PFsense real implementation



  • Dear all, recently I have explored this open source PFsense and also together Suricata & Snort. Now I am planning to transfer all these to the real server to server environment. With this, would like to check with you all what do I need in place in order for me to monitor various servers in our server farm.

    How do we monitor other servers from one source? an Agent need to be installed? how can i get the agent if needed. Kindly advise and share with me your experience. Thanks


  • Banned

    pfSense is a firewall, not a network monitoring tool.



  • @Grimson:

    pfSense is a firewall, not a network monitoring tool.

    but within it, using the Suricata and Snort to complement it. Does that work?



  • For monitoring servers, I wouldn't start setting up a firewall.
    Create a VM on any of your servers (or even skip that part), and use montoring software.



  • Does anyone got real time experience, please feel free to share how you use PFsense with Suricata and Snort. Thanks



  • You may consider loading onto just one machine for testing and expand from there.

    https://forum.pfsense.org/index.php?topic=61018.0

    That is a helpful tutorial to get you started on setting up Snort on pfSense.



  • Hi may I know how can we do testing (Implementing rules, new codes or configurations) on our local machine and once its ready, how can I duplicate it on the live machine?

    Is there a way we can do backup and restore to the live system? or to patch it?

    Kindly advise.



  • @luke1018:

    Hi may I know how can we do testing (Implementing rules, new codes or configurations) on our local machine and once its ready, how can I duplicate it on the live machine?
    Is there a way we can do backup and restore to the live system? or to patch it?

    Strange.
    The very basic concept of pfSense is that it stores all settings in one file - witch can be backup and restored, even on another machine (if identical network interface names, otherwise you have to setup your NIC's again).
    Patching ? What do you mean ? You are aware of the fact that pfSense lives on github, which means sources are available ?


Log in to reply