Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata not blocking - in blocking mode

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 569 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michmoor LAYER 8 Rebel Alliance
      last edited by

      For some reason, and perhaps i am missing something here, i cant get suricata to block.

      Below are my settings

      a3d5039c-3841-403a-beaa-9736022abddf-image.png

      I issued an namp on my LAN towards my DMZ hoping to see my IP blocked and i dont. namp scan succeeded.

      9a55fc8a-ff51-48e3-aab5-82deba60a5e4-image.png

      The nmap scan i did: # nmap -sS -T4 -A 192.168.15.3

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      bmeeksB 1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks @michmoor
        last edited by bmeeks

        @michmoor:
        So these are the alerts from the scan?

        If you are using Inline IPS Mode, then the rule is set to ALERT only according to the screenshot.

        If using Legacy Blocking Mode, then most likely your LAN and DMZ are both in the default Pass List and won't be blocked. The default Pass List includes all locally-attached networks on the firewall (except the WAN).

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.