Can IPS only work for certain source subnet?

Started by Q3tNHn, December 10, 2024, 07:51:02 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 10, 2024, 07:51:02 PM
Hi all,
Can I setup IPS to make it only work for certain subnets behind a specific interface?
This is my setup diagram:
A L3 switch with vlan 10, 11, 12 connect to the LAN port on OPNsense. 
L3 switch IP address: 192.168.(10)(11)(12).1/24
LAN OPNsense address: 192.168.10.100/24
The L3 switch handles the east-west bound traffic, the OPNsense firewall handles the north-south bound traffic.
I want the IPS system on OPNsense only filter the north-south bound traffic(in and out) from 192.168.12.0/24 and 192.168.10.0/24 and ignore the 192.168.11.0/24 subnet.
Please tell me how to do that on OPNsense!
Thank you! 
December 10, 2024, 08:09:20 PM #1
The subnets correspond to logical interfaces (= VLANs). See this:
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
December 10, 2024, 08:57:01 PM #2
Is there possible in the future to add the function?
December 11, 2024, 12:06:04 PM #3
You obviously did not get my point (or I did not get yours): You can choose on what interfaces you enable IPS. Each interface corresponds to one of your subnets, so you can choose which subnets IPS acts upon.

So what are you missing that should be added?
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
December 11, 2024, 08:18:52 PM #4
Those subnets are not on the firewall Vlan.
December 11, 2024, 08:51:42 PM #5
Well, at least they are behind SOME interface connected to OpnSense. You could add a bypass rules like this one:
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
December 14, 2024, 02:17:55 AM #6
Thank you!
Print
Go Up Pages1
User actions