1. Home
  2. pfSense Packages
  3. IDS/IPS
  4. Suricata Inline and Traffic Shaping

Suricata Inline and Traffic Shaping

  • D

    I've been using Suricata Inline mode for a few months and I noticed that it breaks the graphing of the outbound bandwidth, actually any reporting of outbound traffic (the traffic still flows, just no reporting on it).

    Well, today I setup Traffic shaping and saw that the queue reporting was also not working. Turning off Inline mode fixes all issues. I don't know if Traffic Shaping is actually being broken or it's just the reporting of it that's affected.

    I'm hoping someone else can confirm that they see the same behavior.

    Thanks!

    0
  • bmeeks

    Running Suricata with Inline IPS Mode automatically activates the FreeBSD netmap device. Using the netmap device seems to break things like traffic shaping and bandwidth recording. These are all issues within FreeBSD itself and are not directly related to pfSense nor Suricata.

    Unfortunately netmap is not a 100% mature technology on FreeBSD and thus has some warts. If shaping and bandwith monitoring are important to you, you should switch over to Legacy Mode blocking. On the other hand, if those things are something you can do without, then Inline IPS Mode offers several benefits when compared to Legacy Mode blocking.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy