Hello everyone,
I have installed pfSense successfully as a firewall / gateway, with snort.
I have some alerts working, for instance when I start a port scan from
an internal server to an external IP address.
I also have OpenVPN working nicely, using a tunnel set up.
Now, I would like to know how to configure snort, to detect malicious
traffic from machines connected through the VPN.
These machines would be not 100% under my control, so I would like to
receive an alert as soon as there is suspicious traffic, in two cases:
- From a VPN client to an internal server
- From a VPN client to an external server
The VPN is configured to force the traffic to its gateway, and this is
working nicely as well.
--------------------------------------
pfSense details:
2.3.4-RELEASE (amd64)
built on Wed May 03 15:13:29 CDT 2017
FreeBSD 10.3-RELEASE-p19
--------------------------------------
Thanks for your advices.
André
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold