Re: [pfSense] recommandation: snort IDS, web http traffic, pfsense

2014-09-28 Thread Ivo Tonev
can you send your network layout ? how many servers ? -- Ivo Tonev i...@tonev.pro.br > On Sep 28, 2014, at 05:58, Stefan Fuhrmann > wrote: > > Hello all, > > can someone help? > > tia > Stefan > > Am Freitag, 26. September 2014, 15:11:04 schrieb Stefan

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Ivo Tonev
Use suricata On Sep 29, 2014 2:27 PM, "Roberto Carna" wrote: > Dear, I need to know if it's possible to setup Pfsense with Snort to > get an IPS (Intrusion Prevention System), and in this case what is the > graphical interface used to view events and dropped traffic. > > Thanks a lot, > > Roberto

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Ivo Tonev
t; >> wrote: > >>> > >>> Dear Ivo and people, just three short questions: > >>> > >>> 1) Using Suricata, can I enable the IPS mode as I can using Snort ??? > >>> > >>> 2) In IPS mode, do I have to have 3 interfac

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Ivo Tonev
s I can using Snort ??? > > 2) In IPS mode, do I have to have 3 interfaces in my server ??? > > 3) The only way to view the IPS blocking events is from into Pfsense > or can I use Snorby ??? > > Thanks again, > > Roberto > > Thanks again, > > Roberto >

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Ivo Tonev
p://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/ > >> >> > >> >> > >> >> > >> >> --- > >> >> Anastasios Stefos > >> >> ´αίέν άριστεύειν > >> >> > >> >> On Mon, S

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Ivo Tonev
an even build a hogwash like setup if you like. > 29. sep. 2014 21:38 skrev "Roberto Carna" > følgende: > >> Ivo, I want to locate the IPS between the router and the corporative >> firewall, so I think to use bridge mode....is correct??? >> >> 2014-09-29

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Ivo Tonev
I don't like the bridge approach because if you have many vlans it become very complicated. I always use the router approach because I can configure the IDS for one interface and IPS for another. If you don't have enough IP addresses, you can use invalid IP on firewall WAN and create a route on y

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Ivo Tonev
In production environment you need 3 interfaces - one for WAN, one for LAN and one for management. http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/ips/ips_qsg .html On Mon, Sep 29, 2014 at 9:24 PM, compdoc wrote: > > But you say: one interface for WAN, a second for > > >LAN...and

Re: [pfSense] Snort as IPS in Pfsense

2014-09-30 Thread Ivo Tonev
;> > >> Router / IP 200.1.1.1 --- WAN/pFsense/LAN --- Firewall / IP 200.1.1.2 > >> > >> I have to maintan invariable the addressing of this scenario, so what IP > >> addresses do I have to assign to WAN and LAN pFsense interfaces ??? > >> > >&

Re: [pfSense] Snort as IPS in Pfsense

2014-09-30 Thread Ivo Tonev
s again, > > 2014-09-30 9:27 GMT-03:00 Ivo Tonev : > > I recommend you create a management network for OPT1 with private IP. > > > > > > On Tue, Sep 30, 2014 at 12:13 AM, Roberto Carna < > robertocarn...@gmail.com> > > wrote: > >&g

Re: [pfSense] Snort as IPS in Pfsense

2014-09-30 Thread Ivo Tonev
ess, creating a bridging interface IP-less or with IP Because if I > create a bridge with WAN and LAN and I don't assign an IP, the IPS won't > download the signs from Internet...I'm a bit confused. > > Thanks a lot, regards. > > JeLo > > > > On Tu

Re: [pfSense] Snort as IPS in Pfsense

2014-09-30 Thread Ivo Tonev
a lot again !!! > > > On Tue, Sep 30, 2014 at 3:04 PM, Ivo Tonev wrote: > >> you need to use the management network to download. >> >> >> On Tue, Sep 30, 2014 at 3:01 PM, Jeronimo L. Cabral > > wrote: >> >>> Dear, I can't understand at

Re: [pfSense] Snort as IPS in Pfsense

2014-09-30 Thread Ivo Tonev
Sep 30, 2014 at 3:17 PM, Ivo Tonev wrote: > >> bridge is necessary, without it there is no forward between interfaces. >> >> >> On Tue, Sep 30, 2014 at 3:11 PM, Jeronimo L. Cabral > > wrote: >> >>> OK Ivo, that's a great data.I really appreci

