Ivo, thank you very much !!!!! Regards,
JeLo On Tue, Sep 30, 2014 at 3:53 PM, Ivo Tonev <[email protected]> wrote: > bridge interface not need IP. > it runs in promisc mode and only forward packages from one side to another. > > > On Tue, Sep 30, 2014 at 3:26 PM, Jeronimo L. Cabral <[email protected]> > wrote: > >> But the bridging interface must have a public IP or do I have to set it >> up as IP-Less ??? >> >> >> >> On Tue, Sep 30, 2014 at 3:17 PM, Ivo Tonev <[email protected]> wrote: >> >>> bridge is necessary, without it there is no forward between interfaces. >>> >>> >>> On Tue, Sep 30, 2014 at 3:11 PM, Jeronimo L. Cabral < >>> [email protected]> wrote: >>> >>>> OK Ivo, that's a great data.....I really appreciate this... >>>> >>>> But please tell me this at last: >>>> >>>> So WAN and LAN interfaces have no IP assigned ??? >>>> Do I have to create a bridging interface with WAN and LAN interfaces, >>>> and in this case is it possible to have an IP-Less bridging interface ??? >>>> Or the bridge it's not necessary and it's enough with WAN and LAN IP-Less >>>> in promiscuous mode ??? >>>> >>>> Thanks a lot again !!! >>>> >>>> >>>> On Tue, Sep 30, 2014 at 3:04 PM, Ivo Tonev <[email protected]> wrote: >>>> >>>>> you need to use the management network to download. >>>>> >>>>> >>>>> On Tue, Sep 30, 2014 at 3:01 PM, Jeronimo L. Cabral < >>>>> [email protected]> wrote: >>>>> >>>>>> Dear, I can't understand at all....please be patient with me :( >>>>>> >>>>>> I'll use pFsense with Snort as a IPS because I see is easier than the >>>>>> manually configuration of Snort. >>>>>> >>>>>> I have an ISP router with 200.1.1.1, a corporate firewall with >>>>>> 200.1.1.2 and the condition is that I MUST LET THIS CONFIGURATION AS IT >>>>>> IS >>>>>> NOW. >>>>>> >>>>>> So, I have to locate the pFsense server between the router and the >>>>>> firewall, in "inline" mode. >>>>>> >>>>>> My pFsense server has 3 network interfaces, let's say: WAN connected >>>>>> to router, LAN connected to corporate firewall and OPT1 for management >>>>>> with >>>>>> IP 192.168.1.1. >>>>>> >>>>>> Now I have the question: >>>>>> >>>>>> How should I have to configure the WAN and LAN interfaces, with IP, >>>>>> IP-less, creating a bridging interface IP-less or with IP ???? Because >>>>>> if I >>>>>> create a bridge with WAN and LAN and I don't assign an IP, the IPS won't >>>>>> download the signs from Internet...I'm a bit confused. >>>>>> >>>>>> Thanks a lot, regards. >>>>>> >>>>>> JeLo >>>>>> >>>>>> >>>>>> >>>>>> On Tue, Sep 30, 2014 at 10:55 AM, Ivo Tonev <[email protected]> wrote: >>>>>> >>>>>>> Yes. Always use out of band management. >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Tue, Sep 30, 2014 at 10:35 AM, Roberto Carna < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Ivo, that's a good idea....but please tell me if I'm correct or not: >>>>>>>> >>>>>>>> WAN, LAN, Bridge interfaces: IP-Less >>>>>>>> OPT1: IP for management in a management network >>>>>>>> >>>>>>>> Tnaks again, >>>>>>>> >>>>>>>> 2014-09-30 9:27 GMT-03:00 Ivo Tonev <[email