Suricata, ESXi, inline, vmxnet3
-
Any changes of opinion on this combination for ESX >= 6.5, pfSense 2.6.0 with Suricata >= 6.0.4? Any reliability issues encountered? Any performance issues?
Thanks!
-
You should be fine with that setup. Just be sure to give your VM enough RAM. For Suricata I would start at 4 GB and perhaps go even a bit higher if you intend to run tons of enabled rules. If you have the RAM available on the host, I would suggest 8 GB for a typical Suricata setup. That would leave you a nice cushion should a little extra memory be required now and then.
-
Your Dashboard traffic graphs stops working.
-
@cool_corona said in Suricata, ESXi, inline, vmxnet3:
Your Dashboard traffic graphs stops working.
This should be fixed in the latest pfSense. As I recall, a patch submitted to FreeBSD upstream by the OpnSense team fixed this back in late summer of 2021. It was only a problem when using Inline IPS Mode which uses the netmap device. The problem was with the way the netmap device failed to increment certain counters.
-
@bmeeks Its not working in 2.5.2 but I havent tested 2.6.0 yet since its unstable and lack VLAN performance.