Suricata with inline mode and problematic constelations
-
Hi Folks,
I'm actual running PFSense Version 2.4.2-RELEASE-p1 (amd64) with suricata 4.0.3_1 on ESXI 6.5 and Intel I350-T4 4xGBE NIC.
And now I want to use Inline Mode couse I think it's a lot better couse no packet is crossing pfsense without being checked. So now I have 3 Networks behind with traffic shaping and openvpn. Is there any known drawback or issue with that kind of configuration or any other things that I need to know before running in all kind of issues?
All plugins that I'm running:
Open-VM-Tools 10.1.0,1
openvpn-client-export 1.4.14
pfBlockerNG 2.1.2_2
suricata 4.0.3_1Regards
-
Hi DaReaLDeviL,
Bill Meeks has a good explanation of what Inline Mode is and its benefits over Legacy Mode here:
https://forum.pfsense.org/index.php?topic=108010.0The biggest issue with inline mode is hardware compatibility and stability. When running as a physical machine FreeBSD's netmap only supports a limited number of NIC chipsets. Supported list of adapters: https://www.unix.com/man-page/freebsd/4/netmap/
But as for running it in a virtualized environment I'm not sure if pfSense's netmap supports vmware adapters. Maybe someone has already tested and can chime in on this. If it is supported I would think it would require you to configure SR-IOV (which your NIC does support) on your VMware Host. If you're not in a production environment I'd say snapshot and see if it works. Hope that helps.