Ivo, I want to locate the IPS between the router and the corporative firewall, so I think to use bridge mode....is correct???
2014-09-29 16:34 GMT-03:00 Ivo Tonev <i...@tonev.pro.br>: > I recomend to use in "router mode". > > On Sep 29, 2014 4:29 PM, "Roberto Carna" <robertocarn...@gmail.com> wrote: >> >> Ok, and do you recommend to setup the Pfsense WAN and LAN interfaces >> in bridge mode with firewall rules enabled ??? >> >> Really thanks, >> >> Roberto >> >> >> >> 2014-09-29 16:15 GMT-03:00 Espen Johansen <pfse...@gmail.com>: >> > Depends on what you want. A splitt design is normaly better and safer >> > then a >> > all in one box. If you want suricata +snorby and barnyard its not >> > recommended to run it all on pfsense. There are many deps. that will >> > cause a >> > security nightmare and you will probably run out of hw resources as >> > well. >> > >> > OK, thanks, the last please: >> > >> > Do you recommend to install an IPS in a Virtual Machine like Vmware >> > ??? Because we have VMweare for all our servers. >> > >> > Regards, >> > >> > 2014-09-29 15:39 GMT-03:00 Anastasios Stefos >> > <anastasios.ste...@gmail.com>: >> >> Roberto >> >> >> >> Here is a good place to start regarding Suricata or Snort. >> >> >> >> >> >> >> >> http://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/ >> >> >> >> >> >> >> >> --- >> >> Anastasios Stefos >> >> ´αίέν άριστεύειν >> >> >> >> On Mon, Sep 29, 2014 at 2:34 PM, Roberto Carna >> >> <robertocarn...@gmail.com> >> >> wrote: >> >>> >> >>> Dear Ivo and people, just three short questions: >> >>> >> >>> 1) Using Suricata, can I enable the IPS mode as I can using Snort ??? >> >>> >> >>> 2) In IPS mode, do I have to have 3 interfaces in my server ??? >> >>> >> >>> 3) The only way to view the IPS blocking events is from into Pfsense >> >>> or can I use Snorby ??? >> >>> >> >>> Thanks again, >> >>> >> >>> Roberto >> >>> >> >>> Thanks again, >> >>> >> >>> Roberto >> >>> >> >>> >> >>> >> >>> 2014-09-29 14:37 GMT-03:00 Ivo Tonev <i...@tonev.pro.br>: >> >>> > Use suricata >> >>> > >> >>> > On Sep 29, 2014 2:27 PM, "Roberto Carna" <robertocarn...@gmail.com> >> >>> > wrote: >> >>> >> >> >>> >> Dear, I need to know if it's possible to setup Pfsense with Snort >> >>> >> to >> >>> >> get an IPS (Intrusion Prevention System), and in this case what is >> >>> >> the >> >>> >> graphical interface used to view events and dropped traffic. >> >>> >> >> >>> >> Thanks a lot, >> >>> >> >> >>> >> Roberto >> >>> >> _______________________________________________ >> >>> >> List mailing list >> >>> >> List@lists.pfsense.org >> >>> >> https://lists.pfsense.org/mailman/listinfo/list >> >>> > >> >>> > >> >>> > _______________________________________________ >> >>> > List mailing list >> >>> > List@lists.pfsense.org >> >>> > https://lists.pfsense.org/mailman/listinfo/list >> >>> _______________________________________________ >> >>> List mailing list >> >>> List@lists.pfsense.org >> >>> https://lists.pfsense.org/mailman/listinfo/list >> >> >> >> >> >> >> >> _______________________________________________ >> >> List mailing list >> >> List@lists.pfsense.org >> >> https://lists.pfsense.org/mailman/listinfo/list >> > _______________________________________________ >> > List mailing list >> > List@lists.pfsense.org >> > https://lists.pfsense.org/mailman/listinfo/list >> > >> > _______________________________________________ >> > List mailing list >> > List@lists.pfsense.org >> > https://lists.pfsense.org/mailman/listinfo/list >> _______________________________________________ >> List mailing list >> List@lists.pfsense.org >> https://lists.pfsense.org/mailman/listinfo/list > > > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
