Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAN traffic graph stops working if Suricata inline mode is enabled

    Scheduled Pinned Locked Moved IDS/IPS
    5 Posts 4 Posters 637 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • coldfire7C
      coldfire7
      last edited by

      If I enable inline mode then LAN traffic graph stops working

      Suricata Inline Mode:
      alt text

      Version:
      2.5.1-RC, Suricata 6.0.0_9
      alt text

      Traffic Graph:
      alt text

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        I've said this many, many times in previous posts here. Snort and Suricata both, when configured to use Inline IPS Mode, make use of the netmap kernel device. That device, when in use, interferes with a number of other network features such as packet accounting stats, VLANs, and limiters/traffic shaping.

        If those features are important to you, then you must not use Inline IPS Mode and instead revert to Legacy Mode blocking.

        1 Reply Last reply Reply Quote 1
        • NollipfSenseN
          NollipfSense @coldfire7
          last edited by

          @coldfire7 I noticed that Snort on LAN works with in-line mode ... just LAN graph though, no WAN.

          pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
          pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

          I 1 Reply Last reply Reply Quote 0
          • I
            Impatient @NollipfSense
            last edited by

            @nollipfsense
            Not on either of mine.

            NollipfSenseN 1 Reply Last reply Reply Quote 0
            • NollipfSenseN
              NollipfSense @Impatient
              last edited by

              @impatient said in LAN traffic graph stops working if Suricata inline mode is enabled:

              @nollipfsense
              Not on either of mine.

              This is a graph image with Suricata on WAN and Snort on LAN both with in-line mode.

              Screen Shot 2021-04-17 at 11.10.28 PM.png

              pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
              pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.