Hello everyone,

I have installed pfSense successfully as a firewall / gateway, with snort.

I have some alerts working, for instance when I start a port scan from an internal server to an external IP address.

I also have OpenVPN working nicely, using a tunnel set up.

Now, I would like to know how to configure snort, to detect malicious traffic from machines connected through the VPN.

These machines would be not 100% under my control, so I would like to receive an alert as soon as there is suspicious traffic, in two cases:

- From a VPN client to an internal server
- From a VPN client to an external server

The VPN is configured to force the traffic to its gateway, and this is working nicely as well.

pfSense details:
2.3.4-RELEASE (amd64)
built on Wed May 03 15:13:29 CDT 2017
FreeBSD 10.3-RELEASE-p19

Thanks for your advices.
pfSense mailing list
Support the project with Gold! https://pfsense.org/gold

Reply via email to