Network Set-up for Snort
-
Good evening all. After the last outbreak of cyber threats I decided to take my home network security to the next level with the install of a pfsense box. I have someone that works from home and we have a pretty robust network. I have diagrammed out the relevant network connections in the attached jpg. What I want to do is monitor traffic and intrusion on my outbound internet port. I use ubiquiti equipment, and I am not wanting to place the firewall right after the modem and before my edgerouter. So what I think i want to do is take port 19 on the switch and turn it into a mirror port of port 1 since port one is the uplink to the router and all traffic passes through. Ii also need to be able to still access the router via the webgui (currently on LAN interface 192.168.1.7) . All the rest of the OPT connections are connected for convenience and who knows what I may do someday, but if they are not needed in the config I will probably disable those interfaces.
So here are my issues/questions to date:
1. Going into ubiquiti router and mirror port 1 to port 19 causes break of communication with webgui on PFsense box.
2. What do I set a mirrored port to in PFSENSE (DHCP, STatic…?)
3. How do I know I am snorting?
4. In the current set-up I cannot get snort to download rules without changing the interface to LAN even though the PFsense box updates.I apologize in advance for the crazy questions. Just would like to see whats happening on my network.
