Multi WAN oddness

Started by FullyBorked, November 17, 2021, 07:09:34 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 17, 2021, 07:09:34 PM Last Edit: November 17, 2021, 07:34:18 PM by FullyBorked
I currently have two WAN connections we'll call them Primary and Backup.  I only use the Backup connection in the event the Primary is down since the Backup is metered LTE.  I've been using Suricata for however long I've been on OPNsense maybe a year now.  It's been just fine or so I thought.  Today I powered down the modem for my Primary connection temporarily for maintenance.  During that time (about 45 min) I got over 400 IPS/IDS alerts.  I do typically get maybe 1 or 2 alerts every week(ish). It looks to me like even though I only have a singular policy and both WAN interfaces selected it may only be monitoring my Backup connection.

Edit: Wanted to say these were all false positives from internal traffic traversing the external interfaces.  So I'm not worried about that, it just needs tuned.  However I worry this same traffic wasn't detected on the Primary interface makes me things it's broke or misconfigured somehow.

Anyone have any thoughts on what is going on?   
Print
Go Up Pages1
User actions