Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
None IDS alert trigger for WAN and LAN
« previous
next »
Print
Pages: [
1
]
Author
Topic: None IDS alert trigger for WAN and LAN (Read 2383 times)
everfree
Newbie
Posts: 15
Karma: 0
None IDS alert trigger for WAN and LAN
«
on:
October 30, 2016, 05:21:53 am »
Hi,
I use 16.7.7 and have one special network.
B point 10.87.0.34/30 (gateway)
A point 10.87.0.33/30 (WAN)
Public IP (LAN)
Private IP(NAT)
10.87.0.32/30 and Private IP is outbound nat for LAN Public IP through WAN interface. Public IP is routing through A point WAN to B point gateway. The network traffic is normal. I use IDS and enable ET-TROJAN rules. I try to query qfsl.net and trigger that alert. Only NAT interface is trigger. No alert in WAN and LAN interface.
Logged
franco
Administrator
Hero Member
Posts: 13679
Karma: 1176
Re: None IDS alert trigger for WAN and LAN
«
Reply #1 on:
October 30, 2016, 05:43:09 pm »
Hi everfree,
Are the rules fetched/enabled, was the configuration applied afterwards again? Do you see any alerts in non-IPS mode?
I remember an issue with a test setup that did not work because the Suricata rules use $HOME_NET and its inverse to filter for source/destination, but that also prevents alerts from triggering when testing between two private networks.
I don't quite understand the WAN/LAN/NAT setup, can you please explain?
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
None IDS alert trigger for WAN and LAN
