<![CDATA[Is snort inline IPS mode supported on the SG-2100?]]>Sorry is this is answered somewhere else, but I cannot seem to find a clear answer on this. I have a new SG-2100 I am currently setting up. I see inline mode for Snort is available to be enabled, but it is not clear to me if the NIC in the 2100 will actually support it. I've searched these forums and the Google, but can't find an answer to this question.

Thanks

]]>https://forum.netgate.com/topic/160408/is-snort-inline-ips-mode-supported-on-the-sg-2100RSS for NodeMon, 08 Jun 2026 17:30:10 GMTSun, 31 Jan 2021 19:17:25 GMT60<![CDATA[Reply to Is snort inline IPS mode supported on the SG-2100? on Thu, 05 Oct 2023 01:44:51 GMT]]>Screenshot 2023-10-04 at 6.34.52 PM.png

2100-SG no go

:(

]]>https://forum.netgate.com/post/1128450https://forum.netgate.com/post/1128450Thu, 05 Oct 2023 01:44:51 GMT<![CDATA[Reply to Is snort inline IPS mode supported on the SG-2100? on Mon, 01 Feb 2021 12:23:53 GMT]]>Thanks @bmeeks and @stephenw10 for the answer. I didn't think it was supported, but couldn't be sure. Thanks for the straight forward answers and explanations.

]]>https://forum.netgate.com/post/960947https://forum.netgate.com/post/960947Mon, 01 Feb 2021 12:23:53 GMT<![CDATA[Reply to Is snort inline IPS mode supported on the SG-2100? on Sun, 31 Jan 2021 22:41:38 GMT]]>@stephenw10 is correct. The NIC hardware in the SG-2100 does not natively support the netmap kernel device required for Inline IPS Mode operation. Some code was added to the GUI package a few revisions back that now checks if your NIC hardware supports native netmap. If not, an error is printed when you attempt to enable Inline IPS Mode operation and the change is not saved. This is because emulated netmap mode is super slow and not worth the effort as it can severely limit throughput.

So for the SG-2100, and similar appliances with the mvneta NICs, you will need to use Legacy Mode Blocking if you enable blocking.

Edit: I need to add that hopefully in pfSense-2.5 the number of NICs that work with netmap will increase because FreeBSD-12 and up implements the iflib driver framework for NIC drivers. The netmap support was moved from being a responsibility of the NIC driver to FreeBSD by way of iflib.

]]>https://forum.netgate.com/post/960837https://forum.netgate.com/post/960837Sun, 31 Jan 2021 22:41:38 GMT<![CDATA[Reply to Is snort inline IPS mode supported on the SG-2100? on Sun, 31 Jan 2021 22:37:42 GMT]]>In-Line mode requires netmap support. And native support for reasonable throughput:
https://www.freebsd.org/cgi/man.cgi?query=netmap#SUPPORTED_DEVICES

The mvneta NICs in the SG-2100 do not support it natively.

Steve

]]>https://forum.netgate.com/post/960830https://forum.netgate.com/post/960830Sun, 31 Jan 2021 22:37:42 GMT<![CDATA[Reply to Is snort inline IPS mode supported on the SG-2100? on Sun, 31 Jan 2021 20:40:10 GMT]]>Unless I'm missing something, snort just examines packets, which means the NIC has to be able to receive them. Any NIC that can't do that is NFG. If you can run Packet Capture, you should be able to run snort. The only thing that might have to be enabled is promiscuous mode. Again, Packet Capture uses that.

]]>https://forum.netgate.com/post/960823https://forum.netgate.com/post/960823Sun, 31 Jan 2021 20:40:10 GMT