PFSENSE as a router with IDS.

eckman

Hello all,
This is a question that I am not sure where to put so I'll ask it here. Can I use pfsense as a router with snort inline, and disable the firewall. Basically I want an easy to put together IDS. Let me know if this is possible or if I would need the firewall settings in place or not. The network already has a firewall on the outside, and I wanted to add an IDS on the inside to filter out anything that might have slipped through. Let me know what you think
Thanks
Eckman

Guest

This will be essentially useless in this particular case.  The snort package for pfSense is intended to work with the firewall to block traffic which causes alerts.  You would be much better served to simply install your own box with snort.

eckman

Yeah, I did some further research on the topic, and found out the same. I am trying to find a good walk through on installing snort inline. The ones I found are older, and not at all straight forward. I found a network design I was going to implement to test with which included the use of two honeywall boxes, a router and a firewall distro. I couldn't get it to work. So basically I am trying to see what I can do in the time I had, and I was hoping that pfsense might work.
Thanks
Eckman