IPS Suricata - Strange Behavior

Started by diogossilva, February 28, 2022, 05:28:15 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 28, 2022, 05:28:15 PM
Hello guys,

We are new at this system and we are noticing some strange behavior about IPS/IDS (Suricata system).

We have a Suricata installation on Vmware.

This OPNSENSE has 8vCores + 8GB Ram and we have SSD do filesystem and have syslog external.

The objective is to provide a 2nd level of IPS/IDS, since the OPNSENSE has an IP that is the gateway from all virtual servers.

All services are running OK but time to time, we have strange sloness on the network, for exampla a file transfer between someone local on the LAN and the fileshare on the virtual environment are processed at Kb/s...

The method we have seen to correct this is to disable IPS mode and then enable it again..

The we achive more than 50MB/s ..

Current specs :

Versions   OPNsense 21.7.8-amd64
FreeBSD 12.1-RELEASE-p22-HBSD
OpenSSL 1.1.1m 14 Dec 2021
Print
Go Up Pages1
User actions