Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IDS Bridge Configuration?

    L2/Switching/VLANs
    1
    1
    311
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      boobletins
      last edited by

      For reasons I won't bore you with, I built my home pfSense using a Jetway NF592-Q170 with an i5 and 16 GB of RAM. This motherboard has 8x intel interfaces (1xI219, 7xI211). This box is very capably running Suricata in IPS mode without any packet loss, but I'm interested in learning more about Bro/Zeke and trying some different configurations of pfSense. I would like to continue to run Suricata, and add a configuration similar to the left side of the image here: http://wiki.networksecuritytoolkit.org/images/Nst_quad_tap_networking.png

      Unfortunately I don't have $1500 per segment to spend on TP-CU3s. Nor do I have a high end switch capable of high-quality port spanning as suggested here, here, and here. I'm willing to spend up to a few hundred on a managed switch if that's the best bet, but the SANS ISC guys indicate that port mirroring on consumer grade switches has issues with buffer memory.

      I do have 6 available interfaces on my pfSense box. Would it be possible to:
      Bridge WAN+OPT1 with OPT1 as a span to my Bro/Zeke box? I realize this would be 50% throughput -- 500mbps full duplex. Could I then do the same for LAN?

      Or do I need to burn an interface each time to get the bridge? So Wan+Opt1 = Bridge1, then Bridge1 Spans to Opt2?

      What are the major disadvantages to doing it this way rather than using a switch?

      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.