Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Hardware and Performance
»
Non blocking IDS/low priority IDS for lowend hardare/non critical networks.
« previous
next »
Print
Pages: [
1
]
Author
Topic: Non blocking IDS/low priority IDS for lowend hardare/non critical networks. (Read 5029 times)
dragon2611
Jr. Member
Posts: 94
Karma: 4
Non blocking IDS/low priority IDS for lowend hardare/non critical networks.
«
on:
July 10, 2016, 05:39:31 pm »
I know it would offer far weaker protection but I'd like an option to see the IPS/IDS done out of band/low priority then use the firewall for blocking (IPS) for those of us running lower end Hardware.
I tried running opnsense's IDS on my N3050 based board in proxmox and with virtIO it just breaks all traffic, with E1000's it seemed to work but it wouldn't manage more than about 40Mbit/s with an noticeable increase in latency.
Currently I'm mirroring the traffic to Security Onion VM running snort and doing the IDS scanning there, this seems to work and I've been able to set the CPU priority in such a way that the Opnsense VM gets prioritised. That said I can't (Unless I script something) then block anything automatically based on the scan result
I managed 100Mbit/s earlier (which is the max of both my VDSL2 lines combined), not sure if the IDS was able to keep up but since it's my home network it's not world ending if it doesn't (Beforehand I used an ER-X and didn't do any IDS scanning at all)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Hardware and Performance
»
Non blocking IDS/low priority IDS for lowend hardare/non critical networks.