PFSense as an IDS and how to pass traffic to another firewall
-
I setup a box using PFSense and running Snort as a service. Now I'm trying to determine the most efficient way to pass traffic from my static IP to the firewall that's sitting behind the pfsense IDS. Can anybody give me direction on how to set that up on the pfsense box?
Thanks!
-
I setup a box using PFSense and running Snort as a service. Now I'm trying to determine the most efficient way to pass traffic from my static IP to the firewall that's sitting behind the pfsense IDS. Can anybody give me direction on how to set that up on the pfsense box?
Thanks!
I have not done this but I think you would need a transparent firewall:
http://forum.pfsense.org/index.php?topic=50711.0
-
Now I'm trying to determine the most efficient way to pass traffic from my static IP to the firewall that's sitting behind the pfsense IDS.
You mean you're using a pfsense box to run the Snort IDS and have another system (presumably also pfsense?) to do the packet filtering ? pfsense's main strengths are as a firewall / NAT gateway and VPN concentrator. And while I haven't yet found the time to test the Snort-pkg improvements by bmeeks, until recently pfsense's Snort-package wasn't "production-ready".
If you need/want a single-purpose machine to run IDS, then I would suggest to simply run Snort on a dedicated (typically Linux) box. Btw putting the IDS on the WAN before the fw will pick up lot of "noise".