Could not clone a snort interface on pfsense 2.3.5
-
As soon as I am trying to clone a snort interface, I am getting 504 error after 4-5 minutes. But I can see the cloned interface in Snort Interfaces list on visiting the listing page. What could be the issue and its solution, please suggest.
-
I assume you mean you are getting the 504 error on rules updates ???
That is a very old version of pfSense and a correspondingly very old version of Snort. I don't recall the exact Snort binary version that matches pfSense-2.3.5, but I suspect that the Snort Rules Team has dropped support for Snort rules that match the binary version in pfSense-2.3.5.
Snort rules packages must be version-matched to the Snort binary they run under. You can't use newer version rules with older versions of the binary. The Snort Team deprecates support for older rules as newer Snort binaries are released.
Upgrade your pfSense to the current RELEASE version and I suspect Snort will start working for you since upgrading pfSense will upgrade Snort. DO NOT upgrade Snort until you upgrade pfSense! Doing that will break your firewall.
-
Yeah, 2.3.5 is ancient. Expect anything to fail at an time!
Upgrade to something current as soon as possible.
Steve
-
@stephenw10
Thank you for the help, I guess this is due to some older version of snort package which is causing problem.