Snort inline IPS mode
-
Hi,
Just downloaded Snort 3.2.9.11, followed the introduction and configuration instructions for inline IPS mode but I'm unable to find the inline mode selection.
Is inline IPS mode available for Snort 3.2.9.11. I'm currently running pfsense 2.4.5.
Regards,
Karl
-
Did you not see in that setup information thread that the Inline IPS Mode was only available in the 4.x package versions? Here is one of the posts from that thread that talks about this limitation: https://forum.netgate.com/topic/143812/snort-package-4-0-inline-ips-mode-introduction-and-configuration-instructions/3.
Inline IPS Mode is only available with the 4.x versions of the Snort package that are published for pfSense-2.5 DEVEL snapshots. This is because that mode requires some things (dependencies) that are only available in FreeBSD 12.1. The 2.4.5-RELEASE version of pfSense is based on FreeBSD 11.3.
There is an Inline IPS Mode available for the Suricata package on pfSense-2.4.5, but use of the Inline IPS mode with either package requires that your NIC driver fully support the
netmapkernel device. Several popular Intel NICs do, and a handful of others from other manufacturers will as well. However not every NIC driver is compatible. If your particular NIC driver is not, then you can have problems ranging from nuisance log noise all the way to the firewall stops passing traffic on the interface and/or randomly reboots. -
Thank you,