You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In UI page "Services: Intrusion Detection: Administration", tab "Download", enabling or disabling rulesets, and then pressing the "Download & Update Rules" button doesn't seem to make those rule changes take effect, in the current IDS/IPS behavior of the device.
(The button spinner will appear for a long time, sometimes more than a minute, but the rules still don't take effect.)
This can give a false sense of security. It can also complicate diagnosing a problem, or (in my case) when evaluating IDS/IPS performance.
However, if you then go to tab "Settings", and press the "Apply" button (and again possibly wait a minute or more for another button spinner to finish), the rules changes on the other tab do take effect.
To Reproduce
Steps to reproduce the behavior:
Make sure the Suricata IDS is set up, including going to UI "/ui/ids#settings", and making sure that "Enabled" and "IPS mode" are ON. (In my case, I had interface set to "WAN", and pattern matcher "Hyperscan".)
Confirm that filtering using some access that you know will either succeed or fail, due to some ruleset. (In my case, 2 of the rulesets block a speed test server near me.)
Go to UI "/ui/ids#download_settings", and toggle the enabling/disabling of the ruleset that affects that.
Press the "Download & Update Rules" button.
Confirm that the filtering behavior you were seeing before has not been toggled.
Go to UI "/ui/ids#settings", and press the "Apply" button.
Confirm that the filtering behavior you were seeing before has toggled.
Expected behavior
On the tab where I specify which rulesets to enable/disable, and then have a separate "Download & Update Rules" button that does what seems to be a very expensive operation (taking sometimes a minute or more), I expect it to have "updated" the rules that are being used by the IDS/IDP.
Describe alternatives you considered
If the current behavior is behavior, it isn't intuitive to me, and I didn't see any cues that suggested it.
The "Apply" button on the "Settings" tab presumably applies the settings that are on that tab, not being the way to apply changes from another tab.
Screenshots
(none)
Relevant log files
(none)
Additional context
(none)
Environment
OPNsense 24.7.9_1-amd64
Currently running OPNsense 24.7.9_1 (amd64) at Wed Nov 27 06:18:13 UTC 2024
Your packages are up to date.
The text was updated successfully, but these errors were encountered:
Important notices
Describe the bug
In UI page "Services: Intrusion Detection: Administration", tab "Download", enabling or disabling rulesets, and then pressing the "Download & Update Rules" button doesn't seem to make those rule changes take effect, in the current IDS/IPS behavior of the device.
(The button spinner will appear for a long time, sometimes more than a minute, but the rules still don't take effect.)
This can give a false sense of security. It can also complicate diagnosing a problem, or (in my case) when evaluating IDS/IPS performance.
However, if you then go to tab "Settings", and press the "Apply" button (and again possibly wait a minute or more for another button spinner to finish), the rules changes on the other tab do take effect.
To Reproduce
Steps to reproduce the behavior:
Make sure the Suricata IDS is set up, including going to UI "/ui/ids#settings", and making sure that "Enabled" and "IPS mode" are ON. (In my case, I had interface set to "WAN", and pattern matcher "Hyperscan".)
Confirm that filtering using some access that you know will either succeed or fail, due to some ruleset. (In my case, 2 of the rulesets block a speed test server near me.)
Go to UI "/ui/ids#download_settings", and toggle the enabling/disabling of the ruleset that affects that.
Press the "Download & Update Rules" button.
Confirm that the filtering behavior you were seeing before has not been toggled.
Go to UI "/ui/ids#settings", and press the "Apply" button.
Confirm that the filtering behavior you were seeing before has toggled.
Expected behavior
On the tab where I specify which rulesets to enable/disable, and then have a separate "Download & Update Rules" button that does what seems to be a very expensive operation (taking sometimes a minute or more), I expect it to have "updated" the rules that are being used by the IDS/IDP.
Describe alternatives you considered
If the current behavior is behavior, it isn't intuitive to me, and I didn't see any cues that suggested it.
The "Apply" button on the "Settings" tab presumably applies the settings that are on that tab, not being the way to apply changes from another tab.
Screenshots
(none)
Relevant log files
(none)
Additional context
(none)
Environment
The text was updated successfully, but these errors were encountered: