Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
is it possible to bypass IDS/IPS to during backup transfer?
« previous
next »
Print
Pages: [
1
]
Author
Topic: is it possible to bypass IDS/IPS to during backup transfer? (Read 2707 times)
h4ck3r
Newbie
Posts: 8
Karma: 0
is it possible to bypass IDS/IPS to during backup transfer?
«
on:
October 25, 2021, 12:22:56 pm »
Hello,
from time to time i need to transfer a lot of backup data from one local network to another (from LAN to DMZ using Veeam Agent for Microsoft). I don't want to disable IDS/IPS on these interfaces, but is it possible to bypass IDS/IPS to NFS (TCP/2049) during transfer? I haven't found any hints on how to write a rule that leaves Suricatas ruleset very early. Suricata's documentation is unclear to me at this point (
https://suricata.readthedocs.io/en/suricata
6.0.0/performance/ignoring-traffic.html).
What would be the best way to accomplish my requirement?
Also, some ip addresses in the DMZ need to receive data from clients on the LAN side via snmp (naturally emerging-scan.rules prevents this). How can we make these ip addresses bypass the ids rules?
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: is it possible to bypass IDS/IPS to during backup transfer?
«
Reply #1 on:
October 25, 2021, 08:00:24 pm »
Since Suricata is scanning everything that goes over an interface, the solution is likely another interface.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
is it possible to bypass IDS/IPS to during backup transfer?