Okay, I understand what your saying now. I agree, reliability is key. Maybe a second firewall for customers who want that specifically. This will be a major point failure. :-) Thanks!
Tony On Thu, Feb 10, 2011 at 9:46 AM, Greg Hennessy <greg.henne...@nviz.net> wrote: > I'm saying that for a hosted site style deployment that one shouldn't attempt > to cover the lot with a single point of inspection. > > If/when PFSense offers virtualized instances like say Juniper VSYS, then each > site [cw]ould have it's own dedicated firewall/I[DP]S instance. > Change control etc can then be applied at the most appropriate level. > >> -----Original Message----- >> From: Tony Zakula [mailto:tonyzak...@gmail.com] >> Sent: 10 February 2011 3:36 PM >> To: discussion@pfsense.com >> Subject: Re: [pfSense-discussion] Considering Switching to Pfsense >> >> Wow! Cool. So the IDS is built in. >> >> Greg, are you saying you can enable or disable Snort on an ip address >> basis? Some ips get it and some do not? Can you expound on that a >> little? I always assumed it was firewall wide, or are you saying each >> hosted site would have their own IDS or paying customers would be >> behind another router/firewall? >> >> Thanks for all this great info! >> >> Tony >> >> On Thu, Feb 10, 2011 at 9:30 AM, Greg Hennessy <greg.henne...@nviz.net> >> wrote: >> > For hosted sites, I would suggest enablement on a site by site basis. >> > >> > >> > >> > A change control snafu/bad update could kill everything otherwise. >> > >> > >> > >> > From: Tim Dressel [mailto:tjdres...@gmail.com] >> > Sent: 10 February 2011 3:29 PM >> > To: discussion@pfsense.com >> > Subject: Re: [pfSense-discussion] Considering Switching to Pfsense >> > >> > >> > >> > The snort plugin has this functionality built in. Just enter your >> oink code >> > and set how often you want it to update. >> > >> > On Thu, Feb 10, 2011 at 7:16 AM, Tony Zakula <tonyzak...@gmail.com> >> wrote: >> > >> > Yes, but I was just wondering if this is routing for say several >> > hundred hosted sites, if it would be appropriate to do that on the >> > main router or not. I guess you could start with that, but then turn >> > it off right? >> > >> > How then do people update their rules if they are using say snort? >> > Purchase a contract direct? Any other solutions out there for >> > Pfsense? >> > >> > Tony Z >> > >> > On Thu, Feb 10, 2011 at 2:38 AM, Greg Hennessy >> <greg.henne...@nviz.net> >> > wrote: >> >> >> >>> >> >>> Any thoughts on whether IDS is appropriate at the perimeter or not? >> >>> >> >> >> >> If you take a look at any serious commercial firewall offering on >> the >> >> market, integrated IDS/IPS is the order of the day. >> >> >> >> More sophisticated solutions offer application control. >> >> >> >> -------------------------------------------------------------------- >> - >> >> To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com >> >> For additional commands, e-mail: discussion-h...@pfsense.com >> >> >> >> Commercial support available - https://portal.pfsense.org >> >> >> >> >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com >> > For additional commands, e-mail: discussion-h...@pfsense.com >> > >> > Commercial support available - https://portal.pfsense.org >> > >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com >> For additional commands, e-mail: discussion-h...@pfsense.com >> >> Commercial support available - https://portal.pfsense.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > For additional commands, e-mail: discussion-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
