But the bridging interface must have a public IP or do I have to set it up as IP-Less ???
On Tue, Sep 30, 2014 at 3:17 PM, Ivo Tonev <[email protected]> wrote: > bridge is necessary, without it there is no forward between interfaces. > > > On Tue, Sep 30, 2014 at 3:11 PM, Jeronimo L. Cabral <[email protected]> > wrote: > >> OK Ivo, that's a great data.....I really appreciate this... >> >> But please tell me this at last: >> >> So WAN and LAN interfaces have no IP assigned ??? >> Do I have to create a bridging interface with WAN and LAN interfaces, and >> in this case is it possible to have an IP-Less bridging interface ??? Or >> the bridge it's not necessary and it's enough with WAN and LAN IP-Less in >> promiscuous mode ??? >> >> Thanks a lot again !!! >> >> >> On Tue, Sep 30, 2014 at 3:04 PM, Ivo Tonev <[email protected]> wrote: >> >>> you need to use the management network to download. >>> >>> >>> On Tue, Sep 30, 2014 at 3:01 PM, Jeronimo L. Cabral < >>> [email protected]> wrote: >>> >>>> Dear, I can't understand at all....please be patient with me :( >>>> >>>> I'll use pFsense with Snort as a IPS because I see is easier than the >>>> manually configuration of Snort. >>>> >>>> I have an ISP router with 200.1.1.1, a corporate firewall with >>>> 200.1.1.2 and the condition is that I MUST LET THIS CONFIGURATION AS IT IS >>>> NOW. >>>> >>>> So, I have to locate the pFsense server between the router and the >>>> firewall, in "inline" mode. >>>> >>>> My pFsense server has 3 network interfaces, let's say: WAN connected to >>>> router, LAN connected to corporate firewall and OPT1 for management with IP >>>> 192.168.1.1. >>>> >>>> Now I have the question: >>>> >>>> How should I have to configure the WAN and LAN interfaces, with IP, >>>> IP-less, creating a bridging interface IP-less or with IP ???? Because if I >>>> create a bridge with WAN and LAN and I don't assign an IP, the IPS won't >>>> download the signs from Internet...I'm a bit confused. >>>> >>>> Thanks a lot, regards. >>>> >>>> JeLo >>>> >>>> >>>> >>>> On Tue, Sep 30, 2014 at 10:55 AM, Ivo Tonev <[email protected]> wrote: >>>> >>>>> Yes. Always use out of band management. >>>>> >>>>> >>>>> >>>>> On Tue, Sep 30, 2014 at 10:35 AM, Roberto Carna < >>>>> [email protected]> wrote: >>>>> >>>>>> Ivo, that's a good idea....but please tell me if I'm correct or not: >>>>>> >>>>>> WAN, LAN, Bridge interfaces: IP-Less >>>>>> OPT1: IP for management in a management network >>>>>> >>>>>> Tnaks again, >>>>>> >>>>>> 2014-09-30 9:27 GMT-03:00 Ivo Tonev <[email protected]>: >>>>>> > I recommend you create a management network for OPT1 with private >>>>>> IP. >>>>>> > >>>>>> > >>>>>> > On Tue, Sep 30, 2014 at 12:13 AM, Roberto Carna < >>>>>> [email protected]> >>>>>> > wrote: >>>>>> >> >>>>>> >> I think this is good for us: >>>>>> >> >>>>>> >> >>>>>> >> - Router ISP with IP 200.0.0.1 >>>>>> >> >>>>>> >> - pFsense with the following interfaces: >>>>>> >> >>>>>> >> a) WAN IP-Less >>>>>> >> b) LAN IP-Less >>>>>> >> c) OPT1 with IP 200.0.0.2 (management) >>>>>> >> d) Bridge with WAN and LAN interfaces, and Bridge interface >>>>>> IP-Less >>>>>> >> >>>>>> >> - Corporate firewall with IP 200.0.0.3 >>>>>> >> >>>>>> >> - Snort runs in Bridge interface >>>>>> >> >>>>>> >> Do you think this is correct ??? >>>>>> >> >>>>>> >> Good night !!! >>>>>> >> >>>>>> >> Roberto >>>>>> >> >>>>>> >> >>>>>> >> 2014-09-29 22:09 GMT-03:00 Jeronimo L. Cabral < >>>>>> [email protected]>: >>>>>> >> > I can say that I imagine this addresses space: >>>>>> >> > >>>>>> >> > Router / IP 200.1.1.1 --- WAN IP-Less / pFsense/ LAN IP-Less --- >>>>>> >> > Firewall / >>>>>> >> > IP 200.1.1.2 >>>>>> >> > OPT1 >>>>>> / IP >>>>>> >> > 200.1.1.3 >>>>>> >> > >>>>>> (management) >>>>>> >> > >>>>>> >> > So, the WAN and LAN interfaces from pFsense are IP-LESS >>>>>> (promiscuos >>>>>> >> > mode), >>>>>> >> > and the OPT1 interface from pFsense has a public IP as router and >>>>>> >> > firewall. >>>>>> >> > >>>>>> >> > Can