User Tools

Site Tools


pfsense:suricata:install_suricata:have_suricata_monitor_the_lan_interface

PFSense - Suricata - Install Suricata - Have Suricata Monitor the LAN Interface

Copy the WAN settings to LAN

Navigate to Services → Suricata → Interfaces.

Against the previously configured WAN interface, select to make a copy:


Configure LAN

The settings will initially be the same as previously configured for the WAN.

  • Interface should automatically show LAN, but select the right interface here as required.

Change these settings for the LAN:

  • Alert Suppression and Filtering: LANSuppressList. Select the LAN Suppress List.
  • Block Offenders: Not Checked. Initially do not block LAN, just monitor.

NOTE: It is highly recommended to not enable blocking on the LAN at first.

This could result in internal devices being locked out until they were released.

Instead, recommendation to run without blocking for say a week or so, checking what alerts are raised against the LAN, and suppressing any false positives as needed.

Once happy with the changes, say after a week, then Check the Block Offenders.

pfsense/suricata/install_suricata/have_suricata_monitor_the_lan_interface.txt · Last modified: 2021/01/22 14:10 by peter

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki