IDS working, but IPS not - Transparent / Bridge Firewall

Stril · June 17, 2020, 02:03:24 PM

Hi!

I am trying to setup an in-line-IPS with OPNsense 20.1.

--> OPNSense installed
--> Two Interfaces bridged
--> All offloading disabled
--> IDS activated and configured.

IDS ist working fine and logging alerts.

BUT: If I activate IPS, there are no more alerts, drops, etc.

Do you have any idea, what I could have made wrong?

Thank you for your help
Stril

mimugmail · June 17, 2020, 05:24:13 PM

NETMAP code, which is used with IPS mode, doesn't work for bridge interfaces, sorry.

mb · June 18, 2020, 01:58:20 AM

Quote from: mimugmail on June 17, 2020, 05:24:13 PM
NETMAP code, which is used with IPS mode, doesn't work for bridge interfaces, sorry.

We'll change that soon:

https://forum.opnsense.org/index.php?topic=17363.msg80297#msg80297

mimugmail · June 18, 2020, 08:37:30 AM

Ah, that reminds me testing the VLANs for the drivers :)

IDS working, but IPS not - Transparent / Bridge Firewall

Stril

June 17, 2020, 02:03:24 PM

mimugmail

June 17, 2020, 05:24:13 PM #1

mb

June 18, 2020, 01:58:20 AM #2

mimugmail

June 18, 2020, 08:37:30 AM #3