I agree completely with Espen. All your eggs in one basket is a terribly bad idea and a troubleshooting nightmare.
Security Onion in back of pfsense is one idea. You can run Snorby, Snort and additional tools and not overtax pfsense. --- Anastasios Stefos *´αίέν άριστεύειν* On Mon, Sep 29, 2014 at 3:15 PM, Espen Johansen <pfse...@gmail.com> wrote: > Depends on what you want. A splitt design is normaly better and safer then > a all in one box. If you want suricata +snorby and barnyard its not > recommended to run it all on pfsense. There are many deps. that will cause > a security nightmare and you will probably run out of hw resources as well. > OK, thanks, the last please: > > Do you recommend to install an IPS in a Virtual Machine like Vmware > ??? Because we have VMweare for all our servers. > > Regards, > > 2014-09-29 15:39 GMT-03:00 Anastasios Stefos <anastasios.ste...@gmail.com > >: > > Roberto > > > > Here is a good place to start regarding Suricata or Snort. > > > > > http://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/ > > > > > > > > --- > > Anastasios Stefos > > ´αίέν άριστεύειν > > > > On Mon, Sep 29, 2014 at 2:34 PM, Roberto Carna <robertocarn...@gmail.com > > > > wrote: > >> > >> Dear Ivo and people, just three short questions: > >> > >> 1) Using Suricata, can I enable the IPS mode as I can using Snort ??? > >> > >> 2) In IPS mode, do I have to have 3 interfaces in my server ??? > >> > >> 3) The only way to view the IPS blocking events is from into Pfsense > >> or can I use Snorby ??? > >> > >> Thanks again, > >> > >> Roberto > >> > >> Thanks again, > >> > >> Roberto > >> > >> > >> > >> 2014-09-29 14:37 GMT-03:00 Ivo Tonev <i...@tonev.pro.br>: > >> > Use suricata > >> > > >> > On Sep 29, 2014 2:27 PM, "Roberto Carna" <robertocarn...@gmail.com> > >> > wrote: > >> >> > >> >> Dear, I need to know if it's possible to setup Pfsense with Snort to > >> >> get an IPS (Intrusion Prevention System), and in this case what is > the > >> >> graphical interface used to view events and dropped traffic. > >> >> > >> >> Thanks a lot, > >> >> > >> >> Roberto > >> >> _______________________________________________ > >> >> List mailing list > >> >> List@lists.pfsense.org > >> >> https://lists.pfsense.org/mailman/listinfo/list > >> > > >> > > >> > _______________________________________________ > >> > List mailing list > >> > List@lists.pfsense.org > >> > https://lists.pfsense.org/mailman/listinfo/list > >> _______________________________________________ > >> List mailing list > >> List@lists.pfsense.org > >> https://lists.pfsense.org/mailman/listinfo/list > > > > > > > > _______________________________________________ > > List mailing list > > List@lists.pfsense.org > > https://lists.pfsense.org/mailman/listinfo/list > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
