Make an inline Suricata box

Started by Unchip, October 28, 2024, 09:59:01 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 28, 2024, 09:59:01 AM
HI
I'm looking to make an inline Suricata box to intercept certain applications. I need DPI to detect certain applications (i.e. unauthorized VPN traffic) and block it. The box needs to be inline and receive its LAN IP address from the DCHP server.

I have been looking at OPNsense (as opposed to Security Onion) to do this project quickly but got lost in the configurations. Is there a knowledgebase article to setup OPNsense in bridge mode to transparently pass through traffic with Suricata IPS active?
Thank
October 28, 2024, 01:20:06 PM #1
Did you evaluate beforehand if suricata can do what you need it to do?

Suricata is more for analyzing traffic for known attacks based on rulesets.

DPI on Application Layer is more in Zenarmor's territory.
Hardware:
DEC740
Print
Go Up Pages1
User actions