[Oisf-users] Trouble with Suricata and SSL VPN

[Eric Leblond]

Hello,

Le mardi 30 avril 2013 à 07:05 -0500, Leonard Jacobs a écrit :
> Yes.  It appears that the problem only occurs with SonicWALL Adventail SSL VPN. It is reported that connecting to it is slow and it disconnects as if a timeout occurs.  We have increased the number af-packet threads to 6 from 4 that was set yesterday and we changed the cpu cores setting in suricata.yaml from the default of 1.5 to 2. We are running an i7 processor which has 4 cores and 8 threads.

Strange. Could you share privately a pcap file ?

Another question: is the SonicWall directly connected at layer 2 to the
Suricata box ?

BR,

> -----Original Message-----
> From: Peter Manev [mailto:petermanev at gmail.com] 
> Sent: Tuesday, April 30, 2013 2:08 AM
> To: Leonard Jacobs
> Cc: oisf-users
> Subject: Re: [Oisf-users] Trouble with Suricata and SSL VPN
> 
> On Mon, Apr 29, 2013 at 6:02 PM, Leonard Jacobs <ljacobs at netsecuris.com> wrote:
> > We are having a network latency problem using af-packet IPS mode when 
> > accessing SSL VPN to the point that SSL VPN disconnects.  What could 
> > be causing this problem?
> >
> > We are using 4 threads with af-packet.  We are seeing the connection 
> > in http.log file.
> >
> > Leonard
> >
> >
> Hi Leonard,
> 
> Do you experience that (in this set up)  only with SSL VPN ?
> 
> thanks
> 
> --
> Regards,
> Peter Manev
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130430/fb6c39b8/attachment.sig>