After I copy my xml file to opnsense, it does not show in the download list. Any ideas how to fix this?

How do i get back to my WEBgui now? Didnt see your correction now cannot get to the WEBgui?

@@ViszlaBoss I may have experienced the same thing. It went unresponsive and I had to delete the opnsense vm and start from scratch.

@@steveyoung5848 You can just restore factory defaults and reset the ip of the wan and lan, full deletion isnt needed

​@ViszlaBoss it would be responsible for him to speak on this since following his tutorial messed it up

could you find the rules files?

did you find the rule files?

@@leckovich I kinda confuse myself as he just skips steps assuming we know how to do stuff but most im seeing the rules like file is under /var/lib/suricata/rules/suricata.rules Which a bunch of rules have already been created by preset. As for us creating one and if we need to configure suricate to be able to other stuff I am quite lost. Following this video right now as kinda makes a bit more sense: kzbin.info/www/bejne/i4muk5tmn7WDpsk

My gui disappeared after doing that and now I can't access my router 😭

Hi, Thanks for watching, The short answer is yes, you will need to make sure that when you configure your HA settings, under the XMLRPC sync, select the "intrusion detection" option and it should sync the settings between the master and backup firewall.

Yes, he turned it on instead to turn it off ;) Here is a video from closest to source of Suricata: kzbin.info/www/bejne/laqsomZ9gpmaoKM

Also in "home networks" lot of sources are telling that you need put there a WAN subnet, not only the LAN subnet.

I agree, he did it backward.

Thanks for watching! The choice is entirely yours based on your unique requirements on how you wish to set this up. If you choose to drop the packet it will stop processing the packet and alert. If you choose just to alert, the packet will still be allowed and only an alert will be sent, for further analysis.

i have same problem

9 months late but the > in the rules should be ->

Hi there, Zenarmor basically uses Suricata in the background to achieve the same result. Zenarmor is generally easier to setup and use. As a side note, if you try to run Zenarmor and this at the same time you will get a error. You will need to disable this firstly, then install Zenarmor. If you have not already seen I have a video covering this: kzbin.info/www/bejne/iISxhmCXit-ZnaM

@@ls111cyberEd thank you

Thanks for watching. The link is included in the description under ET Pro Telemetry, but for your convenience, I have included it here shop.opnsense.com/product/etpro-telemetry/ All the links to get the PRO plugin working and more info about ProofPoint can be found there.

@@ls111cyberEd Thank you! Actually I figured it out just after posting my question :). Anyway, great video as all other materials from your channel. Adding to my favorites :)

Thanks, @MarekCezaryWojtaszek, I appreciate the support!

Yes your are correct, anywhere that you apply additional processing/filtering of traffic on your network you will note throughput degradations regardless of the manufacturer, software or appliance used. As to how much in this case I cant give you an exact amount because it will be dependent on things like hardware variables and number of users on the network. for e.g. If I install OPNSense on high-end hardware with a powerful CPU and Intel based NICs naturally we can expect better throughput than if we use lower-end hardware. According to the OPNSense manual their recommended hardware spec is 1.5Ghz multi-core CPU, 8GB RAM, 120GB SSD and they state a throughput range of 350-750+ Mbps with the full feature set enabled, which includes Squid Proxy, Captive Portal etc. I hope that this answer helps. 👍

In my case on Zimaboard 432 and intel i350-t4 card without IDS 700mbits down 100 up. With IDS on 500 mbits down/100 mbits up. Home environment so its not even noticeable

I am facing the same issue. No alerts in my IDS

@@armstrongnhlabatsi1925 I’m still stuck there tbh lol. Im hopeful to get a solution

Hi bro. Check your custom map rule. You might have picket http traffic instead of tcp.

Hi and thanks for watching, please double check that SSH has been enabled like I showed from 13:16 onward and that you have your listening interface set to LAN, this will automatically take care of the firewall rules for you opening that port. The reason port 21 wont work is because firstly we don't have any services listening on port 21 (FTP) and secondly the firewall will drop it since we have not told the firewall to explicitly allow it. Secure FTP (SFTP) listens on port 22. When you are in filezilla please make sure that you use sftp://x.x.x.x and the port number 22 with your OPNSense username and password, it should then connect.

Not what he said to do but I kept having a bunch of issues including this until I just enabled DHCP for the interface... might break things later though.

Hi and thanks for watching, nothing at this stage of the process should prevent you from accessing the firewall that comes to mind, just double-check that you have set up your home network and interfaces correctly and worst case reboot the FW and try again.

Thanks for watching, using static IP addresses or DHCP is totally your choice in this lab and if either of these options are set up correctly everything will work. I chose static IP addresses to keep everything consistent when creating this lab, DHCP being dynamic in its operation can not guarantee that same consistency.

Thank you

It's updated version. The error reads' "411 netmap_transmit em0 drop mbuf that needs checksum of ...." Applied on both LAN and WAN interfaces, one by one. Before enabling IPS, it works well.

Check you custom map rule. You might have written http instead of tcp

you have to reset the machine trought the vm of opnsense, login and after insert 4 for favtory reset, or user one of the automatic backup using the option 13

Thanks for watching! Yes, it's a good practice to monitor your outgoing or egress traffic. Just a basic example, let's say a user on your network unknowingly downloads malware or something malicious, by using an IPS/IDS on the outgoing traffic you could detect and prevent the malware from calling home for instance.

Hello Pat, I went to have a look at the ticket as advised by the message, you can have a look here: redmine.openinfosecfoundation.org/issues/4744 It seems this is just a warning at this stage and should not prevent you from completing the lab. The way I understand the ticket, it has to do with the app-layer protocol section in the suricata.yaml config file where if this section is missing in the config file, the system will automatically enable it as a workaround in versions 6.0.x of Suricata. For future versions of Suricata 7.0 (which is in the Release Candidate stage of development) they just state that this protocol section will need to be explicitly defined in the .yaml file or it wont work moving forward. Since Suricate is baked into the OPNSense firewall it will most likely be patched or upgraded before Suricata 7 moves into stable release. Hope that this answer helps!

Hi, unfortunately not, my main focus right now is to produce video content, however, I may write about this at a later stage, you can keep a eye on my blog if you like. Link ls111.me

Hi, thanks for watching! Please double check that your python http server is running from the directory where you placed your rules as seen in the video at 18:40, hope that helps.

@@ls111cyberEd I ran into this issue and it took me a while to find out why. Make sure your customnmap.xml file is correct whether that be the correct IP or the correct format. I had formatting issues in mine.

@@MrIrelevant12 broo, What is the correct format? Should I use the .xml file extension?

I just copied both files from the video, but you have to be very careful with the formatting. I just checked each line.@@viettran3959

@@MrIrelevant12 Good call! I couldn't get my customnmap.xml file to serve to opnsense due to a missing / in the file! All it takes is one missing character sometimes to throw things off.

had to update my kali in order to get it

@@nnekalyn4494 I did unable to do let me try again