OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • 24.7 Production Series »
  • IDS/IPS rules 'not installed' after update from 24.1.10_8
« previous next »
  • Print
Pages: [1]

Author Topic: IDS/IPS rules 'not installed' after update from 24.1.10_8  (Read 267 times)

The-QA-Geek

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
IDS/IPS rules 'not installed' after update from 24.1.10_8
« on: September 04, 2024, 09:54:00 pm »
I just updated from 24.1.10_8 to 24.7 via the GUI and have three questions:

 1) Everything that I have checked seems correct, except for the IDS/IPS rules. The rules all appear in Services -> Intrusion Detection -> Administration -> Download, and they are all enabled, but all of them are shown as 'not installed' in the 'Last Updated' column. I haven't tried to download them manually; I will wait and see if the cron job does its thing tonight, but is this expected, or a known problem with the upgrade process?

 2) Before doing the upgrade on my production system I did it on my backup system (both AppNeta M50s). The backup hadn't been updated to 24.1.10; it was still running 24.1. As the first step I downloaded the configuration from 24.1.10 and restored it on 24.1, and OPNsense fell over after rebooting. 'Fell over' means that it responded to pings on the LAN port, but the GUI didn't appear when I tried to open it, and the boot process (which I was watching on the console) ended abruptly. The last thing it output was (without the quotation marks):

" HTTPS: SHA256 74 91 F9 39 69 0A DA FC 9C E0 3B 61 0C A0 3E 6D
               91 18 79 BF 29 3C A0 FB 90 7C 11 27 0F 81 D0 15
"

Just to be certain I re-installed 24.1, restored the configuration file again, and got the same result. I then re-installed 24.1, upgraded to 24.1.10_8, restored the configuration file, and it worked.

Is it expected that configuration files aren't backwards compatible, even in the same major version? I would have expected that to work, or at least to complain that the versions were incompatible or that it was unable to process some particular parameter.

 3) Are configuration files expected to be forward-compatible? That is, is it expected that I could install a clean copy of 24.7.x and restore a 24.1.x configuration onto it?

I searched and couldn't find any discussions on these topics, so I am posting everything here to create a record for those who follow in my uncertain footsteps.  :-)
Logged

The-QA-Geek

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: IDS/IPS rules 'not installed' after update from 24.1.10_8
« Reply #1 on: September 05, 2024, 07:04:28 pm »
 1) The rules updated overnight when the cron job ran, so that is as expected.

I have now upgraded the second AppNeta from 24.1.10_8 to 27.1 and then to 27.3, using the GUI as before. This time the IDS/IPS rules are intact, so the problem I saw the first time is intermittent. Rules may or may not be preserved during an upgrade.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • 24.7 Production Series »
  • IDS/IPS rules 'not installed' after update from 24.1.10_8
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2