Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is snort inline IPS mode supported on the SG-2100?

    General pfSense Questions
    6
    7
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • pzangaP
      pzanga
      last edited by

      Sorry is this is answered somewhere else, but I cannot seem to find a clear answer on this. I have a new SG-2100 I am currently setting up. I see inline mode for Snort is available to be enabled, but it is not clear to me if the NIC in the 2100 will actually support it. I've searched these forums and the Google, but can't find an answer to this question.

      Thanks

      1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott
        last edited by

        Unless I'm missing something, snort just examines packets, which means the NIC has to be able to receive them. Any NIC that can't do that is NFG. If you can run Packet Capture, you should be able to run snort. The only thing that might have to be enabled is promiscuous mode. Again, Packet Capture uses that.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by stephenw10

          In-Line mode requires netmap support. And native support for reasonable throughput:
          https://www.freebsd.org/cgi/man.cgi?query=netmap#SUPPORTED_DEVICES

          The mvneta NICs in the SG-2100 do not support it natively.

          Steve

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by bmeeks

            @stephenw10 is correct. The NIC hardware in the SG-2100 does not natively support the netmap kernel device required for Inline IPS Mode operation. Some code was added to the GUI package a few revisions back that now checks if your NIC hardware supports native netmap. If not, an error is printed when you attempt to enable Inline IPS Mode operation and the change is not saved. This is because emulated netmap mode is super slow and not worth the effort as it can severely limit throughput.

            So for the SG-2100, and similar appliances with the mvneta NICs, you will need to use Legacy Mode Blocking if you enable blocking.

            Edit: I need to add that hopefully in pfSense-2.5 the number of NICs that work with netmap will increase because FreeBSD-12 and up implements the iflib driver framework for NIC drivers. The netmap support was moved from being a responsibility of the NIC driver to FreeBSD by way of iflib.

            pzangaP D 2 Replies Last reply Reply Quote 1
            • pzangaP
              pzanga @bmeeks
              last edited by

              Thanks @bmeeks and @stephenw10 for the answer. I didn't think it was supported, but couldn't be sure. Thanks for the straight forward answers and explanations.

              1 Reply Last reply Reply Quote 0
              • D
                DBEEE @bmeeks
                last edited by

                This post is deleted!
                1 Reply Last reply Reply Quote 0
                • JonathanLeeJ
                  JonathanLee
                  last edited by

                  Screenshot 2023-10-04 at 6.34.52 PM.png

                  2100-SG no go

                  :(

                  Make sure to upvote

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.