1.5 KiB
1.5 KiB
Source
- https://homenetworkguy.com/how-to/configure-intrusion-detection-opnsense/
- https://docs.opnsense.org/manual/ips.html
Introduction
"The Intrusion Prevention System (IPS) system of OPNsense is based on Suricata and utilizes Netmap to enhance performance and minimize CPU utilization. This deep packet inspection system is very powerful and can be used to detect and mitigate security threats at wire speed."
Initial Settings
- Got to "Services > Intrusion Detection > Administration" which defaults to the "Settings" tab
- Click the "Enable" checkbox to activate intrusion detection
- Activate IPS by checking "IPS mode"
- Optional: If using VLANs, check the "Promiscuous mode" checkbox
- Set the pattern matcher as "Hyperscan"
- As Interface choose "LAN" to monitory the local network traffic
- When finished click "Apply" to save the settings.
Even though intrusion detection is enabled nothing will happen until we have downloaded some rule sets and configure at least one policy.
Below you see a picture of the network configuration:
Downloading and Enabling Rulesets
(NOTE FOR ME: It has yet too be decided which rules we will use eventually. This also depends on the specific customer' needs.)
- Change to the "Download" tab.
- Select all pre-defined lists (depends on customer' needs) and click on "Enable selected" and directly after "Download & Update Rules"
