bridge is necessary, without it there is no forward between interfaces.
On Tue, Sep 30, 2014 at 3:11 PM, Jeronimo L. Cabral <[email protected]> wrote: > OK Ivo, that's a great data.....I really appreciate this... > > But please tell me this at last: > > So WAN and LAN interfaces have no IP assigned ??? > Do I have to create a bridging interface with WAN and LAN interfaces, and > in this case is it possible to have an IP-Less bridging interface ??? Or > the bridge it's not necessary and it's enough with WAN and LAN IP-Less in > promiscuous mode ??? > > Thanks a lot again !!! > > > On Tue, Sep 30, 2014 at 3:04 PM, Ivo Tonev <[email protected]> wrote: > >> you need to use the management network to download. >> >> >> On Tue, Sep 30, 2014 at 3:01 PM, Jeronimo L. Cabral <[email protected] >> > wrote: >> >>> Dear, I can't understand at all....please be patient with me :( >>> >>> I'll use pFsense with Snort as a IPS because I see is easier than the >>> manually configuration of Snort. >>> >>> I have an ISP router with 200.1.1.1, a corporate firewall with 200.1.1.2 >>> and the condition is that I MUST LET THIS CONFIGURATION AS IT IS NOW. >>> >>> So, I have to locate the pFsense server between the router and the >>> firewall, in "inline" mode. >>> >>> My pFsense server has 3 network interfaces, let's say: WAN connected to >>> router, LAN connected to corporate firewall and OPT1 for management with IP >>> 192.168.1.1. >>> >>> Now I have the question: >>> >>> How should I have to configure the WAN and LAN interfaces, with IP, >>> IP-less, creating a bridging interface IP-less or with IP ???? Because if I >>> create a bridge with WAN and LAN and I don't assign an IP, the IPS won't >>> download the signs from Internet...I'm a bit confused. >>> >>> Thanks a lot, regards. >>> >>> JeLo >>> >>> >>> >>> On Tue, Sep 30, 2014 at 10:55 AM, Ivo Tonev <[email protected]> wrote: >>> >>>> Yes. Always use out of band management. >>>> >>>> >>>> >>>> On Tue, Sep 30, 2014 at 10:35 AM, Roberto Carna < >>>> [email protected]> wrote: >>>> >>>>> Ivo, that's a good idea....but please tell me if I'm correct or not: >>>>> >>>>> WAN, LAN, Bridge interfaces: IP-Less >>>>> OPT1: IP for management in a management network >>>>> >>>>> Tnaks again, >>>>> >>>>> 2014-09-30 9:27 GMT-03:00 Ivo Tonev <[email protected]>: >>>>> > I recommend you create a management network for OPT1 with private IP. >>>>> > >>>>> > >>>>> > On Tue, Sep 30, 2014 at 12:13 AM, Roberto Carna < >>>>> [email protected]> >>>>> > wrote: >>>>> >> >>>>> >> I think this is good for us: >>>>> >> >>>>> >> >>>>> >> - Router ISP with IP 200.0.0.1 >>>>> >> >>>>> >> - pFsense with the following interfaces: >>>>> >> >>>>> >> a) WAN IP-Less >>>>> >> b) LAN IP-Less >>>>> >> c) OPT1 with IP 200.0.0.2 (management) >>>>> >> d) Bridge with WAN and LAN interfaces, and Bridge interface >>>>> IP-Less >>>>> >> >>>>> >> - Corporate firewall with IP 200.0.0.3 >>>>> >> >>>>> >> - Snort runs in Bridge interface >>>>> >> >>>>> >> Do you think this is correct ??? >>>>> >> >>>>> >> Good night !!! >>>>> >> >>>>> >> Roberto >>>>> >> >>>>> >> >>>>> >> 2014-09-29 22:09 GMT-03:00 Jeronimo L. Cabral <[email protected] >>>>> >: >>>>> >> > I can say that I imagine this addresses space: >>>>> >> > >>>>> >> > Router / IP 200.1.1.1 --- WAN IP-Less / pFsense/ LAN IP-Less --- >>>>> >> > Firewall / >>>>> >> > IP 200.1.1.2 >>>>> >> > OPT1 / >>>>> IP >>>>> >> > 200.1.1.3 >>>>> >> > >>>>> (management) >>>>> >> > >>>>> >> > So, the WAN and LAN interfaces from pFsense are IP-LESS >>>>> (promiscuos >>>>> >> > mode), >>>>> >> > and the OPT1 interface from pFsense has a public IP as router and >>>>> >> > firewall. >>>>> >> > >>>>> >> > Can I do this in