I do this in pfsense ??? >>>>>> >> > >>>>>> >> > >>>>>> >> > On Mon, Sep 29, 2014 at 9:49 PM, Jeronimo L. Cabral >>>>>> >> > <[email protected]> >>>>>> >> > wrote: >>>>>> >> >> >>>>>> >> >> OK Ivo, this is very helpful to me....Suppose I have: >>>>>> >> >> >>>>>> >> >> Router / IP 200.1.1.1 --- WAN/pFsense/LAN --- Firewall / IP >>>>>> 200.1.1.2 >>>>>> >> >> >>>>>> >> >> I have to maintan invariable the addressing of this scenario, >>>>>> so what >>>>>> >> >> IP >>>>>> >> >> addresses do I have to assign to WAN and LAN pFsense interfaces >>>>>> ??? >>>>>> >> >> >>>>>> >> >> Thanks a lot, >>>>>> >> >> >>>>>> >> >> JeLo >>>>>> >> >> >>>>>> >> >> On Mon, Sep 29, 2014 at 9:32 PM, Ivo Tonev <[email protected]> >>>>>> wrote: >>>>>> >> >>> >>>>>> >> >>> In production environment you need 3 interfaces - one for WAN, >>>>>> one for >>>>>> >> >>> LAN and one for management. >>>>>> >> >>> >>>>>> >> >>> >>>>>> >> >>> >>>>>> >> >>> >>>>>> http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/ips/ips_qsg.html >>>>>> >> >>> >>>>>> >> >>> >>>>>> >> >>> On Mon, Sep 29, 2014 at 9:24 PM, compdoc <[email protected]> >>>>>> wrote: >>>>>> >> >>>> >>>>>> >> >>>> > But you say: one interface for WAN, a second for >>>>>> >> >>>> >>>>>> >> >>>> >LAN...and which interface is for managing ??? >>>>>> >> >>>> >>>>>> >> >>>> >>>>>> >> >>>> >>>>>> >> >>>> >>>>>> >> >>>> >>>>>> >> >>>> You manage with a browser from LAN, and optional also from >>>>>> the WAN >>>>>> >> >>>> port. >>>>>> >> >>>> And with ssh from the LAN. >>>>>> >> >>>> >>>>>> >> >>>> >>>>>> >> >>>> >>>>>> >> >>>> >>>>>> >> >>>> _______________________________________________ >>>>>> >> >>>> List mailing list >>>>>> >> >>>> [email protected] >>>>>> >> >>>> https://lists.pfsense.org/mailman/listinfo/list >>>>>> >> >>> >>>>>> >> >>> >>>>>> >> >>> >>>>>> >> >>> >>>>>> >> >>> -- >>>>>> >> >>> Ivo R. Tonev >>>>>> >> >>> +55 61 8409-2642 >>>>>> >> >>> [email protected] >>>>>> >> >>> >>>>>> >> >>> _______________________________________________ >>>>>> >> >>> List mailing list >>>>>> >> >>> [email protected] >>>>>> >> >>> https://lists.pfsense.org/mailman/listinfo/list >>>>>> >> >> >>>>>> >> >> >>>>>> >> > >>>>>> >> > >>>>>> >> > _______________________________________________ >>>>>> >> > List mailing list >>>>>> >> > [email protected] >>>>>> >> > https://lists.pfsense.org/mailman/listinfo/list >>>>>> >> _______________________________________________ >>>>>> >> List mailing list >>>>>> >> [email protected] >>>>>> >> https://lists.pfsense.org/mailman/listinfo/list >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > -- >>>>>> > Ivo R. Tonev >>>>>> > +55 61 8409-2642 >>>>>> > [email protected] >>>>>> > >>>>>> > _______________________________________________ >>>>>> > List mailing list >>>>>> > [email protected] >>>>>> > https://lists.pfsense.org/mailman/listinfo/list >>>>>> _______________________________________________ >>>>>> List mailing list >>>>>> [email protected] >>>>>> https://lists.pfsense.org/mailman/listinfo/list >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Ivo R. Tonev >>>>> +55 61 8409-2642 >>>>> [email protected] >>>>> >>>>> _______________________________________________ >>>>> List mailing list >>>>> [email protected] >>>>> https://lists.pfsense.org/mailman/listinfo/list >>>>> >>>> >>>> >>>> _______________________________________________ >>>> List mailing list >>>> [email protected] >>>> https://lists.pfsense.org/mailman/listinfo/list >>>> >>> >>> >>> >>> -- >>> Ivo R. Tonev >>> +55 61 8409-2642 >>> [email protected] >>> >>> _______________________________________________ >>> List mailing list >>> [email protected] >>> https://lists.pfsense.org/mailman/listinfo/list >>> >> >> >> _______________________________________________ >> List mailing list >> [email protected] >> https://lists.pfsense.org/mailman/listinfo/list >> > > > > -- > Ivo R. Tonev > +55 61 8409-2642 > [email protected] > > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
