Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort blocking VPN traffic

    Scheduled Pinned Locked Moved
    pfSense Packages
    2
    2
    197
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xokia
      last edited by xokia

      My wife and I both work from home. We both use Cisco anyConnect to connect back to our corporate offices. We work for 2 different companies. Snort will flag this as suspicions and then block the IP.

      I have seen some notes about adding the VPN address to the white list. We both work for 100k+ employee companies. The VPN IP is not static and can be any number of different VPN IPs. This list would get long and would get annoying to have to keep adding IPs to the whitelist.

      Is there a better way to allow VPN traffic on the LAN? Ideally I'd like to make it so any VPN traffic originating from the LAN is allowed. Or maybe any VPN traffic from a specific mac address?

      Tons of these
      d0762a8d-52ce-4655-b448-c51f611285cb-image.png

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by bmeeks

        Why don't you just disable that rule instead? It is an ET Policy rule. Those are usually used just for notification or to enforce some corporate policy. You've discovered that it is falsely triggering in your network due to the VPN traffic (a false positive), so just disable it. Click the red X under the GID:SID column in the ALERTS tab.

        1 Reply Last reply Reply Quote 2
        • First post
          Last post