Working with snort

amrogers3 · Aug 1, 2011, 4:43 PM

Hello all,

I plan on utilizing Snort but I am waiting on developers to get the package working. In the meantime, I have a few questions.

I am not sure how Snort works on the pfSense firewall. I plan on using VLANs on my install.

Does pfSense Snort package allow you to monitor each interface? Can you select to individually monitor WAN, LAN, each VLAN? or does it only monitor incoming traffic?

Thanks in advance for the help.

Cino · Aug 1, 2011, 5:53 PM

You can attach Snort to any interface you want. Before it broke, i had my WAN, LAN, WLAN_Guest (This is a VLAN), WAN_3G interfaces bind to it. The more interfaces and rules you enable, the more memory and horsepower it will use.

amrogers3 · Aug 1, 2011, 6:10 PM

@Cino:

You can attach Snort to any interface you want. Before it broke, i had my WAN, LAN, WLAN_Guest (This is a VLAN), WAN_3G interfaces bind to it. The more interfaces and rules you enable, the more memory and horsepower it will use.

Thanks very much for reply Cino. So if I understand correctly, I can specifically designate Snort to analyze traffic only on LAN?

Cino · Aug 1, 2011, 6:25 PM

Yes… You dont have to have it on the WAN...