protected]>: >>>>>>>> > I recommend you create a management network for OPT1 with private >>>>>>>> IP. >>>>>>>> > >>>>>>>> > >>>>>>>> > On Tue, Sep 30, 2014 at 12:13 AM, Roberto Carna < >>>>>>>> [email protected]> >>>>>>>> > wrote: >>>>>>>> >> >>>>>>>> >> I think this is good for us: >>>>>>>> >> >>>>>>>> >> >>>>>>>> >> - Router ISP with IP 200.0.0.1 >>>>>>>> >> >>>>>>>> >> - pFsense with the following interfaces: >>>>>>>> >> >>>>>>>> >> a) WAN IP-Less >>>>>>>> >> b) LAN IP-Less >>>>>>>> >> c) OPT1 with IP 200.0.0.2 (management) >>>>>>>> >> d) Bridge with WAN and LAN interfaces, and Bridge interface >>>>>>>> IP-Less >>>>>>>> >> >>>>>>>> >> - Corporate firewall with IP 200.0.0.3 >>>>>>>> >> >>>>>>>> >> - Snort runs in Bridge interface >>>>>>>> >> >>>>>>>> >> Do you think this is correct ??? >>>>>>>> >> >>>>>>>> >> Good night !!! >>>>>>>> >> >>>>>>>> >> Roberto >>>>>>>> >> >>>>>>>> >> >>>>>>>> >> 2014-09-29 22:09 GMT-03:00 Jeronimo L. Cabral < >>>>>>>> [email protected]>: >>>>>>>> >> > I can say that I imagine this addresses space: >>>>>>>> >> > >>>>>>>> >> > Router / IP 200.1.1.1 --- WAN IP-Less / pFsense/ LAN IP-Less >>>>>>>> --- >>>>>>>> >> > Firewall / >>>>>>>> >> > IP 200.1.1.2 >>>>>>>> >> > >>>>>>>> OPT1 / IP >>>>>>>> >> > 200.1.1.3 >>>>>>>> >> > >>>>>>>> (management) >>>>>>>> >> > >>>>>>>> >> > So, the WAN and LAN interfaces from pFsense are IP-LESS >>>>>>>> (promiscuos >>>>>>>> >> > mode), >>>>>>>> >> > and the OPT1 interface from pFsense has a public IP as router >>>>>>>> and >>>>>>>> >> > firewall. >>>>>>>> >> > >>>>>>>> >> > Can I do this in pfsense ??? >>>>>>>> >> > >>>>>>>> >> > >>>>>>>> >> > On Mon, Sep 29, 2014 at 9:49 PM, Jeronimo L. Cabral >>>>>>>> >> > <[email protected]> >>>>>>>> >> > wrote: >>>>>>>> >> >> >>>>>>>> >> >> OK Ivo, this is very helpful to me....Suppose I have: >>>>>>>> >> >> >>>>>>>> >> >> Router / IP 200.1.1.1 --- WAN/pFsense/LAN --- Firewall / IP >>>>>>>> 200.1.1.2 >>>>>>>> >> >> >>>>>>>> >> >> I have to maintan invariable the addressing of this scenario, >>>>>>>> so what >>>>>>>> >> >> IP >>>>>>>> >> >> addresses do I have to assign to WAN and LAN pFsense >>>>>>>> interfaces ??? >>>>>>>> >> >> >>>>>>>> >> >> Thanks a lot, >>>>>>>> >> >> >>>>>>>> >> >> JeLo >>>>>>>> >> >> >>>>>>>> >> >> On Mon, Sep 29, 2014 at 9:32 PM, Ivo Tonev <[email protected]> >>>>>>>> wrote: >>>>>>>> >> >>> >>>>>>>> >> >>> In production environment you need 3 interfaces - one for >>>>>>>> WAN, one for >>>>>>>> >> >>> LAN and one for management. >>>>>>>> >> >>> >>>>>>>> >> >>> >>>>>>>> >> >>> >>>>>>>> >> >>> >>>>>>>> http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/ips/ips_qsg.html >>>>>>>> >> >>> >>>>>>>> >> >>> >>>>>>>> >> >>> On Mon, Sep 29, 2014 at 9:24 PM, compdoc < >>>>>>>> [email protected]> wrote: >>>>>>>> >> >>>> >>>>>>>> >> >>>> > But you say: one interface for WAN, a second for >>>>>>>> >> >>>> >>>>>>>> >> >>>> >LAN...and which interface is for managing ??? >>>>>>>> >> >>>> >>>>>>>> >> >>>> >>>>>>>> >> >>>> >>>>>>>> >> >>>> >>>>>>>> >> >>>> >>>>>>>> >> >>>> You manage with a browser from LAN, and optional