Re: [pfSense] recommandation: snort IDS, web http traffic, pfsense

2014-10-03 Thread Ivo Tonev
[image: Inline image 1] On Thu, Oct 2, 2014 at 7:01 AM, Stefan Fuhrmann wrote: > Hello Ivo, > > yes > > 2 pfsense nodes as cluster > 2 loadbalancer > 3 webserver > > need more info? > > tia > Stefan > ------ > > *Von: *"I

Re: [pfSense] blocking torrents and web based https proxies

2015-03-27 Thread Ivo Tonev
You can block torrents with suricata. Works 100%. Install the package and activate all p2p rules. For web proxies you can use squid+(squidguard with http://www.urlblacklist.com/ ) and force everyone to use your proxy. On Thu, Mar 26, 2015 at 11:44 PM, Sean wrote: > Torrent traffic: maybe with

Re: [pfSense] How to restrict certain websites for certain computers during certain times of the day?

2015-07-31 Thread Ivo Tonev
You can use squid+squidguard to create restrictions and time ranges. Need to create local users in pfsense box and use authentication Em 31/07/2015 12:36, "Tim Koop" escreveu: > I have installed pfsense and I would like to block certain websites during > certain times of the day for certain

Re: [pfSense] HAproxy question

2015-12-12 Thread Ivo Tonev
Run "netstat -anl | grep LISTEN | grep 443" ( for tcp ) to verify on whitch port/ip haproxy and openvpn are running. Openvpn don't listen on VIP. Em 12/12/2015 10:31, "C. R. Oldham" escreveu: > Actually I think I characterized this problem the wrong way. > > It appears that neither haproxy nor ng

Re: [pfSense] Snort or Suricata

2016-06-12 Thread Ivo Tonev
Snort and suricata uses the same rules/signatures. Enable only that you need, not all. On Jun 12, 2016 3:57 PM, "Daniel Eschner" wrote: > Hi there, > > i installed Snort and let it run with snort Community Rules and ET Rules. > I get ton als Fals positiv alters. > > Maybe is suricata better? Wha

Re: [pfSense] OSPF help

2016-07-23 Thread Ivo Tonev
You can setup OpenVPN site-to-site VPN across your sites and run OSPF only in vpn tunnel. On Sat, Jul 23, 2016 at 8:55 PM, Francois Roussy wrote: > I will add another thing I tried.. > > Also, I had tried to create a policy based, using multiple phase 2 with > all my subnet. It's working, but

Re: [pfSense] Errors when attempting upgrade to 2.3.2 from 2.3.1.5

2016-07-26 Thread Ivo Tonev
Yes. You can run from console pkg clean pkg update pkg upgrade reboot Em 26 de jul de 2016 12:03 PM, "mayak" escreveu: > Both on an embedded APU and HP-DL-160 ... > > Fetching pfSense-2.3.2.txz: . done >> pkg: >> https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/All/perl5-5.20.3_13.tx

Re: [pfSense] yesterday update to 2.3.2 has not worked - these machines now can not update any more

2016-07-27 Thread Ivo Tonev
>From the console: pkg clean pkg update pkg upgrade reboot Em 27 de jul de 2016 10:54, "WolfSec-Support" escreveu: > Hi Jim > > Many thanks for your hint. > Well it is still not working. > > See: > > >>> Updating repositories metadata... > Updating pfSense-core repository catalogue... > pfSense

Re: [pfSense] pf rule error

2016-08-09 Thread Ivo Tonev
Check your states table size. Em 9 de ago de 2016 22:47, "Joseph L. Casale" escreveu: > I recently received an error that the pf table was wedged and had been > reset > while making changes. A few days later, a vlan stopped passing dhcp traffic > and filter reload did not resolve it, I actually

Re: [pfSense] bind rules

2016-09-22 Thread Ivo Tonev
Action = PASS Interface = LAN Address Family = IPv4 + IPv6 Protocol = TCP/UDP Destination Port Range = DNS On Thu, Sep 22, 2016 at 7:43 PM, Pol Hallen wrote: > Hi all :-) > > I need to create some rules to allow BIND internal server network makes > recursive queries: I've iptables rules but I've

Re: [pfSense] BandwithD

2017-02-16 Thread Ivo Tonev
It was removed. You can use netflow with netflow colector in another server. Em 16 de fev de 2017 12:20, "Daniel" escreveu: > Hi there, > > is it possible that bandwithD is removed from the Packages? > I wanted to install it and i cant see it anymore. > > Is there any other way or any other way

