Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
IPS/IDS setup
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPS/IDS setup (Read 3668 times)
QuadMSPTech
Newbie
Posts: 1
Karma: 0
IPS/IDS setup
«
on:
November 10, 2017, 04:26:58 am »
Hello all,
I am new to Opnsense, and am trying to make it as close to a full blown UTM as possible. I work with Sonicwalls on a daily basis.
I have read the documentation, and wondered if there is any downside to enabling all the Rulesets? Do they interfere with each other or is it all good to turn them all on?
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: IPS/IDS setup
«
Reply #1 on:
November 10, 2017, 08:11:04 am »
The point about IDS/IPS is to adapt the ruleset to your typical internet use pattern. You only turn on the rules to block connections that are never legitimate. Ultimately then, enabling all rules is applicable to a situation where there is no traffic at all ;-)
Bart...
Logged
Ciprian
Sr. Member
Posts: 284
Karma: 50
Re: IPS/IDS setup
«
Reply #2 on:
November 10, 2017, 12:01:24 pm »
At first, the documentation for IPS rulesets (ET, PT etc.) states very clearly that the rules & the rulesets are not something you turn on in bulk, then call it a day and go home for the weekend. And this is the recommendation coming from those making the rules.
Secondly, I did it! Then issues with erratic FTP transfer, or difficult to establish RDP connections, rose up pretty quickly.
So, NO! NO! NO! Don't activate them all in bulk, it would be a pain afterwards to troubleshoot the issue(s), and find the particular rule (in a particular ruleset) that is causing the issue(s): for RDP and FTP issues I encountered there were NO alerts triggered in IPS logs, so the only way to isolate the culprit was to test/ check/ activate every ruleset, on an one-by-one basis, and after identifying the ruleset, dig down on a rule-by-rule basis, to identify the particular rule(s) in the ruleset(s). Daunting task, believe me!...
Cheers!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
IPS/IDS setup