Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What's the point?

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 4 Posters 637 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JohnSCarter
      last edited by

      Firstly sorry for the somewhat clickbait title but it does sum up what I'm thinking right now.

      pfSense has, in my opinion, a good firewall that can block IPs, ranges, traffic and loads of different protocols. This makes me wonder what's the point in getting an IDPS such as snort or Suricata because don't they basically do the same thing?

      I've watched through tutorials and read a bit into both but they both seem to do the same thing so the question I ask is this: What can an IDPS system do that can't be done with the firewall and what, if any, are the advantages / disadvantages to running them both?

      I also could be misunderstanding something so I apologise if I am.

      John.

      Network security & monitoring enthusiast

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Firewall blocks on source/dest address or port only.  And IDS can scan incoming/outgoing packets for signs of bad stuff and block that.  For example, say you have a web server that you are forwarding to the Internet.  Unknown to you, your web server is vulnerable to 3 different attacks.  A firewall would let the traffic in that would hack your server.  An IDS would stop that by looking inside ever packet for signatures of known badness.  An IDS is like an antivirus for your network.

        1 Reply Last reply Reply Quote 0
        • SammyWooS
          SammyWoo
          last edited by

          People are running IDPS just to be fashionable?

          Firewall is that guy by the head of the security line, checks your passport, valid blah-blah, check your boarding pass, blah-blah let you through.

          IDPS are those guy by the scanning machine who now want to pat you, take out your metals blah-blah.

          Multi-layer security.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Though, for the home user, the time spent installing, configuring, tuning, and maintaining snort would probably be better spent educating the family on what not to do. That will benefit them for life on every network they encounter.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.