Unsure of IDS Status

Started by dpbklyn, May 03, 2017, 06:20:34 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 03, 2017, 06:20:34 PM
Hello and TYIA~

I followed these instructions:
https://docs.opnsense.org/manual/how-tos/ips.html

and am not getting the expected results.  After enabling the IDS rules, they still show as "not installed" in the rule list. (see attached)

How can I tell if these rules are installed and working?

Thank you,

dp
May 03, 2017, 09:49:36 PM #1
After enabling them you have to download the rules
May 16, 2017, 07:27:14 PM #2
Sorry for the delay...

When I click "Download & Update Rules" the pinwheel spins for a moment then stops.  The rules never show as "Installed"

What am I missing?
May 16, 2017, 08:49:50 PM #3
Quote from: dpbklyn on May 16, 2017, 07:27:14 PM
Sorry for the delay...

When I click "Download & Update Rules" the pinwheel spins for a moment then stops.  The rules never show as "Installed"

What am I missing?

Enable IDSand IPS the click apply

Check rules and then click enable selected.

After they are marked enabled click download rules.
May 16, 2017, 09:46:33 PM #4
Thank you for getting back.

OK...I thought I did that when I initially set up IDS/IPS.  But just to be sure, I disabled all the rules, then disabled IDS and IPS.

Re-inabled and got the same result.

My FIrmware is 17.1.4 (2017-03-29).  I understand that there is a more recent Firmware, but I cannot update to it.  I tried using the default server and the server in Nebraska and I got the message: Could not find the repository on the selected mirror.

I am not sure if these are related, but just thought I'd give you all the information I have.

Thank you,

dp
May 16, 2017, 10:16:13 PM #5
Quote from: dpbklyn on May 16, 2017, 09:46:33 PM
Thank you for getting back.

OK...I thought I did that when I initially set up IDS/IPS.  But just to be sure, I disabled all the rules, then disabled IDS and IPS.

Re-inabled and got the same result.

My FIrmware is 17.1.4 (2017-03-29).  I understand that there is a more recent Firmware, but I cannot update to it.  I tried using the default server and the server in Nebraska and I got the message: Could not find the repository on the selected mirror.

I am not sure if these are related, but just thought I'd give you all the information I have.

Thank you,

dp

Is this for home or business? If home, just reinstall and be sure it is all clean.

Business, make the call.
May 17, 2017, 02:09:26 PM #6
Just to close this circle...

I did a factory reset and re-configured the firewall.  All is well.

Thank you,

dp
Print
Go Up Pages1
User actions