Ivo, that's a good ideabut please tell me if I'm correct or not:
WAN, LAN, Bridge interfaces: IP-Less
OPT1: IP for management in a management network
Tnaks again,
2014-09-30 9:27 GMT-03:00 Ivo Tonev i...@tonev.pro.br:
I recommend you create a management network for OPT1 with private IP.
you need to use the management network to download.
On Tue, Sep 30, 2014 at 3:01 PM, Jeronimo L. Cabral jelocab...@gmail.com
wrote:
Dear, I can't understand at allplease be patient with me :(
I'll use pFsense with Snort as a IPS because I see is easier than the
manually configuration
Of course you canIt's an add-on.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Roberto Carna
Sent: Monday, September 29, 2014 10:28 AM
To: list@lists.pfsense.org
Subject: [pfSense] Snort as IPS in Pfsense
Dear, I need to know if it's possible
Use suricata
On Sep 29, 2014 2:27 PM, Roberto Carna robertocarn...@gmail.com wrote:
Dear, I need to know if it's possible to setup Pfsense with Snort to
get an IPS (Intrusion Prevention System), and in this case what is the
graphical interface used to view events and dropped traffic.
Thanks
Why Suricata in place of Snort?
Please can you tell me shortly the advantages of Suricata over Snort
Really thanks
Roberto
2014-09-29 14:37 GMT-03:00 Ivo Tonev i...@tonev.pro.br:
Use suricata
On Sep 29, 2014 2:27 PM, Roberto Carna robertocarn...@gmail.com wrote:
Dear, I need to know
Dear Ivo and people, just three short questions:
1) Using Suricata, can I enable the IPS mode as I can using Snort ???
2) In IPS mode, do I have to have 3 interfaces in my server ???
3) The only way to view the IPS blocking events is from into Pfsense
or can I use Snorby ???
Thanks again,
You might want to use google insted og relying on others. Maybe try to do
your own homework?
Roberto
Here is a good place to start regarding Suricata or Snort.
http://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/
---
Anastasios Stefos
*´αίέν άριστεύειν*
On Mon, Sep 29, 2014 at 2:34 PM, Roberto Carna robertocarn...@gmail.com
wrote:
Dear Ivo and
OK, thanks, the last please:
Do you recommend to install an IPS in a Virtual Machine like Vmware
??? Because we have VMweare for all our servers.
Regards,
2014-09-29 15:39 GMT-03:00 Anastasios Stefos anastasios.ste...@gmail.com:
Roberto
Here is a good place to start regarding Suricata or
If you have access to VMWare workstation installed or ESXi, it is
worthwhile to install and experiment in an isolated environment prior to
going live with either. If not, a couple of PC''s.
---
Anastasios Stefos
*´αίέν άριστεύειν*
On Mon, Sep 29, 2014 at 3:07 PM, Roberto Carna
Depends on what you want. A splitt design is normaly better and safer then
a all in one box. If you want suricata +snorby and barnyard its not
recommended to run it all on pfsense. There are many deps. that will cause
a security nightmare and you will probably run out of hw resources as well.
OK,
I agree completely with Espen. All your eggs in one basket is a terribly
bad idea and a troubleshooting nightmare.
Security Onion in back of pfsense is one idea. You can run Snorby, Snort
and additional tools and not overtax pfsense.
---
Anastasios Stefos
*´αίέν άριστεύειν*
On Mon, Sep 29,
Ok, and do you recommend to setup the Pfsense WAN and LAN interfaces
in bridge mode with firewall rules enabled ???
Really thanks,
Roberto
2014-09-29 16:15 GMT-03:00 Espen Johansen pfse...@gmail.com:
Depends on what you want. A splitt design is normaly better and safer then a
all in one
Why bridge? Do you want to hide evrything? Its not that hard to fingerprint
a pfS bridge. If you have practical reasons, sure go ahead.
29. sep. 2014 21:28 skrev Roberto Carna robertocarn...@gmail.com
følgende:
Ok, and do you recommend to setup the Pfsense WAN and LAN interfaces
in bridge mode
Mainly bridge to hide the IPS server from Internet, and also if I
don't use the bridge mode I have to put a public IP in the WAN
interface connected to the router and I have not much more available
public IP's.
2014-09-29 16:31 GMT-03:00 Espen Johansen pfse...@gmail.com:
Why bridge? Do you want
You can use as many interfacez you want.
You can use the web gui or tail -f the file on
/var/log/suricata/(interface)/*
:)
On Sep 29, 2014 3:34 PM, Roberto Carna robertocarn...@gmail.com wrote:
Dear Ivo and people, just three short questions:
1) Using Suricata, can I enable the IPS mode as I
Ivo, I want to locate the IPS between the router and the corporative
firewall, so I think to use bridge modeis correct???
2014-09-29 16:34 GMT-03:00 Ivo Tonev i...@tonev.pro.br:
I recomend to use in router mode.
On Sep 29, 2014 4:29 PM, Roberto Carna robertocarn...@gmail.com wrote:
Ok,
You can use invalid IP on wan interface. This way is no way to avoid the
firewall.
