[Oisf-users] Trouble with Suricata and SSL VPN
Leonard Jacobs
ljacobs at netsecuris.com
Wed May 1 10:47:20 UTC 2013
Do you have a suggesting on how much to increase the timeouts? Or just have to experiment with them? And you are referring to the TCP flow-timeouts, correct?
Thanks.
-----Original Message-----
From: oisf-users-bounces at openinfosecfoundation.org [mailto:oisf-users-bounces at openinfosecfoundation.org] On Behalf Of Victor Julien
Sent: Wednesday, May 01, 2013 3:01 AM
To: oisf-users at openinfosecfoundation.org
Subject: Re: [Oisf-users] Trouble with Suricata and SSL VPN
On 04/30/2013 02:05 PM, Leonard Jacobs wrote:
> Yes. It appears that the problem only occurs with SonicWALL Adventail SSL VPN. It is reported that connecting to it is slow and it disconnects as if a timeout occurs. We have increased the number af-packet threads to 6 from 4 that was set yesterday and we changed the cpu cores setting in suricata.yaml from the default of 1.5 to 2. We are running an i7 processor which has 4 cores and 8 threads.
Does the disconnect interval relate to any of the flow-timeout values in your yaml? If so you can try increasing those, or forcing a keep-alive mechanism in the vpn to stay within the timeout values.
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml#Flow-Time-Outs
Cheers,
Victor
> -----Original Message-----
> From: Peter Manev [mailto:petermanev at gmail.com]
> Sent: Tuesday, April 30, 2013 2:08 AM
> To: Leonard Jacobs
> Cc: oisf-users
> Subject: Re: [Oisf-users] Trouble with Suricata and SSL VPN
>
> On Mon, Apr 29, 2013 at 6:02 PM, Leonard Jacobs <ljacobs at netsecuris.com> wrote:
>> We are having a network latency problem using af-packet IPS mode when
>> accessing SSL VPN to the point that SSL VPN disconnects. What could
>> be causing this problem?
>>
>> We are using 4 threads with af-packet. We are seeing the connection
>> in http.log file.
>>
>> Leonard
>>
>>
> Hi Leonard,
>
> Do you experience that (in this set up) only with SSL VPN ?
>
> thanks
>
> --
> Regards,
> Peter Manev
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/
More information about the Oisf-users
mailing list