Can an IDS/IPS be implemented on the 2100 model ?
-
Is it possible to implement the same IDS/IPS on this 2100 model than the one included in the 5100 model ?
If so, how can this be done ?
I cannot afford a bigger Netgate model than 2100 model, but I'm very conscient of IT Security.Thanks
Mike -
Yes you can run Snort or Suricata on the 2100.
The only restriction there is that you cannot usefully use in-line mode because the mvneta NICs are not supported by netmap directly.Steve
-
Thanks @stephenw10, and is that very bad ? How much different is this against upper models ?
I mean, would my PCs be more vulnerable than using an upper model ? -
@lemike What speed is your connection? High speeds will cause more CPU usage on the 2100.
We do have Snort or Suricata running on multiple 2100s at clients so yes it does work. It's probably a bit more useful for open ports like a web server, since a web browser is most likely using HTTPS and the IDS can't see the encrypted traffic.
Inline mode works if the NIC supports it. There is some extra/manual setup. The idea is the packets can get blocked individually in real time, vs. Legacy mode adds a block in the firewall on the IP, that lasts for "n" minutes, but can take a few microseconds to add. I have tried inline, a while back (not on a 2100), had strange problems, and so we only use the default Legacy mode. See Bill's posts in the IDS forum/category for how Inline works.
-
@steveits Hello Steve, I have 40Mbps for download, 3 Mbps for upload.
When you say: Inline mode works if the NIC supports it - Do you mean the NIC on the Netgate appliance ? or local PCs ?Thanks.
-
@lemike 40 Mbit should be fine on the 2100.
re: NIC, the NIC on the 2100 where Snort or Suricata is running.
https://forum.netgate.com/topic/143812/snort-package-4-0-inline-ips-mode-introduction-and-configuration-instructions and other pinned posts in the IDS category.
-
@steveits Great information Steve! I willl take a deep look at it.
Best Regards, and Thank you!
LeMike