also from >>>>>>>> the WAN >>>>>>>> >> >>>> port. >>>>>>>> >> >>>> And with ssh from the LAN. >>>>>>>> >> >>>> >>>>>>>> >> >>>> >>>>>>>> >> >>>> >>>>>>>> >> >>>> >>>>>>>> >> >>>> _______________________________________________ >>>>>>>> >> >>>> List mailing list >>>>>>>> >> >>>> [email protected] >>>>>>>> >> >>>> https://lists.pfsense.org/mailman/listinfo/list >>>>>>>> >> >>> >>>>>>>> >> >>> >>>>>>>> >> >>> >>>>>>>> >> >>> >>>>>>>> >> >>> -- >>>>>>>> >> >>> Ivo R. Tonev >>>>>>>> >> >>> +55 61 8409-2642 >>>>>>>> >> >>> [email protected] >>>>>>>> >> >>> >>>>>>>> >> >>> _______________________________________________ >>>>>>>> >> >>> List mailing list >>>>>>>> >> >>> [email protected] >>>>>>>> >> >>> https://lists.pfsense.org/mailman/listinfo/list >>>>>>>> >> >> >>>>>>>> >> >> >>>>>>>> >> > >>>>>>>> >> > >>>>>>>> >> > _______________________________________________ >>>>>>>> >> > List mailing list >>>>>>>> >> > [email protected] >>>>>>>> >> > https://lists.pfsense.org/mailman/listinfo/list >>>>>>>> >> _______________________________________________ >>>>>>>> >> List mailing list >>>>>>>> >> [email protected] >>>>>>>> >> https://lists.pfsense.org/mailman/listinfo/list >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > -- >>>>>>>> > Ivo R. Tonev >>>>>>>> > +55 61 8409-2642 >>>>>>>> > [email protected] >>>>>>>> > >>>>>>>> > _______________________________________________ >>>>>>>> > List mailing list >>>>>>>> > [email protected] >>>>>>>> > https://lists.pfsense.org/mailman/listinfo/list >>>>>>>> _______________________________________________ >>>>>>>> List mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.pfsense.org/mailman/listinfo/list >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Ivo R. Tonev >>>>>>> +55 61 8409-2642 >>>>>>> [email protected] >>>>>>> >>>>>>> _______________________________________________ >>>>>>> List mailing list >>>>>>> [email protected] >>>>>>> https://lists.pfsense.org/mailman/listinfo/list >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> List mailing list >>>>>> [email protected] >>>>>> https://lists.pfsense.org/mailman/listinfo/list >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Ivo R. Tonev >>>>> +55 61 8409-2642 >>>>> [email protected] >>>>> >>>>> _______________________________________________ >>>>> List mailing list >>>>> [email protected] >>>>> https://lists.pfsense.org/mailman/listinfo/list >>>>> >>>> >>>> >>>> _______________________________________________ >>>> List mailing list >>>> [email protected] >>>> https://lists.pfsense.org/mailman/listinfo/list >>>> >>> >>> >>> >>> -- >>> Ivo R. Tonev >>> +55 61 8409-2642 >>> [email protected] >>> >>> _______________________________________________ >>> List mailing list >>> [email protected] >>> https://lists.pfsense.org/mailman/listinfo/list >>> >> >> >> _______________________________________________ >> List mailing list >> [email protected] >> https://lists.pfsense.org/mailman/listinfo/list >> > > > > -- > Ivo R. Tonev > +55 61 8409-2642 > [email protected] > > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
