Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can the 2100 run snort and pfblocker?

    Scheduled Pinned Locked Moved
    Official Netgate® Hardware
    4
    4
    746
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jose24576
      last edited by

      Can the netgate 2100 run snort and pfblocker for a typical home network? Or does this hardware not have enough resources?

      R S 2 Replies Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @jose24576
        last edited by

        @jose24576 Yes however for the logging part of snort you will want to make sure you are using an SSD for your boot device.

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        1 Reply Last reply Reply Quote 0
        • S
          SteveITS Rebel Alliance @jose24576
          last edited by

          @jose24576 It can depend on your Internet speed. Mine can get at least to 340 Mbps (my ISP limited speed) with Snort, with the few rulesets I had enabled, but I would not expect to get anywhere near 1 Gbps.

          On a home network you probably need way fewer rules, for instance you're probably not running a web or mail server. And note that Snort can't inspect encrypted packets. So for my home I was only blocking (and therefore, logging) a couple packets per week, and ended up just disabling Snort the other day. Our office and data center of course log way more blocks.

          The 2100 has enough RAM (4GB) to use a RAM disk, though you'll want to ensure you have enough space that the Snort and pfBlocker logs don't fill it up. I believe I have mine set to 256M for /tmp and 512M for /var and have plenty of space. The RAM disk only uses up memory that it's actually using.

          pfBlocker can use a chunk of RAM depending on how many feeds are loaded, using DNSBL, etc. Plenty of free RAM on mine how I have it set up.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by stephenw10

            Yeah, I would not recommend using RAM disks with Snort/Suricata. It can be made to work but they do not expect to see RAM disks.
            4GB is enough to run Snort/Suricata and pfBlocker. Though, as stated, it will reduce the maximum throughput.

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post