Zenarmor will not run WAN along side of Suracata

[battle]

If I try to check both WAN and LAN boxes in settings, Zenarmor says that I can't run WAN on both Suracata and Zenarmor (see quote below).  So if I uncheck 'Enable' and 'IPS mode' and all other boxes on the Suracata  'Services: Intrusion Detection: Administration' page, Zenarmor will still not allow me to check the WAN box in Zenarmor/Settings.  There doesn't seem to be a way to only run Zenarmor.

"When you use IPS & Zenarmor together, you can only use the WAN interface for Suricata
It looks like you also have Suricata configured to run on this interface. Please be noted that Zenarmor and Suricata cannot be run on the same ethernet interface at the same time."

[IHK]

Wan interfaces (OpnSense) are also filtered and interfaces are used as the default gateway because the wan interfaces of opnsense are also filtered by suricata. Zenarmor and suricata use netmap and both do not work on the same interface! To prevent a network issue, Zenarmor does not allow you to protect these interfaces.

If you protect all LAN interfaces on Zenarmor, it has no benefit to protect WAN as well.  Zenarmor already inspect all outbound traffic via LAN interface(s)

[battle]

Thanks.  I received like info from someone else.  Zenarmor is watching LAN and Surcata is watching WAN now.