On Sep 29, 2014 4:37 PM, Roberto Carna robertocarn...@gmail.com wrote:
Mainly bridge to hide the IPS server from Internet, and also if I
don't use the bridge mode I have to put a public IP in the WAN
interface
If all you want is a IPS then i dont undertand what you need pfS for?
There are tons of setup guides for a linux flavour of choice to get this
setup done. You can even build a hogwash like setup if you like.
29. sep. 2014 21:38 skrev Roberto Carna robertocarn...@gmail.com
følgende:
Ivo, I want
On pfsense is clickgo. No need to install everything. :)
On Sep 29, 2014 4:46 PM, Espen Johansen pfse...@gmail.com wrote:
If all you want is a IPS then i dont undertand what you need pfS for?
There are tons of setup guides for a linux flavour of choice to get this
setup done. You can even
Ok, thanks
2014-09-29 16:58 GMT-03:00 Ivo Tonev i...@tonev.pro.br:
On pfsense is clickgo. No need to install everything. :)
On Sep 29, 2014 4:46 PM, Espen Johansen pfse...@gmail.com wrote:
If all you want is a IPS then i dont undertand what you need pfS for?
There are tons of setup guides
Dear, this topic is very interesting to me...I have the same scenario:
Internet Router --- PFsense Corporate Firewall
1) Is it possible to have just 2 interfaces in Pfsense in order to setup an
IPS ???
2) Isn't it the best way to setup a bridged firewall ad Roberto said ???
Because I need
Here is a good place to start regarding Suricata or Snort.
http://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/
Is the free to use version of Snort going away? I scanned the page mentioned
above but it seems unclear.
Suricata sounds like an excellent
Dear, do I have to have 3 network interfaces or 2 interfaces are enough to
implement the IPS??? Because I think I'll have 1 promiscuos WAN, 1
promiscuos LAN and 1 management.
The Pfsense firewall has to be setup as BRIDGE if want to put it between
the router and the corporate firewall ???
I don't like the bridge approach because if you have many vlans it become
very complicated.
I always use the router approach because I can configure the IDS for one
interface and IPS for another.
If you don't have enough IP addresses, you can use invalid IP on firewall
WAN and create a route on
Kickstarter had/has a campaign by iguardian to create a snort appliance. It
looks like something you are trying to do. Instead of pf, it is based on
openwrt. Check it out.
Yudhvir
On Sep 29, 2014, at 4:22 PM, Ivo Tonev i...@tonev.pro.br wrote:
I don't like the bridge approach because if
The Pfsense firewall has to be setup as BRIDGE if want to put it between the
router and the corporate firewall ???
Connect like this?
www - isp router - pfSense - corporate firewall - lan
Don’t think you have to use bridge mode. Can Snort work in bridge mode?
But you say: one interface for WAN, a second for
LAN...and which interface is for managing ???
You manage with a browser from LAN, and optional also from the WAN port. And
with ssh from the LAN.
___
List mailing list
List@lists.pfsense.org
do I have to have 3 network interfaces or 2 interfaces are enough to
implement the IPS?
With Snort, just need one for wan, one for lan. That’s all. I use a 3rd for
wifi at home.
The office is a virtual machine with two wan ports, one lan, one wifi, and one
connection for the host.
In production environment you need 3 interfaces - one for WAN, one for LAN
and one for management.
http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/ips/ips_qsg
.html
On Mon, Sep 29, 2014 at 9:24 PM, compdoc comp...@hotrodpc.com wrote:
But you say: one interface for WAN, a second
Correct, as you said:
www - ISP router - pfSense - corporate firewall - Lan
I have one public IP in the router interface, another public IP en the
corparate firewall interface, and I can't change these parameters at all, I
need to put the IPS in the middleso I think I have to use the bridge
OK Ivo, this is very helpful to meSuppose I have:
Router / IP 200.1.1.1 --- WAN/pFsense/LAN --- Firewall / IP 200.1.1.2
I have to maintan invariable the addressing of this scenario, so what IP
addresses do I have to assign to WAN and LAN pFsense interfaces ???
Thanks a lot,
JeLo
On Mon,
I can say that I imagine this addresses space:
Router / IP 200.1.1.1 --- WAN IP-Less / pFsense/ LAN IP-Less --- Firewall /
IP 200.1.1.2
OPT1 / IP
200.1.1.3
(management)
So, the
I think this is good for us:
- Router ISP with IP 200.0.0.1
- pFsense with the following interfaces:
a) WAN IP-Less
b) LAN IP-Less
c) OPT1 with IP 200.0.0.2 (management)
d) Bridge with WAN and LAN interfaces, and Bridge interface IP-Less
- Corporate firewall with IP 200.0.0.3
- Snort
I see no keyword match for Bro IDS nor Cymru from the previous 34
messages.
https://github.com/sethhall/bro-scripts/wiki/The-Malware-Hash-Registry-and-Bro-IDS
https://www.bro.org/
2c
--
Blake Cornell
CTO, Integris Security LLC
501 Franklin Ave, Suite 200
Garden City, NY 11530 USA
35 matches
Mail list logo