6100 SLOW in comparison to Protectli FW6E
-
@bmeeks Yes! All in english.
-
@manilx said in 6100 SLOW in comparison to Protectli FW6E:
@bmeeks Yes! All in english.
Okay... that helps. So if you enable the Snort Subscriber Rules you get the error. I will try and reproduce in my test virtual machine.
-
@bmeeks Yes. Just enable and run Update(Force)
-
@manilx said in 6100 SLOW in comparison to Protectli FW6E:
@bmeeks Yes. Just enable and run Update(Force)
Well, it worked fine for me just now in a newly updated 2.7 snapshot virtual machine. That machine should be pretty much the same as a current 23.01 machine.
Here is the output from the rules update run (I am in the US Eastern Time Zone):
Starting rules update... Time: 2023-02-22 09:09:34 Downloading Emerging Threats Open rules md5 file... Checking Emerging Threats Open rules md5 file... There is a new set of Emerging Threats Open rules posted. Downloading file 'emerging.rules.tar.gz'... Done downloading rules file. Downloading Snort VRT rules md5 file... Checking Snort VRT rules md5 file... There is a new set of Snort rules posted. Downloading file 'snortrules-snapshot-29200.tar.gz'... Done downloading rules file. Downloading Feodo Tracker Botnet C2 IP rules file... Done downloading rules file. Extracting and installing Feodo Tracker Botnet C2 IP rules... Feodo Tracker Botnet C2 IP rules were updated. Downloading ABUSE.ch SSL Blacklist rules file... Done downloading rules file. Extracting and installing ABUSE.ch SSL Blacklist rules... ABUSE.ch SSL Blacklist rules were updated. Downloading Extra Malsilo_Rules rules md5 file... Checking Extra Malsilo_Rules rules md5 file... Downloading Extra Malsilo_Rules rules file... Done downloading rules file. Extracting and installing Malsilo_Rules IP rules... Extra Malsilo_Rules rules were updated. Extracting and installing Emerging Threats Open rules... Installation of Emerging Threats Open rules completed. Extracting and installing Snort rules... Installation of Snort rules completed. Copying new config and map files... Updating rules configuration for: WAN ... Live-Reload of updated rules is enabled... Live-Reload of updated rules requested for WAN. Updating rules configuration for: LAN ... Live-Reload of updated rules is enabled... Live-Reload of updated rules requested for LAN. Updating rules configuration for: IOT_NET ... Live-Reload of updated rules is enabled... Live-Reload of updated rules requested for IOT_NET. The Rules update has finished. Time: 2023-02-22 09:09:47
Here is the Snort Rules section of the GLOBAL SETTINGS tab:
Do you have the same Snort Rules file configured? Are you using
snortrules-snapshot-29200.tar.gz
? -
@bmeeks Using snortrules-snapshot-31470.tar.gz
-
-
@manilx said in 6100 SLOW in comparison to Protectli FW6E:
@bmeeks Using snortrules-snapshot-31470.tar.gz
Very bad!!! Never use Snort 3 rules with Suricata. And never Snort 3 stuff on pfSense.
Change that to
snortrules-snapshot-29200.tar.gz
, and your problem will go away.pfSense is not configured for Snort 3 stuff at all.. Snort on pfSense remains on the 2.9.x branch.
Look at this Help Text printed immediately under the line where you specify a Snort Rules file for download:
Enter the rules tarball filename (filename only, do not include the URL.) Example: snortrules-snapshot-29151.tar.gz DO NOT specify a Snort3 rules file! Snort3 rules are incompatible with Suricata and will break your installation!
-
@bmeeks OK! Always used those...
Changed and update run fine. THX!
-
@manilx said in 6100 SLOW in comparison to Protectli FW6E:
@bmeeks OK! Always used those...
Changed and update run fine. THX!
You just got lucky. Snort 3 stuff is not supported on pfSense.
-
@bmeeks My bad, never read the fineprint :(
-
@manilx said in 6100 SLOW in comparison to Protectli FW6E:
@bmeeks My bad, never read the fineprint :(
At least it was an easy fix .
-
@bmeeks True! This happens when one is "new" to pfsense.