I agree completely with Espen. All your eggs in one basket is a terribly
bad idea and a troubleshooting nightmare.

Security Onion in back of pfsense is one idea. You can run Snorby, Snort
and additional tools and not overtax pfsense.



---
Anastasios Stefos
*´αίέν άριστεύειν*

On Mon, Sep 29, 2014 at 3:15 PM, Espen Johansen <pfse...@gmail.com> wrote:

> Depends on what you want. A splitt design is normaly better and safer then
> a all in one box. If you want suricata +snorby and barnyard its not
> recommended to run it all on pfsense. There are many deps. that will cause
> a security nightmare and you will probably run out of hw resources as well.
> OK, thanks, the last please:
>
> Do you recommend to install an IPS in a Virtual Machine like Vmware
> ??? Because we have VMweare for all our servers.
>
> Regards,
>
> 2014-09-29 15:39 GMT-03:00 Anastasios Stefos <anastasios.ste...@gmail.com
> >:
> > Roberto
> >
> > Here is a good place to start regarding Suricata or Snort.
> >
> >
> http://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/
> >
> >
> >
> > ---
> > Anastasios Stefos
> > ´αίέν άριστεύειν
> >
> > On Mon, Sep 29, 2014 at 2:34 PM, Roberto Carna <robertocarn...@gmail.com
> >
> > wrote:
> >>
> >> Dear Ivo and people, just three short questions:
> >>
> >> 1) Using Suricata, can I enable the IPS mode as I can using Snort ???
> >>
> >> 2) In IPS mode, do I have to have 3 interfaces in my server ???
> >>
> >> 3) The only way to view the IPS blocking events is from into Pfsense
> >> or can I use Snorby ???
> >>
> >> Thanks again,
> >>
> >> Roberto
> >>
> >> Thanks again,
> >>
> >> Roberto
> >>
> >>
> >>
> >> 2014-09-29 14:37 GMT-03:00 Ivo Tonev <i...@tonev.pro.br>:
> >> > Use suricata
> >> >
> >> > On Sep 29, 2014 2:27 PM, "Roberto Carna" <robertocarn...@gmail.com>
> >> > wrote:
> >> >>
> >> >> Dear, I need to know if it's possible to setup Pfsense with Snort to
> >> >> get an IPS (Intrusion Prevention System), and in this case what is
> the
> >> >> graphical interface used to view events and dropped traffic.
> >> >>
> >> >> Thanks a lot,
> >> >>
> >> >> Roberto
> >> >> _______________________________________________
> >> >> List mailing list
> >> >> List@lists.pfsense.org
> >> >> https://lists.pfsense.org/mailman/listinfo/list
> >> >
> >> >
> >> > _______________________________________________
> >> > List mailing list
> >> > List@lists.pfsense.org
> >> > https://lists.pfsense.org/mailman/listinfo/list
> >> _______________________________________________
> >> List mailing list
> >> List@lists.pfsense.org
> >> https://lists.pfsense.org/mailman/listinfo/list
> >
> >
> >
> > _______________________________________________
> > List mailing list
> > List@lists.pfsense.org
> > https://lists.pfsense.org/mailman/listinfo/list
> _______________________________________________
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
> _______________________________________________
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
_______________________________________________
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Reply via email to