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller'
    class      = network
    subclass   = ethernet
$ pciconf -lv re0
re0@pci0:1:0:0: class=0x020000 card=0x012310ec chip=0x816810ec rev=0x0c hdr=0x00
    vendor     = 'Realtek Semiconductor Co., Ltd.'
    device     = 'RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller'
    class      = network
    subclass   = ethernet


when I activate Intrusion Detection, it seems, it blocks sometimes network traffic.
I get sometimes no IP from DHCP, communication doesn´t work for some time.
BUT there is no entry in Alerts, so it isn´t blocked by detection service.
In Log there is also no entry.

my settings:
Enabled CHECK
IPS mode CHECK
Promiscous mode on or off
Pattern matcher Hyperscan
Interfaces LAN

when I disable "enabled" it works all fine!
Interface can only be LAN, because WAN is over PPOE

Greets

Byte

[Bytechanger]

OK,
I think it´s VLAN on that adapter. When I connect USB-LAN Adapter without VLAN it seems to work.

Greets

Byte

[stefanpf]

So you have disabled VLAN Hardware Filtering ?
You find it under. /Interface/ Settings

[Bytechanger]

No, its actually set to "Leave default".

Should I turn it to "Disable VLAN Hardware Filtering" and then it works on my intern LAN device?

Greets

Byte

[stefanpf]

I would suggest to give it a try to set it to "Disable VLAN Hardware Filtering"

This could solve the dhcp-problems and may help with your other problemes as well.