Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort on LAN (beginner)

    IDS/IPS
    2
    2
    929
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RickTosch last edited by

      Good day,

      Snort on LAN and not WAN?
      I found this question being asked several times on this forum and general consensus was "go with Snort on LAN if using NAT".
      PLEASE FORGIVE me for bringing this up yet one more time. I am trying to wrap my head around this and by creating a silly post obviously having issue with that.
      In layman's terms, my understanding is that I want to block the bad guys' attempts to compromise network (DDOS for example) on the WAN part of the firewall, before getting to LAN.
      So Why LAN?
      Am I misunderstanding IPS completely? or above is the firewall's job?

      My home network is very simple:

      PCs
        |
      LAN (172.16.0.0)
        |
      pfSense
        |
      WAN (192.168.0.0)
        |
      ISP Router
        |
      Internet

      I have double NAT going on, maybe this is where I am getting confused.
      Thank you very much!

      1 Reply Last reply Reply Quote 0
      • F
        fsansfil last edited by

        You kinda always need a firewall in front/inline.
        Otherwise you would be processing malicious packets sent against your IDS
        or jsut processing useless packets that a firewall could have drop faster.

        To block ports,ip,protocol = firewall
        To block domains,url,user agent = proxy
        To block patterns, evasion/obfuscation kunfu, malware, deep packet inspection with complex regex = IDS

        F.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post