Do I really need Snort??
-
How important is Snort in Pfsense? Does PFsense comes as a firewall out of the box? My pfsense box keeps crashing and I keep removing packages. I am down to Snort and OpenVPN. Our most important features are OpenVPN and the proxy server. Right now I cant achieve consistency/stability on this thing and I cant quite understand why?? But to the main question, is Snort that important? so is PFblocker???
thanks
-
How important is Snort in Pfsense? Does PFsense comes as a firewall out of the box? My pfsense box keeps crashing and I keep removing packages. I am down to Snort and OpenVPN. Our most important features are OpenVPN and the proxy server. Right now I cant achieve consistency/stability on this thing and I cant quite understand why?? But to the main question, is Snort that important? so is PFblocker???
thanks
You don't "need" Snort on the box, but many folks find it quite useful to have an integrated IPS (Intrusion Prevention System) as part of pfSense. I have never seen Snort crash a pfSense box to the point of unusability. I have seen the Snort process crash and die, but that has never taken down my pfSense firewall itself.
Can you define "crashing" a bit better? Does pfSense crash to the point only a reboot restores it, or does it stop doing something such as blocking or logging? If you are getting crashes to the point you need to reboot or cycle power, then I am very inclined to believe that would be a hardware issue such as failing hardware or a marginally-supported hardware driver (say the NIC, for example).
Bill
-
How important is Snort in Pfsense? Does PFsense comes as a firewall out of the box? My pfsense box keeps crashing and I keep removing packages. I am down to Snort and OpenVPN. Our most important features are OpenVPN and the proxy server. Right now I cant achieve consistency/stability on this thing and I cant quite understand why?? But to the main question, is Snort that important? so is PFblocker???
thanks
You don't "need" Snort on the box, but many folks find it quite useful to have an integrated IPS (Intrusion Prevention System) as part of pfSense. I have never seen Snort crash a pfSense box to the point of unusability. I have seen the Snort process crash and die, but that has never taken down my pfSense firewall itself.
Can you define "crashing" a bit better? Does pfSense crash to the point only a reboot restores it, or does it stop doing something such as blocking or logging? If you are getting crashes to the point you need to reboot or cycle power, then I am very inclined to believe that would be a hardware issue such as failing hardware or a marginally-supported hardware driver (say the NIC, for example).
Bill
Hi Bill,
Thanks for your response. After 48 days of struggles, I just went back to my simple router. I wanted to love Pfsense but it just didnt work. It was too unstable. Granted I had the 2.1 version because it is what worked for my hardware (which actually was not fancy at all). For some reason the 2.0 version didnt accept my Drives. But I will give you a brief on how I left it. I would not get any error messages. Internet Traffic would just stop moving. I removed packages and rebooted. I went to bare basics. But nothing. I could stop snort and it would come back up. Sooo. thats how i left things. I found Pfsense to be faster than Untangle..free as opposed to Untangle..but in a production environment, I couldnt achieve reliability, something well needed…Thanks again!!!
-
Hi Bill,
Thanks for your response. After 48 days of struggles, I just went back to my simple router. I wanted to love Pfsense but it just didnt work. It was too unstable. Granted I had the 2.1 version because it is what worked for my hardware (which actually was not fancy at all). For some reason the 2.0 version didnt accept my Drives. But I will give you a brief on how I left it. I would not get any error messages. Internet Traffic would just stop moving. I removed packages and rebooted. I went to bare basics. But nothing. I could stop snort and it would come back up. Sooo. thats how i left things. I found Pfsense to be faster than Untangle..free as opposed to Untangle..but in a production environment, I couldnt achieve reliability, something well needed…Thanks again!!!
I really think your chosen hardware may have been the core problem and not pfSense itself. I've found it to be rock-solid stable. The fact you mentioned you had to run 2.1 because of your hardware indicates to me you were on or slightly beyond the bleeding edge of new hardware that pfSense supports. If that is correct, then stability problems would not be unexpected.
I run pfSense on SuperMicro hardware. In my case for home, it's just a simple Atom CPU with 4 GB of RAM and a SATAII hard drive. My particular SuperMicro board has Realtek on-board NICs, but thankfully they are the older series with better support (albeit not outstanding throughput if I had a super high speed connection, but I don't).
So before you totally close the book on pfSense, maybe give it try on firmly supported hardware. There are several suggestions in the Hardware forum here.
Bill