Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata with decrypt traffic

    Scheduled Pinned Locked Moved
    IDS/IPS
    2
    4
    322
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Antibiotic
      last edited by Antibiotic

      Hi.
      I have install polar proxy server on separate pc.
      Forward tcp 443 on port 10443 proxy server.
      Server in real time decrypt traffic on port tcp 57012.
      Also install polar proxy certificate on one of LAN pc for testing

      LAN 192.168.10.0/24
      Server 192.168.30.10 on different interface.
      How to make Suricata listening on LAN interface port 57012? to able see decrypt traffic

      pfSense plus 24.11 on Topton mini PC
      CPU: Intel N100
      NIC: Intel i-226v 4 pcs
      RAM : 16 GB DDR5
      Disk: 128 GB NVMe
      Brgds, Archi

      HLPPCH 3 Replies Last reply Reply Quote 1
      • HLPPCH
        HLPPC Galactic Empire @Antibiotic
        last edited by HLPPC

        @Antibiotic

        https://youtu.be/u1gZrJEQ_30?si=EYj7598A71BarpbA

        I think you'd adjust the parser ports. Maybe port forward to them. There are probably a lot of ways to do that. NAT reflection with a VIP, port forwarding, port mirroring. Depending on your equipment.

        1 Reply Last reply Reply Quote 0
        • HLPPCH
          HLPPC Galactic Empire @Antibiotic
          last edited by HLPPC

          @Antibiotic the right way may be to have them on the same subnet, BUT, there are ways. I am pretty sure you can set TCP parser ports once you have either inline or legacy mode set up. It may even be better to use more than one machine for that.

          1 Reply Last reply Reply Quote 0
          • HLPPCH
            HLPPC Galactic Empire @Antibiotic
            last edited by

            @Antibiotic VIPs though 😎

            1 Reply Last reply Reply Quote 0
            • First post
              Last post