In this pfSense video I walk through what IDS/IPS actually is, why it still matters even though so much traffic is encrypted now, and how I set it up using Suricata. I go step-by-step through installing the Suricata package, grabbing rule sets (ET Open / Emerging Threats is the big one in my opinion), and configuring global settings like update intervals and live rule swap. Live rule swap is a must for me, because I don’t want daily rule updates hard-restarting an interface and interrupting a home network that has servers running 24/7. From there I add Suricata to an interface and explain the decision-making: I strongly prefer running it on the LAN side instead of WAN, because scanning tons of inbound junk that the firewall would block anyway is just wasted CPU. I also show how rule categories impact CPU and false positives, why I start in monitoring-only mode, and how I use SID Management to disable noisy rules (my example is the “.to” DNS alert that trips on Amazon affiliate short links). Finally, I enable blocking with inline mode, explain inline vs legacy, and troubleshoot the classic VLAN offload issue that can drop connectivity—then fix it by disabling VLAN hardware offloading and making it persistent with a startup command.