Project

General

Profile

Actions

Feature #6866

closed

Suricata multiple interfaces

Added by Idar Lund about 8 years ago. Updated about 5 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Suricata
Target version:
-
Start date:
10/19/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

I've set up Suricata on the WAN interface. When an alert happen I don't see what internal address caused the alert. It is not possible to configure Suricata to show the internal (NAT) affected IP instead of the wan IP, because the Suricata process will only see the the traffic as it comes from or is sent to the WAN interface.

The workaround I did was to set up Suricata on the internal interfaces instead, but the problem is that when having many vlans, we have to set up several Suricata processes (one for each interface).

The Suricata config does support several interfaces per process. It would be nice to have this configuration possibility in the pfsense GUI.

Actions

Also available in: Atom PDF