Re: [pfSense] recommandation: snort IDS, web http traffic, pfsense

Thu, 02 Oct 2014 03:03:13 -0700 

Hello Ivo, 

yes 

2 pfsense nodes as cluster 
2 loadbalancer 
3 webserver 

need more info? 

tia 
Stefan 

> Von: "Ivo Tonev" <[email protected]>
> An: "pfSense Support and Discussion Mailing List" <[email protected]>
> Gesendet: Montag, 29. September 2014 02:52:26
> Betreff: Re: [pfSense] recommandation: snort IDS, web http traffic, pfsense

> can you send your network layout ?
> how many servers ?

> ------
> Ivo Tonev
> [email protected]

> > On Sep 28, 2014, at 05:58, Stefan Fuhrmann <[email protected]> 
> > wrote:

> > Hello all,

> > can someone help?

> > tia
> > Stefan

> > Am Freitag, 26. September 2014, 15:11:04 schrieb Stefan Fuhrmann:
> >> Hello all,

> >> I need a recommandation for following setup:

> >> pfsense-cluster

> >> loadbalancers

> >> webservers

> >> There are some thousend visits per day and I want to secure with pfsense 
> >> and
> >> snort. Snort runs on lan-site.
> >> I want to be aware which are the false positives and how to handle this
> >> traffic with snort and the snort- gui within pfsense?
> >> Is it now a good idea to enable step by step the categories and doing
> >> whitelisting of rules , where Im the meaning this traffic should go and
> >> block the rest?
> >> Im unsure if there is alot of traffic getting blocked which should pass....
> >> This should dont be happen...

> >> In that firm there is the meaning that we should do blacklisting. Blocking
> >> only categories where we are secure this is not good traffic.
> >> In the moment there are several thousend alerts per day!

> >> I would say blocking the alerts and then I do whitelisting via gui.
> >> Problem: at first there is an error state....

> >> Someone can give recommandations how to implement?
> >> Is it a good idea to configure the files directly on pfsense?

> >> tia
> >> Stefan
> >> _______________________________________________
> >> List mailing list
> >> [email protected]
> >> https://lists.pfsense.org/mailman/listinfo/list

> > _______________________________________________
> > List mailing list
> > [email protected]
> > https://lists.pfsense.org/mailman/listinfo/list
> _______________________________________________
> List mailing list
> [email protected]
> https://lists.pfsense.org/mailman/listinfo/list

_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list

Reply via email to