I have an OPNsense firewall setup with 3 interfaces, WAN, LAN, and OPT1. I’ve installed and enabled Suricata, and downloaded all ET rules. I have a domain controller sitting in OPT1 and a kali machine in LAN. When i attempt to attack the domain controller (using auxiliary/scanner/smb/smb_ms17_010 from msfconsole) I get no alerts.
I have run a curl testmynids.org..... on:
- the firewall host itself, and i do indeed get an alert
- the kali machine, and i do indeed get an alert
- on the domain controller (in OPT1 intf), and do also indeed get an alert
Please help. Thanks
- Suricata version - 7.0.4
- Operating system and/or Linux distribution - it’s on OPNsense firewall (FreeBSD)
- How you installed Suricata (from source, packages, something else) - it’s on OPNsense firewall - so from packages via OPNsense GUI