(Solved) IPS (Suricata) kills network (programming.dev)

submitted 8 months ago* (last edited 3 months ago) by [email protected] to c/[email protected]

4 comments fedilink hide all child comments

Hey all, I've been trying to figure out why enabling IPS kills my network. I have some services I host and would like to get some sort of IPS running. I used to have Snort running through pfSense and didn't experience issues like this.

Edit: as an update to this, I resolved it by installing the realtek plugin.

you are viewing a single comment's thread
view the rest of the comments

[-] [email protected] 2 points 8 months ago

It sounds like your IPS rules are wrong, but we would need more info. Rules, network topology and flow, too many variables without more info.

[-] [email protected] 2 points 8 months ago

I don't think it's the IPS rules themselves because they were set to Alert only. I just enabled a few of the standard rule sets that are available.

I'm using a Beelink GK55 and seemed to be fine with pfSense.

As for the topology, I've got one ipv4 WAN gateway on one NIC, and the other NIC is for the LAN which connects through a couple UniFi switches. There are 3 VLANs as well.

this post was submitted on 16 Jan 2024

9 points (100.0% liked)

OPNsense

491 readers

1 users here now

All discussions about the open source, FreeBSD-based firewall called OPNsense.

founded 1 year ago

MODERATORS

[email protected]