Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata inline causing interface restart

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 446 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nikb
      last edited by

      I'm running into an issue with the Netgate XG-7100 and Suricata in inline mode. Suricata seems to be filling up the buffer of the NIC and causing the VLAN LAGG interface to restart constantly. I've disabled the hardware offloading options in advanced -> networking, and reduced the rules to only some of the Emerging Threats ruleset categories but I'm still running into this.

      I'm running VLANs and I've read that turning off vlanhwfilter on the interface can help, but I'm not sure how this will affect the VLANs. Does anyone know if this will help? Or will it affect the VLANS?

      Or does the XG-7100 just not have the processing power to keep up with Suricata and about 100 networked clients?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        If you have Intel NICs, then see if any of the suggestions in this Sticky Post will help you.

        As for disabling hardware VLAN filtering, see this thread: https://forum.netgate.com/topic/117547/vlan-hardware-filtering.

        1 Reply Last reply Reply Quote 0
        • N
          nikb
          last edited by

          I've tried most of that thread, but no luck. Looks like CPU just can't keep up. Thanks for the suggestions!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.