Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    HELP: issue with VLAN and suricata as inline IPS (netmap)

    IDS/IPS
    2
    2
    1365
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Maurizio last edited by

      Hello,
      I'm new in this Forum. This is my setup: pfsense 2.3.1 with suricata configured as IPS inline mode (netmap, not legacy) protecting interface OPT1 (ethernet adapter E1000 supported by netmap) in a virtual lab based upon VMWare ESXi 5.5
      OPT1 is member of BRIDGE0 with second interface OPT2. I selected HOME_NET and a restrict set of rules. My network is 802.1q VLAN based. The big issue is the following: when start suricata on the interface, traffic is passing toward second interface BUT seems missing VLAN tag and this way is discarded by the receiver on the other side. When stopping suricata, traffic pass on the BRIDGE0 and everything works fine… Am I missing some important setting in my configuration? Did anybody face similar issue?  Please help . Attached my configuration files.

      Maurizio

      :'( :'( :'(
      config-pfSense.localdomain-20160716170253.zip

      1 Reply Last reply Reply Quote 0
      • W
        Wisiwyg last edited by

        There's a known problem with netmap. Lots of folks are waiting for the update to drop to see if it solves the issue. Seel this thread: https://forum.pfsense.org/index.php?topic=108365.15

        Overkill - i5 quad, 3.1ghz, 8gb, 240gb SSD, dual & single Intel NICs

        1 Reply Last reply Reply Quote 0
        • First post
          Last post