Also, for anyone interested, here are the only ET Open rule sets I have disabled:
emerging-chat.rules
emerging-deleted.rules
emerging-games.rules
emerging-p2p.rules
emerging-policy.rules
emerging-voip.rules
Also also, if you find your VPN client connection randomly disconnecting after setting up Suricata, disable
1:2200073 SURICATA IPv4 invalid checksum
I don't know if it triggers on other VPN providers, but I use Private Internet Access.
1 Like
I too attempted to run Snort and Suricata, but it just completely hosed my entire configuration even when the interface was disabled on both occasions. I had to set pfSense back to default settings and then loaded a previous working backup! When I try to load and run any add-on my system goes to crap! I am getting the feeling that pfSense is very finicky!
Another obstacle I encountered after switching to Suricata was that I was losing my forwarded port on my VPN client every twelve hours. I realized that the rules update was completely restarting the interfaces. I had to enable 'Live Rule Swap on Update' in the Global Settings for Suricata.
3 Likes
I noticed a lot of people were looking for a more detailed video on Suricata so I made one that covers more of the configuration and tuning of rulesets and shows it in use.
7 Likes