Buy this Domain

Discussions

Explore the latest discussions related to this domain.

How do I properly use suricata for one exposed vlan?

Main Post:

My current network set up has a single vlan dedicated for exposed applications. Right now I just have one port open for a game I host, and in the future I want to host a website. I set up suricata successfully and pointed it to my WAN and this VLAN. The thing is, I will only ever have exposed ports to this vlan, and I do not see the point in wasting processing power on blocking useless scans.

Would removing WAN or leaving only this vlan work, or would thst only monitor internal traffic? Regardless, what's the best way or accomplishing what i am trying to do?

Top Comment:

OP, what you're describing is a DMZ for your publicly accessible systems which is best practice. You need to select the "Promiscuous mode" option in the IDS settings. You don't need to have all of your interfaces selected for inspection, but you do need to select the parent interface of the VLAN and not the VLAN interface itself. Click the information "i" next to the fields in the IDS page for more details on what each option does.

April 8, 2024 | Forum: r/opnsense