Intrusion Detection - IPS Mode - Output Dops

cweakland · March 07, 2025, 12:56:01 AM

I run OPNsense as a Proxmox VM, virtio trunk interface, queues=6 (matching the number of cores). I have Intrusion Detection configured to use Promiscuous mode on the trunk interface, using hyperscan as the pattern matcher. Everything seems to work well, but I am seeing output errors on interfaces only when I enable IPS Mode for Intrusion Detection. Is there anything I can tweak to mitigate this?

Thanks again!

dan786 · March 07, 2025, 03:09:27 PM

First for most what kind of hardware are you running? Have you tried the ken steele version or the less memory one . To my knowledge hyperscan requires allot memory to run correctly. can you post the errors ?

mimugmail · March 07, 2025, 03:19:21 PM

When you start IPS the interface resets for a moment and in this timeframe the packets are dropped, if the counter jumps up in this time and sticks at this amount, it's ok

Intrusion Detection - IPS Mode - Output Dops

cweakland

March 07, 2025, 12:56:01 AM

dan786

March 07, 2025, 03:09:27 PM #1

mimugmail

March 07, 2025, 03:19:21 PM #2