Re: [pfSense] RRD alternatives

2017-02-17 Thread Ivo Tonev
zabbix ( via agent package or snmp ) nagios ( snmp ) http://nfsen.sourceforge.net/ ( softflowd ) On Fri, Feb 17, 2017 at 7:00 PM, Antonio Cortes Alhambra < antonio.cor...@incatel.cl> wrote: > http://www.cacti.net/ > > > Saludos Cordiales > > > > > > >

Re: [pfSense] massive CARP Failover

2017-06-07 Thread Ivo Tonev
Firewalls are virtual or physical servers? On Wed, Jun 7, 2017 at 9:12 AM, Daniel wrote: > Hi, > > Firewall on the Switch is the latest installed. > The Switch is just simple installed. No VLANS actually just IGMP disabled. > Carp has for sure 3 IPs. 2 Dedicated for each Server and one CARP (Vir

Re: [pfSense] massive CARP Failover

2017-06-07 Thread Ivo Tonev
Can tou send network diagram? Why 2 switches? How they are connected? There are any feature like Cisco's arp inspection? Em 7 de jun de 2017 10:45, "Daniel" escreveu: > Both are Physical. > > -- > Grüsse > > Daniel > > Am 07.06.17, 14:34 schrieb "

Re: [pfSense] High-latency when traffic reaches 80% wirespeed

2017-10-04 Thread Ivo Tonev
You can try rise some "System tunables" net.inet.tcp.recvspace 524288 net.inet.tcp.sendspace 524288 net.raw.recvspace 524288 net.inet.raw.recvspace 524288 net.raw.sendspace 524288 net.inet.raw.maxdgram 524288 net.link.ifqmaxlen 2048 net.inet.tcp.recvbuf_inc 65536 net.inet.udp.recvspace 524288 net

Re: [pfSense] High-latency when traffic reaches 80% wirespeed

2017-10-05 Thread Ivo Tonev
run "top -SH" to find the top cpu consuming tasks On Thu, Oct 5, 2017 at 8:44 AM, Christoph Haas wrote: > Am Mittwoch, den 04.10.2017, 15:05 -0400 schrieb ED Fochler: > > I have a similar situation and I solved it with limiters. I'm also a > fan of limiters to ensure fair sharing of uplink ban

Re: [pfSense] problems with lagg interfaces?

2017-10-17 Thread Ivo Tonev
Even if your vlan dont bright up you can capture traffic on physical interfaces with tcpdump. See what you can capture before any other move. Do a bottom-up troubleshoot. Em 17 de out de 2017 12:34, "Eero Volotinen" escreveu: > So, you mean that it is not working? > > Eero > > 2017-10-17 17:3

Re: [pfSense] Strange packetloss

2017-10-20 Thread Ivo Tonev
On each interface you have "Block bogon networks". Is that option active ? On Fri, Oct 20, 2017 at 2:00 PM, Daniel wrote: > Hi Everyone, > > > > actually i have an any/any rule applied on all my interfaces. This I did > actually only for debugging issues. > > But I can see that packets still ge

Re: [pfSense] IPv6 nat

2017-11-16 Thread Ivo Tonev
You can use NPT Em 16 de nov de 2017 5:19 PM, "Daniel" escreveu: > Hi there, > > > > i added a privat ipv6 LAN on my pfsense which has to do NAT like on IPv4. > > > > But it seems that NAT with ipv6 is not possible. Is there anyway or is it > not possible to NAT IPv6 Connections? > > > > root@we

Re: [pfSense] quagga/bgp

2017-11-17 Thread Ivo Tonev
I'm using. There is no problems. Em 17 de nov de 2017 11:30, "Daniel" escreveu: > Here this, > > > > is anyone using quagga with bgpd as a self installed package on pfsense? > > I don’t want to use openBGPd and I also don’t want to use FRR because I am > completely new in FRR. > > My idea is to

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Ivo Tonev
Try increasing network buffers via "system tunables". Em 15 de fev de 2018 12:14, "Michael Munger" escreveu: > TL; DR. > > On 1Gbps downloads, our pfSense firewalls are performing poorly with > speed tests of ~400Mbps. It's either pfSense configs (not likely) or the > hardware (more likely). I d