pfsense ??? >>>>> >> > >>>>> >> > >>>>> >> > On Mon, Sep 29, 2014 at 9:49 PM, Jeronimo L. Cabral >>>>> >> > <[email protected]> >>>>> >> > wrote: >>>>> >> >> >>>>> >> >> OK Ivo, this is very helpful to me....Suppose I have: >>>>> >> >> >>>>> >> >> Router / IP 200.1.1.1 --- WAN/pFsense/LAN --- Firewall / IP >>>>> 200.1.1.2 >>>>> >> >> >>>>> >> >> I have to maintan invariable the addressing of this scenario, so >>>>> what >>>>> >> >> IP >>>>> >> >> addresses do I have to assign to WAN and LAN pFsense interfaces >>>>> ??? >>>>> >> >> >>>>> >> >> Thanks a lot, >>>>> >> >> >>>>> >> >> JeLo >>>>> >> >> >>>>> >> >> On Mon, Sep 29, 2014 at 9:32 PM, Ivo Tonev <[email protected]> >>>>> wrote: >>>>> >> >>> >>>>> >> >>> In production environment you need 3 interfaces - one for WAN, >>>>> one for >>>>> >> >>> LAN and one for management. >>>>> >> >>> >>>>> >> >>> >>>>> >> >>> >>>>> >> >>> >>>>> http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/ips/ips_qsg.html >>>>> >> >>> >>>>> >> >>> >>>>> >> >>> On Mon, Sep 29, 2014 at 9:24 PM, compdoc <[email protected]> >>>>> wrote: >>>>> >> >>>> >>>>> >> >>>> > But you say: one interface for WAN, a second for >>>>> >> >>>> >>>>> >> >>>> >LAN...and which interface is for managing ??? >>>>> >> >>>> >>>>> >> >>>> >>>>> >> >>>> >>>>> >> >>>> >>>>> >> >>>> >>>>> >> >>>> You manage with a browser from LAN, and optional also from the >>>>> WAN >>>>> >> >>>> port. >>>>> >> >>>> And with ssh from the LAN. >>>>> >> >>>> >>>>> >> >>>> >>>>> >> >>>> >>>>> >> >>>> >>>>> >> >>>> _______________________________________________ >>>>> >> >>>> List mailing list >>>>> >> >>>> [email protected] >>>>> >> >>>> https://lists.pfsense.org/mailman/listinfo/list >>>>> >> >>> >>>>> >> >>> >>>>> >> >>> >>>>> >> >>> >>>>> >> >>> -- >>>>> >> >>> Ivo R. Tonev >>>>> >> >>> +55 61 8409-2642 >>>>> >> >>> [email protected] >>>>> >> >>> >>>>> >> >>> _______________________________________________ >>>>> >> >>> List mailing list >>>>> >> >>> [email protected] >>>>> >> >>> https://lists.pfsense.org/mailman/listinfo/list >>>>> >> >> >>>>> >> >> >>>>> >> > >>>>> >> > >>>>> >> > _______________________________________________ >>>>> >> > List mailing list >>>>> >> > [email protected] >>>>> >> > https://lists.pfsense.org/mailman/listinfo/list >>>>> >> _______________________________________________ >>>>> >> List mailing list >>>>> >> [email protected] >>>>> >> https://lists.pfsense.org/mailman/listinfo/list >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > -- >>>>> > Ivo R. Tonev >>>>> > +55 61 8409-2642 >>>>> > [email protected] >>>>> > >>>>> > _______________________________________________ >>>>> > List mailing list >>>>> > [email protected] >>>>> > https://lists.pfsense.org/mailman/listinfo/list >>>>> _______________________________________________ >>>>> List mailing list >>>>> [email protected] >>>>> https://lists.pfsense.org/mailman/listinfo/list >>>>> >>>> >>>> >>>> >>>> -- >>>> Ivo R. Tonev >>>> +55 61 8409-2642 >>>> [email protected] >>>> >>>> _______________________________________________ >>>> List mailing list >>>> [email protected] >>>> https://lists.pfsense.org/mailman/listinfo/list >>>> >>> >>> >>> _______________________________________________ >>> List mailing list >>> [email protected] >>> https://lists.pfsense.org/mailman/listinfo/list >>> >> >> >> >> -- >> Ivo R. Tonev >> +55 61 8409-2642 >> [email protected] >> >> _______________________________________________ >> List mailing list >> [email protected] >> https://lists.pfsense.org/mailman/listinfo/list >> > > > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list > -- Ivo R. Tonev +55 61 8409-2642 [email protected]
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
