Any guides on how to setup pfSense purely for IPS/Snort box connected to a Unifi setup?
-
Hi everyone, this is my first pfSense install and I used to always swear by DD-WRT but now am looking to use this Qotom Core i5 Box I just purchased as purely an IPS firewall type device like the Cisco ASA devices to protect my business network that holds patient information.
I have a Unifi USG Pro 4 network set up and to my understand I can have this Qotom box setup with pfSense as a high end IPS firewall right? If I am correct, my setup will be as follows:
Internet -> pfSense IPS firewall -> Unifi USG 4P -> workstations and server
Are there any guides as to how to setup the pfSense this way. I see many guides for setting it up as the router with the Snort IPS package but I am not looking for routing capabilities because I just bought the Unifi setup for that specific purpose. So far I have just installed pfSense onto the Qotom box and nothing else.
-
You can setup pfSense bridged so it doesn't route anything.
https://www.netgate.com/docs/pfsense/interfaces/interface-bridges.htmlIf you don't use pfSense to route the traffic, and the USG is NATing, then you won't have any internal visibility from Snort. No way to see which internal IP is sending bad traffic if you get malware for example.
Steve
