Suricata LAN interface Inline IPS Mode with native netmap.
-
Re: SG-5100 21.02-Release unable to use IPS due to NETMAP
Hallo together,
there is allready a post about this topic but the Web-Helper says its better to create a new Post.
So one of my SG-3100s get an Upgrade to 22.05, after the upgrade I reinstalled Suricata (6.0.4_1) and wanted to start it on my LAN Interface (mvneta1).
The following Error occoured: The 'lan' interface does not support Inline IPS Mode with native netmap.
But its not just happen on this Interface, on every interface I get the same message when I try to use Inline Mode. Same happening on a SG-5100 where the Ports ix0-3 are put together on a bridge.So I saw the workaround in the linked post, is it currently working or is there a solution for the problem (or maybe I overlook something?)
Thank you!
-
The NIC drivers used within the SG-3100 do not support native netmap operation, thus the package excludes you from choosing to run Inline IPS Mode with those drivers. You are limited to Legacy Mode only. The GUI code contains a list of the FreeBSD netmap-compatible NIC drivers, and it compares your NIC to that list to check for compatibility before allowing you to save the configuration. It's keeping you from shooting your foot off .
For your SG-5100, it is the bridge configuration that is not netmap compatible and thus Inline IPS Mode is not supported in Suricata. But why do you have a bridge enabled on an SG-5100? Bridges are generally never a good idea when a $20 switch can do a much better job (and not cause you other issues such as killing netmap IPS operation). I just checked, and a 5-port NETGEAR unmanaged Gigabit switch is just $17.99 on Amazon.
-
hola, necesito saber porque al utilizar suricata en pfsense y configurar el modo ips y cargarle reglas en una interfaz al iniciar suricata en dicha interfaz me bloquea el acceso web y me sale ERROR 502 Bad Gategay