Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [solved] Suricata in legacy mode with Wireguard interface

    Scheduled Pinned Locked Moved
    IDS/IPS
    1
    2
    203
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Bob.DigB
      Bob.Dig LAYER 8
      last edited by Bob.Dig

      To be honest, I am impatient, if it will work. I just have finished the setup with Suricata listening on a Wireguard interface to which only SMTP traffic will get NATed to from WAN. And I see no alerts. 😓
      I activated all of the Emerging Threats Open Rules, Feodo Tracker Botnet C2 IP Rules and ABUSE.ch SSL Blacklist Rules.
      I haven't used IDS for a long time.
      How long will it takes until I see an alert? And if I don't see one, does this means, Suricata can not be run on Wireguard?

      Bob.DigB 1 Reply Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8 @Bob.Dig
        last edited by

        So it does work. 😊

        Capturexx.PNG

        1 Reply Last reply Reply Quote 0
        • First post
          Last post