4. Suricata Inline and Traffic Shaping

Suricata Inline and Traffic Shaping

  • D

    I've been using Suricata Inline mode for a few months and I noticed that it breaks the graphing of the outbound bandwidth, actually any reporting of outbound traffic (the traffic still flows, just no reporting on it).

    Well, today I setup Traffic shaping and saw that the queue reporting was also not working. Turning off Inline mode fixes all issues. I don't know if Traffic Shaping is actually being broken or it's just the reporting of it that's affected.

    I'm hoping someone else can confirm that they see the same behavior.

    Thanks!

    0

  • Running Suricata with Inline IPS Mode automatically activates the FreeBSD netmap device. Using the netmap device seems to break things like traffic shaping and bandwidth recording. These are all issues within FreeBSD itself and are not directly related to pfSense nor Suricata.

    Unfortunately netmap is not a 100% mature technology on FreeBSD and thus has some warts. If shaping and bandwith monitoring are important to you, you should switch over to Legacy Mode blocking. On the other hand, if those things are something you can do without, then Inline IPS Mode offers several benefits when compared to Legacy Mode blocking.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy