you need to use the management network to download.
On Tue, Sep 30, 2014 at 3:01 PM, Jeronimo L. Cabral <[email protected]> wrote: > Dear, I can't understand at all....please be patient with me :( > > I'll use pFsense with Snort as a IPS because I see is easier than the > manually configuration of Snort. > > I have an ISP router with 200.1.1.1, a corporate firewall with 200.1.1.2 > and the condition is that I MUST LET THIS CONFIGURATION AS IT IS NOW. > > So, I have to locate the pFsense server between the router and the > firewall, in "inline" mode. > > My pFsense server has 3 network interfaces, let's say: WAN connected to > router, LAN connected to corporate firewall and OPT1 for management with IP > 192.168.1.1. > > Now I have the question: > > How should I have to configure the WAN and LAN interfaces, with IP, > IP-less, creating a bridging interface IP-less or with IP ???? Because if I > create a bridge with WAN and LAN and I don't assign an IP, the IPS won't > download the signs from Internet...I'm a bit confused. > > Thanks a lot, regards. > > JeLo > > > > On Tue, Sep 30, 2014 at 10:55 AM, Ivo Tonev <[email protected]> wrote: > >> Yes. Always use out of band management. >> >> >> >> On Tue, Sep 30, 2014 at 10:35 AM, Roberto Carna <[email protected] >> > wrote: >> >>> Ivo, that's a good idea....but please tell me if I'm correct or not: >>> >>> WAN, LAN, Bridge interfaces: IP-Less >>> OPT1: IP for management in a management network >>> >>> Tnaks again, >>> >>> 2014-09-30 9:27 GMT-03:00 Ivo Tonev <[email protected]>: >>> > I recommend you create a management network for OPT1 with private IP. >>> > >>> > >>> > On Tue, Sep 30, 2014 at 12:13 AM, Roberto Carna < >>> [email protected]> >>> > wrote: >>> >> >>> >> I think this is good for us: >>> >> >>> >> >>> >> - Router ISP with IP 200.0.0.1 >>> >> >>> >> - pFsense with the following interfaces: >>> >> >>> >> a) WAN IP-Less >>> >> b) LAN IP-Less >>> >> c) OPT1 with IP 200.0.0.2 (management) >>> >> d) Bridge with WAN and LAN interfaces, and Bridge interface IP-Less >>> >> >>> >> - Corporate firewall with IP 200.0.0.3 >>> >> >>> >> - Snort runs in Bridge interface >>> >> >>> >> Do you think this is correct ??? >>> >> >>> >> Good night !!! >>> >> >>> >> Roberto >>> >> >>> >> >>> >> 2014-09-29 22:09 GMT-03:00 Jeronimo L. Cabral <[email protected]>: >>> >> > I can say that I imagine this addresses space: >>> >> > >>> >> > Router / IP 200.1.1.1 --- WAN IP-Less / pFsense/ LAN IP-Less --- >>> >> > Firewall / >>> >> > IP 200.1.1.2 >>> >> > OPT1 / IP >>> >> > 200.1.1.3 >>> >> > >>> (management) >>> >> > >>> >> > So, the WAN and LAN interfaces from pFsense are IP-LESS (promiscuos >>> >> > mode), >>> >> > and the OPT1 interface from pFsense has a public IP as router and >>> >> > firewall. >>> >> > >>> >> > Can I do this in pfsense ??? >>> >> > >>> >> > >>> >> > On Mon, Sep 29, 2014 at 9:49 PM, Jeronimo L. Cabral >>> >> > <[email protected]> >>> >> > wrote: >>> >> >> >>> >> >> OK Ivo, this is very helpful to me....Suppose I have: >>> >> >> >>> >> >> Router / IP 200.1.1.1 --- WAN/pFsense/LAN --- Firewall / IP >>> 200.1.1.2 >>> >> >> >>> >> >> I have to maintan invariable the addressing of this scenario, so >>> what >>> >> >> IP >>> >> >> addresses do I have to assign to WAN and LAN pFsense interfaces ??? >>> >> >> >>> >> >> Thanks a lot, >>> >> >> >>> >> >> JeLo >>> >> >> >>> >> >> On Mon, Sep 29, 2014 at 9:32 PM, Ivo Tonev <[email protected]> >>> wrote: >>> >> >>> >>> >> >>> In production environment you need 3 interfaces - one for WAN, >>> one for >>> >> >>> LAN and one for management. >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> >>> http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/ips/ips_qsg.html >>> >> >>> >>> >> >>> >>> >> >>> On Mon, Sep 29, 2014 at 9:24 PM, compdoc <[email protected]> >>> wrote: >>> >> >>>> >>> >> >>>> > But you say: one interface for WAN, a second for >>> >> >>>> >>> >> >>>> >LAN...and which interface is for managing ??? >>> >> >>>> >>> >> >>>> >>> >> >>>> >>> >> >>>> >>> >> >>>> >>> >> >>>> You manage with a browser from LAN, and optional also from the >>> WAN >>> >> >>>> port. >>> >> >>>> And with ssh from the LAN. >>> >> >>>> >>> >> >>>> >>> >> >>>> >>> >> >>>> >>> >> >>>> _______________________________________________ >>> >> >>>> List mailing list >>> >> >>>> [email protected] >>> >> >>>> https://lists.pfsense.org/mailman/listinfo/list >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> >>> >> >>> -- >>> >> >>> Ivo R. Tonev >>> >> >>> +55 61 8409-2642 >>> >> >>> [email protected] >>> >> >>> >>> >> >>> _______________________________________________ >>> >> >>> List mailing list >>> >> >>> [email protected] >>> >> >>> https://lists.pfsense.org/mailman/listinfo/list >>> >> >> >>> >> >> >>> >> > >>> >> > >>> >> > _______________________________________________ >>> >> > List mailing list >>> >> > [email protected] >>> >> > https://lists.pfsense.org/mailman/listinfo/list >>> >> _______________________________________________ >>> >> List mailing list >>> >> [email protected] >>> >> https://lists.pfsense.org/mailman/listinfo/list >>> > >>> > >>> > >>> > >>> > -- >>> > Ivo R. Tonev >>> > +55 61 8409-2642 >>> > [email protected] >>> > >>> > _______________________________________________ >>> > List mailing list >>> > [email protected] >>> > https://lists.pfsense.org/mailman/listinfo/list >>> _______________________________________________ >>> List mailing list >>> [email protected] >>> https://lists.pfsense.org/mailman/listinfo/list >>> >> >> >> >> -- >> Ivo R. Tonev >> +55 61 8409-2642 >> [email protected] >> >> _______________________________________________ >> List mailing list >> [email protected] >> https://lists.pfsense.org/mailman/listinfo/list >> > > > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list > -- Ivo R. Tonev +55 61 8409-2642 [email protected]
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
