Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[DEC690EU, HowTo, Help Needed] Setup IDS for monitoring traffic on a double-NAT?
« previous
next »
Print
Pages: [
1
]
Author
Topic: [DEC690EU, HowTo, Help Needed] Setup IDS for monitoring traffic on a double-NAT? (Read 1623 times)
Securytix
Newbie
Posts: 4
Karma: 0
[DEC690EU, HowTo, Help Needed] Setup IDS for monitoring traffic on a double-NAT?
«
on:
April 08, 2021, 05:48:38 pm »
Hi2youAll!
This week I purchased an OPNsense DEC690EU and I'm kind of new, as an enthousiastic home user, to this kind of devices, so please be patient with me....
Curently I have an existing double-NAT setup and I want to use the OPNsense box to monitor my traffic using IDS (maybe later on IPS) because I don't trust my current
Ubiquiti hardware due to their breach
.
My current setup:
Ubiquiti LAN --> Ubiquiti Gateway (WAN) --> ISP Router LAN --> ISP Router WAN (internet).
My goal:
Ubiquiti LAN --> Ubiquiti Gateway (WAN) -->
OPNsense LAN --> OPNsense WAN -->
ISP Router LAN --> ISP Router WAN (internet).
So, in short I want to setup the OPNsense DEC690EU to monitor and use the IDS funtion to monitor what is actually happening (detect/monitor communication).
My noob Questions:
1
- Can I use the OPNsense box to achief this?
2
- If yes, what is the best way to do this? (bridging ethernet ports, LAN to WAN setup? Setup steps to be taken?)
3
- Another option, mirror Ubiquiti gateway WAN and configure OPNsens in Promiscuous mode, somehow, for monitoring?
20210411
: Option
3
seems to be working! (
Services
-->
Intrusion Detection
-->
Adminstration
-->
Alert
s, with
et_telemetry.token
activated and some
User defined
rules added. Mirrored a port on my Ubiquiti switch connected to the Ubiquiti gateway WAN and configured EPNsens LAN 3 as Promiscuous mode.)
Can anyone give me advise and get me in the right direction to get started? It would be highly appreciated!
Thanks in advance!
«
Last Edit: April 11, 2021, 04:36:49 pm by Securytix
»
Logged
Securytix
Newbie
Posts: 4
Karma: 0
Re: [DEC690EU, HowTo, Help Needed] Setup IDS for monitoring traffic on a double-NAT?
«
Reply #1 on:
April 09, 2021, 08:28:26 pm »
I enabled a LAN in Promiscuous mode and activated IDS (option
3
).
Can anyone tell me a simple way to test the IDS?
«
Last Edit: April 11, 2021, 04:27:05 pm by Securytix
»
Logged
Securytix
Newbie
Posts: 4
Karma: 0
Re: [DEC690EU, HowTo, Help Needed] Setup IDS for monitoring traffic on a double-NAT?
«
Reply #2 on:
April 11, 2021, 04:24:04 pm »
Option
3
seems to be working. Next step: setting EPNsense as IDS/IPS/Firewall (option
2
).
Please advice!
«
Last Edit: April 11, 2021, 04:37:51 pm by Securytix
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[DEC690EU, HowTo, Help Needed] Setup IDS for monitoring traffic on a double-NAT?